Description
Monitors keystrokes and periodically exfiltrates them back to the C2 server.
Overview
This script monitors keystrokes and then periodically exfiltrates them back to the C2 server. The timing is defined by an interval and jitter to make the exfil less detectable. The timing can be changed by modifying the interval and jitter variables at the top of the script.
WARNING: This script is designed to be run in the background as it would block the foreground until it completes.
Arguments
| Parameter | Type | Description |
|---|---|---|
| Duration | TimeSpan | The length of time to capture keystrokes. |
| Interval | TimeSpan | The minimum time until the callback window in dd:hh:mm:ss or hh:mm:ss format. |
| Window | TimeSpan | The length of the callback window in dd:hh:mm:ss or hh:mm:ss format. |
Example Output
The expected output is a set of exfiltrated keylogger files located in the artifacts tab.
Filename Size
-------- ----
keystrokes2023-01-29-11-29-02.txt 220
The conents of the exfiltrated keystrokes.
www.xkcd.com[Enter][Ctrl]a[Shift]i[Space]wonder[Space]if[Space]it[Space]will[Space]capture[Space]this[Enter][Enter]buscoman[Enter][Enter]1qaz[Shift]1qazkey[Back][Back][Back][Ctrl]a[Shift]get-[Shift]captured[Shift]keys[Shift]get-[Shift]captured[Shift]keys