Hallo leute hab hier mal wieder source code für euch. Schaut es euch einfach mal an
Würde mich über Antworten hier freuen
Viel spass damit
Du bist nicht angemeldet und hast somit nur einen sehr eingeschränkten Zugriff auf die Features unserer Community.
Um vollen Zugriff zu erlangen musst du dir einen Account erstellen. Der Vorgang sollte nicht länger als 1 Minute dauern.
Thanked by 6 Members:
|
|
Ich weiss dass die meisten sachen auf GitHub sind,@
aber ich finde dass die auch noch sehr interessant sind.FatalityMods
Und nun zur kurzen beschreibung von CryptoTrooper. hab ich von gitHub Kopiert.
CryptoTrooper
CryptoTrooper is the world's first Linux white-box ransomware for learning purpose
It requires :
Debian-based 64-bit OS with root - mostly used nowadays
Apache/Nginx - for Web service encryption and for changing the main page
MySQL/PostgreSQL - for database encryption
/root and /home - for personal data encryption
How it works :
Infection - the victim's server is exploited and infected somehow, gaining root privileges
Encryption - the ransomware generates a unique symmetric encryption key and encrypts the data
White-box - the white-box cipher uses the one-way white-boxed key and encrypts the key used for data encryption
Decryption - the victim sends to the attacker the white-box encrypted key and its initialization vector (IV), this key is decrypted by the attacker with its IV and the master key used to generate the white-box key, the true key is sent to the victim
Pros :
NO INTERNET CONNECTION IS REQUIRED AFTER INFECTION (since it doesn't uses public-key cryptography at all or any C&C)
Key-extraction protection
AES only
Anti-forensic
Random key generation
Radom IV
Cons :
Chowns white-box construction is broken (not the implementation, but the algorithm itself), thus the ransomware presents ABSOLUTELY NO THREAT AND NO INTEREST FOR MALICIOUS PURPOSE
CBC mode isn't the best-one for random data and not the fastest
128-bit key-length should be longer
The same key is used for every file
The same hardcoded white-box key is used for every execution
No code obfuscation (except white-box)
Purposes :
Learn ransomware's implementations and concepts, in order to defeat it
Practice reverse engineering
Be prepared for new and advanced threats
Demonstrate the ransomware's power and potential
##How to
Prepare environment
apt-get install apache2 nginx-common mysql-server postgresql
Prepare ransomware
cd /
mv $CRYPTOTROOPER_SOURCE_DIRECTORY/* .
*Encrypt*
```bash
/cipher.sh &
It will encrypt the data with AES-128-CBC with a randomly generated key and a random IV for each file
Than it will use white-box to one-way encrypt this key and will generate key.enc and key.iv
The victim now has to send both files to the attacker
If you visit the local Website, you will notice the message
firefox localhost &
After payment
mv key.enc key.iv $YOUR_DIRECTORY
./whiteDecipher.sh
It will decrypt the victim's key that you may send to it
Decrypt
mv key /
/decipher.sh
Everything should get back to as it was
###Notes
Encryption isn't just encoding, but mathematical encoding
White-box encryption isn't just obfuscation, but mathematical obfuscation
The only way to defeat evil is to become its master
"Research is to see what everybody else has seen, and to think what nobody else has thought."
Albert Szent-Gyorgyi
Thema | Forum | Themenstarter | Statistik | Letzter Beitrag |
---|