User Controls
Ok guys i think phase one of my ransomware development is complete.
-
2016-08-12 at 8:56 AM UTCHave it randomly select a "mode" from a list so all kinds of scary groups can use fear to motivate the target. ISIS has Taken over your computer, pay 10 BTC to Al-Baghdadi in 7 days you filthy infidel!, Yarr yer landlubbin data chest has been seized by my swashbuckling crew of bandits. Pay us 10 BTC, or gold dubloons to get a map with an X leading to your data YAR HAR HAR!. An ASCII skull and crossbones would be pretty fucking spooky.
-
2016-08-12 at 2:01 PM UTC
Have it randomly select a "mode" from a list so all kinds of scary groups can use fear to motivate the target. ISIS has Taken over your computer, pay 10 BTC to Al-Baghdadi in 7 days you filthy infidel!, Yarr yer landlubbin data chest has been seized by my swashbuckling crew of bandits. Pay us 10 BTC, or gold dubloons to get a map with an X leading to your data YAR HAR HAR!. An ASCII skull and crossbones would be pretty fucking spooky.
Petya did it first. -
2016-09-20 at 8:59 AM UTC[size=7]Update, please read OP[/size]
-
2016-09-20 at 12:54 PM UTCNice use of psutils, definitely easier to reason about than dd. Question though: is there any difference in that code between the 'linux-root' and 'win32-admin' branches? It looks like it's doing the same thing either way. Also, if the i is inside the list-comp, then I don't think it'll be in scope of the disk.write call later unless Im missing something?
-
2016-09-20 at 1:34 PM UTC
Nice use of psutils, definitely easier to reason about than dd. Question though: is there any difference in that code between the 'linux-root' and 'win32-admin' branches?
It looks like it's doing the same thing either way.
No, and yeah it does do the same, i am still thinking about an implementation for this on OSX as well.Also, if the i is inside the list-comp, then I don't think it'll be in scope of the disk.write call later unless Im missing something?
It could very well be out of scope, this code is untested. Also, if you have any ideas or improvements feel free to hammer out some code. -
2016-09-22 at 9:06 AM UTCI'm now thinking if I can use this to attack some SJWs. How do you test this stuff? My first thought is to run it in a VM and see what happens. I've got some linux and windows xp images lying around for stuff like this.
Also +1 for OSX version. A lot of fuckers are running OSX, should def. be able to target them. -
2016-09-22 at 9:29 AM UTCBuddy from another forum suggested something more akin to this to iterate over 'ransom' to get to get the proper hex value to write to disk.
s = "somestring"
for i in xrange(0, len(s), 2):
hex = s[i:i+2]
print hex
[greentext]>I'm now thinking if I can use this to attack some SJWs. How do you test this stuff? My first thought is to run it in a VM and see what happens. I've got some linux and windows xp images lying around for stuff like this.[/greentext]
Get VMware, and a kali image, this should come with the python interpreter as well, compile the bootlocker with NASM to boot.bin with this command:
nasm boot.asm -f bin -o boot.bin
Then drop boot.bin in the home directory in your kali image, /home/whatever, save the encrypting module as cypher.py in the same directory, open the terminal and type:
python cypher.py
If you get any error messages post them here. If you don't, go get a cup of coffee, then restart your vm. SUDO has no password in kali, so if all went well the bootsector should now be nuked. If that didn't happen open your terminal and type this:
find / -name *.crypt
If it spits out a bunch of dot crypt files the ransomware has encrypted your shit. You can do this in reverse as well, first check if there are dot crypt files then restart to see if your bootsector was nuked.
-
2016-09-22 at 11:10 PM UTCsteal c p than shred all files than sell c p 4 profit
-
2016-09-23 at 12:13 AM UTC
steal c p than shred all files than sell c p 4 profit
I got enough CP, no need to steal any. Selling will bring too much heat though so no thanks.
