Active Development: Cypher Ransomware.
#11
(12-08-2016, 06:36 PM)NO-OP Wrote:
(12-08-2016, 04:33 PM)Vector Wrote: Are you using the 3.x interpreter? That could be a problem. This project is written in 2.7, anyway, i am being retarded, i'll just update to append. Also sure, i will push what i have to github, feel free to work on it as you see fit. Remember, it's Django and python 2.7.

CNC Files are live on github. Check them out if you'd like to contribute. Also i am still not sure how i will restore the MBR grabbing a copy seems viable.

If your code fails on v3.x I would consider either having a comment in the code or some version detection that will exit the script with an error less vague than the v3.x error "AttributeError: 'list' object has no attribute 'push'"

Right that might be a good idea i'll put it on my ever expanding to do list Tongue
Reply
#12
(12-08-2016, 06:40 PM)Vector Wrote:
(12-08-2016, 06:36 PM)NO-OP Wrote:
(12-08-2016, 04:33 PM)Vector Wrote: Are you using the 3.x interpreter? That could be a problem. This project is written in 2.7, anyway, i am being retarded, i'll just update to append. Also sure, i will push what i have to github, feel free to work on it as you see fit. Remember, it's Django and python 2.7.

CNC Files are live on github. Check them out if you'd like to contribute. Also i am still not sure how i will restore the MBR grabbing a copy seems viable.

If your code fails on v3.x I would consider either having a comment in the code or some version detection that will exit the script with an error less vague than the v3.x error "AttributeError: 'list' object has no attribute 'push'"

Right that might be a good idea i'll put it on my ever expanding to do list Tongue

I would seriously consider making a Trello.com account and adding your items to a ToDo list. Sometimes I keep things in my head, notepad, or txt file but Trello is a great hybrid of all of these things. It's a mix between project management and being solo super great.
Reply
#13
(12-08-2016, 09:13 PM)NO-OP Wrote:
(12-08-2016, 06:40 PM)Vector Wrote:
(12-08-2016, 06:36 PM)NO-OP Wrote:
(12-08-2016, 04:33 PM)Vector Wrote: Are you using the 3.x interpreter? That could be a problem. This project is written in 2.7, anyway, i am being retarded, i'll just update to append. Also sure, i will push what i have to github, feel free to work on it as you see fit. Remember, it's Django and python 2.7.

CNC Files are live on github. Check them out if you'd like to contribute. Also i am still not sure how i will restore the MBR grabbing a copy seems viable.

If your code fails on v3.x I would consider either having a comment in the code or some version detection that will exit the script with an error less vague than the v3.x error "AttributeError: 'list' object has no attribute 'push'"

Right that might be a good idea i'll put it on my ever expanding to do list Tongue

I would seriously consider making a Trello.com account and adding your items to a ToDo list.  Sometimes I keep things in my head, notepad, or txt file but Trello is a great hybrid of all of these things.  It's a mix between project management and being solo super great.

Oh that's pretty interesting, might be a good idea as well, i am not bad at remembering things but my brain is far too chaotic to set concrete goals and accomplish them by X deadline.
Reply
#14
(12-08-2016, 04:33 PM)Vector Wrote:
(12-08-2016, 03:53 AM)StickFigure Wrote:
(12-07-2016, 05:17 PM)Vector Wrote:
Code:
files_to_dec = []

Array, there is nothing to append to. Maybe, it could be this has something to do with the fact that i am selecting files by comparing them to a string instead of a tuple, like in the encryption module. Anyway, if you could post the error message if it's not too much trouble, i'll have a look.

There's no issue with the comparison, it just doesn't like the push method. Weird man, everything I've read says there is no push.
https://stackoverflow.com/questions/1566...d-not-push
https://docs.python.org/2/library/array.html
Code:
Python 3.5.2 (default, Jun 28 2016, 08:46:01)
[GCC 6.1.1 20160602] on linux
>>> arr = []
>>> arr.push('foo')
Traceback (most recent call last):
 File "<stdin>", line 1, in <module>
AttributeError: 'list' object has no attribute 'push'

Also unless you plan on banging it all out in one go you should post the web server/app code. I would tinker with it at least.

Also also, how do you plan on restoring the MBR? That whole business is a bit beyond my scope, interested nonetheless. Would you have to copy the current MBR somewhere else first? Or is it universal enough that you could put on a new one from scratch?

Are you using the 3.x interpreter? That could be a problem. This project is written in 2.7, anyway, i am being retarded, i'll just update to append. Also sure, i will push what i have to github, feel free to work on it as you see fit. Remember, it's Django and python 2.7.

CNC Files are live on github. Check them out if you'd like to contribute. Also i am still not sure how i will restore the MBR grabbing a copy seems viable.

(12-08-2016, 06:36 PM)NO-OP Wrote:
(12-08-2016, 04:33 PM)Vector Wrote: Are you using the 3.x interpreter? That could be a problem. This project is written in 2.7, anyway, i am being retarded, i'll just update to append. Also sure, i will push what i have to github, feel free to work on it as you see fit. Remember, it's Django and python 2.7.

CNC Files are live on github. Check them out if you'd like to contribute. Also i am still not sure how i will restore the MBR grabbing a copy seems viable.

If your code fails on v3.x I would consider either having a comment in the code or some version detection that will exit the script with an error less vague than the v3.x error "AttributeError: 'list' object has no attribute 'push'"

No man same deal on 2.7, very strange
Code:
Python 2.7.12 (default, Jun 28 2016, 08:31:05)
[GCC 6.1.1 20160602] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> arr = []
>>> arr.push('fuck')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'list' object has no attribute 'push'

Anyway for specifying a particular python version use:
Code:
#!/usr/bin/env python2.7

Which will look to your $PATH variable for python2.7 or whatever you put there. Checking for the correct version is a bit overkill.
Reply
#15
Small update pushed to the main encryption module in preparation of SMTP -> HTTP.
Reply
#16
Ransomware seems like the most boring type of malware to me. Why would you bother writing such a thing and making it publicly available? Seems like a good way to get yourself into trouble if someone actually uses it for bad stuff. All it does is encrypt files and demand payment which seems boring from a technical perspective.

If you are going to write malware, for fun, might as well go big like polymorphic/metamorphic executable packer, rootkit with patchguard bypass, or bootkit with custom TCP/IP stack and peer to peer infrastructure, or something like that.. Something interesting for people, good and bad, to analyze.
Reply
#17
(12-14-2016, 09:02 PM)torfuscator Wrote: Ransomware seems like the most boring type of malware to me. Why would you bother writing such a thing and making it publicly available? Seems like a good way to get yourself into trouble if someone actually uses it for bad stuff. All it does is encrypt files and demand payment which seems boring from a technical perspective.

If you are going to write malware, for fun, might as well go big like polymorphic/metamorphic executable packer, rootkit with patchguard bypass, or bootkit with custom TCP/IP stack and peer to peer infrastructure, or something like that.. Something interesting for people, good and bad, to analyze.

I will respectfully disagree, i don't think this is boring to work on. With regards to the more complex and what you would consider more interesting malware i do intend work on more sophisticated projects in the future. Currently i will be focusing on finishing up this project.
Reply
#18
(12-14-2016, 09:36 PM)Vector Wrote:
(12-14-2016, 09:02 PM)torfuscator Wrote: Ransomware seems like the most boring type of malware to me. Why would you bother writing such a thing and making it publicly available? Seems like a good way to get yourself into trouble if someone actually uses it for bad stuff. All it does is encrypt files and demand payment which seems boring from a technical perspective.

If you are going to write malware, for fun, might as well go big like polymorphic/metamorphic executable packer, rootkit with patchguard bypass, or bootkit with custom TCP/IP stack and peer to peer infrastructure, or something like that.. Something interesting for people, good and bad, to analyze.

I will respectfully disagree, i don't think this is boring to work on. With regards to the more complex and what you would consider more interesting malware i do intend work on more sophisticated projects in the future. Currently i will be focusing on finishing up this project.

I also find it quite interesting and more achievable to make than
the project you mentioned.
Nevertheless, I have to say I'm "new to this scene" and what I
find astonishing and fascinating might be too easy for someone
who have been programming malware for a while.
Reply
#19
Quote:I will respectfully disagree, i don't think this is boring to work on. With regards to the more complex and what you would consider more interesting malware i do intend work on more sophisticated projects in the future. Currently i will be focusing on finishing up this project.

I recommend learning reverse engineering and reverse engineering others malware before writing your own. The process of learning reverse engineering and malware analysis will teach you more about malware than writing it would as a beginner at least.

To learn this I recommend
-Learning C programming language
-Learning x86 assembly language
-Reading Data Structures Programming Book
-Reading Modern Operating Systems by Tanenbaum
-Reading Structured Computer Organization By Tanenbaum
-Reading Practical Malware Analysis Book
-Reading Windows Internals Books
-Reading IDA Pro Book
-Reading Intel Manuals
-Learning PE file format
-Learning how to exploit memory corruption vulnerabilities (i.e. read corelan tutorials)
-Learning Windows Device Driver Programming

To find malware to reverse engineer I recommend not reverse engineering the crap you find posted on most forums and instead look for more professional pieces of malware which are written by more experienced groups of criminals. Others have posted threads with this kind of info and even downloads links to the books on other threads on this forum.

You can find binary samples of this type of malware on many sites where people reverse engineer malware.

Many security companies post detailed analysis of a lot of different types of malware and reading their analysis will teach you more about malware than *most* forums will.

Outside of that common sense and a spark of innovation are essential.
Reply
#20
(12-24-2016, 08:21 PM)M8lc0d3 Wrote:
Quote:I will respectfully disagree, i don't think this is boring to work on. With regards to the more complex and what you would consider more interesting malware i do intend work on more sophisticated projects in the future. Currently i will be focusing on finishing up this project.

I recommend learning reverse engineering and reverse engineering others malware before writing your own. The process of learning reverse engineering and malware analysis will teach you more about malware than writing it would as a beginner at least.  

To learn this I recommend
-Learning C programming language
-Learning x86 assembly language
-Reading Data Structures Programming Book
-Reading Modern Operating Systems by Tanenbaum
-Reading Structured Computer Organization By Tanenbaum
-Reading Practical Malware Analysis Book
-Reading Windows Internals Books
-Reading IDA Pro Book
-Reading Intel Manuals
-Learning PE file format
-Learning how to exploit memory corruption vulnerabilities (i.e. read corelan tutorials)
-Learning Windows Device Driver Programming

To find malware to reverse engineer I recommend not reverse engineering the crap you find posted on most forums and instead look for more professional pieces of malware which are written by more experienced groups of criminals. Others have posted threads with this kind of info and even downloads links to the books on other threads on this forum.

You can find binary samples of this type of malware on many sites where people reverse engineer malware.

Many security companies post detailed analysis of a lot of different types of malware and reading their analysis will teach you more about malware than *most* forums will.

Outside of that common sense and a spark of innovation are essential.

Thank you for your input. I do have the book practical malware analysis and i certianly intend to expand my knowledge in this field.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Welcome to the GS Development section. Apply here to join the Dev Team! Vector 20 28,976 07-16-2020, 08:36 PM
Last Post: Vector
  Mimir - OSINT Threat Intel Interface. (Active Dev - Assistance Requested) Vector 3 7,153 05-04-2017, 07:18 AM
Last Post: Vector