Skip to content

9aylas/S3X-B3B4S-ransomware-decryption

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
01.png
01.png
 
 
02.png
02.png
 
 
03.png
03.png
 
 
04.png
04.png
 
 
README.md
README.md
 
 
crypt.php
crypt.php
 
 
crypt_decoded.php
crypt_decoded.php
 
 

Repository files navigation

S3X-B3B4S-file-decryption

A way to scriptkiddie ransomware decryption.

Checking my Honeypot

I found skids playing with some public exploits in my area.

While checking the web directory i found all files with a ".crypt" extension, wow is this a ransomware attack, are my files really got crypted ? noo bruh its just another very bad/ugly attack coming from a group of kids lol.

crypt.php

extension

Inside the code :

  • The skids are only using a simple base64 to their code, why tf lol? well ok continue ... lol

  • Ook now stop, its a compression, they even don't know what is a real encryption algorithm ... lol

  • Mission accomplished : i won 0,001% of fun & waste of time.

Decryption using php

$decrypted = gzinflate(file_get_contents("file.ext.crypt"));

Decryption using python

import zlib
data = open("file.ext.crypt", "rb").read()
decoded = zlib.decompress(data, -zlib.MAX_WBITS)
print(decoded)

About

A way to scriptkiddie ransomware decryption.

Topics

php decompression ransomware web-hacking skids php-encode lamernews php-ransomware scriptkiddie

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Languages