Keylogger Background Exfil

Description

Monitors keystrokes and periodically exfiltrates them back to the C2 server.

Overview

This script monitors keystrokes and then periodically exfiltrates them back to the C2 server. The timing is defined by an interval and jitter to make the exfil less detectable. The timing can be changed by modifying the interval and jitter variables at the top of the script.

WARNING: This script is designed to be run in the background as it would block the foreground until it completes.

Arguments

Parameter Type Description
Duration TimeSpan The length of time to capture keystrokes.
Interval TimeSpan The minimum time until the callback window in dd:hh:mm:ss or hh:mm:ss format.
Window TimeSpan The length of the callback window in dd:hh:mm:ss or hh:mm:ss format.

Example Output

The expected output is a set of exfiltrated keylogger files located in the artifacts tab.

Filename                          Size
--------                          ----
keystrokes2023-01-29-11-29-02.txt  220

The conents of the exfiltrated keystrokes.

www.xkcd.com[Enter][Ctrl]a[Shift]i[Space]wonder[Space]if[Space]it[Space]will[Space]capture[Space]this[Enter][Enter]buscoman[Enter][Enter]1qaz[Shift]1qazkey[Back][Back][Back][Ctrl]a[Shift]get-[Shift]captured[Shift]keys[Shift]get-[Shift]captured[Shift]keys
Scroll to Top