Skip to content

Instantly share code, notes, and snippets.

@Demonslay335
Demonslay335 / sporachecker.py
Last active March 10, 2017 22:16
Checks for files encrypted by Spora
"""
Spora Encryption Checker
Author: @demonslay335
"""
import sys
import zlib
import struct
import os
@Demonslay335
Demonslay335 / btcware_config.py
Last active January 17, 2018 17:33
Extract BTCWare ransomware config
"""
Extract BTCWare Ransomware Config
Author: @demonslay335
"""
import sys
import string
import re
import os
import argparse
@Demonslay335
Demonslay335 / globeimposter_config.py
Last active January 16, 2023 14:49
Extract GlobeImposter ransomware config
"""
Extract GlobeImposter 2.0 Ransomware Config
Author: @demonslay335
"""
import os
import sys
import binascii
import re
import hashlib
@Demonslay335
Demonslay335 / rotbuster.ps1
Created February 16, 2018 19:30
Rot Buster
# Credit: https://twitter.com/Lee_Holmes/status/964576204425580544
param([string]$a)
0..25 | % { [PSCustomObject] @{
Offset = $_
Value = & {
param($v, $o) -join ($v.ToCharArray() | % {
[char](((([int][char]$_) - ([int][char]'a') + $o) % 26) + ([int][char]'a'))
})
} $a $_
"""
Extract Rapid 2.0 ransomware config from encrypter or decrypter
Author: @demonslay335
"""
import os, sys, string, re, binascii, base64, argparse
# https://stackoverflow.com/a/17197027/1301139
def strings(filename, min=4, max=10000):
with open(filename, "rb") as f: # Python 2.x
@Demonslay335
Demonslay335 / QueryQNAPUpdate.ps1
Created September 20, 2018 21:33
Query a QNAP for any available updates using the API (PowerShell 5)
# Ignore self-certs
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
@Demonslay335
Demonslay335 / QueryQNAPUpdate-PS2.ps1
Created September 20, 2018 21:33
Query a QNAP for any available updates using the API (PowerShell 2)
# Ignore self-certs
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
@Demonslay335
Demonslay335 / peplink_ipsec.py
Created October 17, 2018 17:01
Get status of IPsec VPN tunnels on Peplink Balance
@Demonslay335
Demonslay335 / calculate_rsa.cs
Last active December 17, 2018 18:49
Generate private RSA key from factored primes
using System;
using Org.BouncyCastle.Math;
public BigInteger CalculateRSA(BigInteger p, BigInteger q, BigInteger e)
{
// n = p*q - for illustration
BigInteger n = p.Multiply(q);
// phi / r = (p-1)*(q-1)
BigInteger phi = p.Subtract(BigInteger.One).Multiply(q.Subtract(BigInteger.One));
@Demonslay335
Demonslay335 / jemd_keygen.py
Created December 19, 2018 04:22
Keygen for Jemd Ransomware
import os, sys, argparse
# Charset used by Jemd ransomware
charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
# https://en.wikipedia.org/wiki/Linear_congruential_generator
def lcg(modulus, a, c, seed):
while True:
seed = (a * seed + c) % modulus
yield seed