Create your Python Malware lab: https://ntck.co/linode (you get a $100 Credit good for 60 days as a new user!)
We are going to write our very own malware in Python!! It’s actually scary easy to do and it will give you a peek behind the curtain of how bad actors create these malicious programs. NetworkChuck will walk you through every step of how to create a ransomware program in Python using the cryptography library in Python called Fernet. He’ll then show you how to download a malware playground, a malware showcase of malicious python scripts you can play with.
🧪🧪Links and Walkthrough: https://ntck.co/321
🔥🔥Join the NetworkChuck Academy!: https://ntck.co/NCAcademy
**Sponsored by Linode
0:00 ⏩ Intro
0:45 ⏩ What do you need?
0:56 ⏩ Our sponsor is awesome
2:06 ⏩ STEP 1 – the setup
2:20 ⏩ What is Ransomware?
3:52 ⏩ STEP 2 – Creating our ransomware script
14:39 ⏩ STEP 3 – Writing the ransomware decryption script
21:37 ⏩ Downloading a malware playground
Are you ready to play with some malware malware? Who gotta be careful? Cuz in this video we are talking about dangerous things, malware or malicious software and disclaimer, this is for educational purposes only. Sure. Learn it, play with it. Go crazy with it, but never use it for malicious purposes. And this video, we’re doing two things first. We’re gonna write our very own ransomware in Python. Yeah. And it’s awesome. I can’t wait to show you. And also it’s kind of scary how easy it is. Like really scary. Don’t don’t worry. You’ll see. And then second, we’re actually gonna download a malware library. It’s literally a bunch of malware that we can play with. It’s written in Python. We can do things like worms and Trojans and spyware, adware, all kinds of stuff. So get your coffee ready? Let’s do this now. Before we dive into this craziness, what do you need first?
You’ll need a Linnux computer or a Linux server. And preferably one, you feel comfortable blowing up like oblating it. Cuz you’re gonna be installing malware and running it. Now the good news is that this is crazy easy. Thanks to our sponsor. Ode. Let me show you real quick. I’m gonna set up my Linnux box right now. I’ll navigate out to Le node.com/network. Chuck link below. Now here in Le node. I’m gonna set up my Linnux server in the cloud and it’s only gonna cost me one penny per hour, like legit. That’s it one penny. And it’s crazy easy to set up. So first of all, get signed up. If you don’t already have an account and by the way, if you’re new, you get a hundred dollars credit for the first 60 days, which means this’ll be free for you and watch how fast this is.
Create Le node, our image we’re gonna do Ubuntu 2204 region, something close to me. Plan shared CPU Le node one gigabyte, name it password, and create. So right now I have a Linux computer that is baking in the cloud. It’s gonna be delicious. And while I’m destroying it with malware again, it’ll cost me one penny per hour. And once I’m done, I’ll just go over here and delete it. I love how simple this is. This is why I use Linode for my labs. And also my business. Look at all these Lin nodes I have in my business right now. It’s kind of stupid. How many I have. So back to our list, a Linux computer is easy with ode, but if you already have a Lenux based computer that you’re willing to destroy and, and blow up. Use that one. That’s fine. That’ll work too.
And the second thing you’ll need is you need coffee, everything in it requires coffee, Eric, check.coffee. Okay. Step one. Let’s access our Lenux box here in ode. I’m just gonna copy my SSH root command here. Fire up, command, prompt here and windows it’ll be terminal and Mac or Linux paste. That command accept all fingerprints, put in my password and we’re in. So our first task is we’re actually going to write some ransomware and Python. Now this is gonna be crazy because ransomware is one of the most dangerous and, and devastating malware out there. It’s taken down companies, even companies I’ve worked at we’ve spent like days and days trying to recover from malware ransomware attacks because what it does is whew, let me show you it’ll take files any file and it will encrypt them or lock them up. And the only way you can access your data is if you have the key.
That’s my key. I’m sorry. It looks terrible. But the problem is that you don’t have the key
Done another one. So now if we LS our directory, we see our four files there. If I cat one of those files, like let’s say file THD. I can see, they do have content inside that we can read data untouched. I encrypted and now let’s hold them for ransom. Let’s encrypt those suckers right now. Here we go. So now let’s start a new file nano and we’ll name this VUL de morts dot pie or P Y bam. We’ve opened our file and now we’re ready to edit our code. First shebang did I scare you? That’s our shebang, by the way, if you’re like what the junk is that I got a video right around here somewhere you can watch and learn about it. Now our first goal on our script is to find all the files in our current directory so we can encrypt them. So we’re gonna find all these files and we’re gonna add them to a list. I’ll start with good documentation, Coffee break.
And also we have to import something into our script. We’re going to import the library OS. So add that at the very top first let’s define our list. Files equals empty list, opening and closing brackets, just like that. Then we’re going to use a for loop to discover all the files in our current directory. This is really cool. Watch this. So we’ll say four file N OS dot list DIR open and closing parentheses and notice we’re using our OS library right now, which let me show you how that works real quick. You can follow along with me if you want. I’m gonna go ahead and just save this file. Control X Y enter. And I’m gonna jump into Python real quick. Right here, the command line Python three I’m in I’m going to import OS and I’m gonna run that command that we just swore about to use in our script.
So OS dot list DIR open and closing parentheses. Watch what happens when I do this bam, and this is exactly what we want our targets. So let’s get back to our script. So for file N OS dot list directory, colon enter in tab. And by the way, if you’re unfamiliar with four loops, all this is doing here is it’s literally gonna go through every file that it could find in the directory, our current working directory and do something with it, which in our case, we’re gonna add each of those files to this list, but there is a problem here we have to solve. We don’t want to encrypt
That is with an if statement. So we’ll say if file equals and we’ll just say the, the name of the file, Voldemort dot P Y colon, and then we’ll tab. Give some space there. Cuz space is important in Python. If you don’t put the space there, it’s gonna hate you. I’ll just type in continue, meaning move along. Don’t do anything with this. Then we’ll hit enter and then tab once more, we’ll call the list files and we’ll use the append method, a a P P E E and D. And we’ll add file to that list. That should do it. So this will literally go through every file on a current working directory and add that to our list. Let’s try it out real quick and actually to verify it’s actually happening. We need to let’s go ahead and print at the end of this print, the list files.
Cool. So patrol X Y enter, save and to run our script real quick, we’ll do Python three Voldemort dot pie. Let’s see what happens. Look at that. Totally worked. Every file is part of that list except for the most important file. Our vort ransomware. Now there is one more problem and I wanna show you real quick here in our directory. I’m gonna actually make another directory. I want to MK D I R test it’s enough. I LS. I can see we have five files and a test directory. If I run that script again, Python three VOR dot pie. Look what happened. It added our files, but it also added our directory. We don’t want that. We only want to encrypt files, individual files. Let’s fix it real quick. It’s actually a pretty easy fix. Let’s jump back into our script. And here, before we add a file to our list, let’s add another check.
Let’s add another if statement, if os.path.is file and we’ll do open parentheses and we’ll put in file colon, then do something. So here with our OS library, we’re actually using a builtin function to determine if one of the things in our directory is a file or not. If it is a file, boom, let’s do something with it. So let’s go ahead and do that. Go ahead. Colon enter tab tab, and here is where we’ll add our files to the list. So we’ll call our files list files dot append, add file. So now a file will only be added to our files list if, and only if it’s not VOR dot pie and it is indeed a file and not a directory or anything else crazy. Let’s test it out real quick. Control X Y enter to save. Let’s run the script. Bam. That directory is not there anymore.
Perfect. Now it’s time to encrypt those files. So let’s get back into our Python script to encrypt the files. We’re going to use a cryptography library that we’re gonna need to import here at the top. So go ahead and go up to the top of your script and type this in with me from cryptography. I never can spell this, right? I’ve like really focused cryptography. Still did it wrong. There we go. Dot Ette. I’m not sure if I’m sitting there rat, whoa, whoa. That was hick ETT. I’m from Texas. By the way, it comes out every once in a while, but from cryptography dot Fornet and port capital F Fornet Fernet is a very cool way to encrypt things in our Python script. Actually, professor Bernard, go ahead and tell us about it.
Fernet is a symmetric encryption method, which makes sure that the messaging encrypted cannot be manipulated slash read without the key. It uses URL safe and coding for the keys. Fernet also uses 1 28 bit AEs.
Okay. Bernard. That’s enough dude. You’re putting ’em to sleep anyways. Let’s play with it real quick. Now first, before we can encrypt our files, we need to create a key that we can use to encrypt them. So using Fornet let’s create a key. It’s create a variable called key crazy right. Key equals and we’ll use Fornet, Fornet dot generate underscore key opening, closing parentheses. And that’s it. And let me show you what it looks like. We’ll test it out. So let’s go ahead and print the key let’s control X Y enter to save let’s run our Python script and there it is our new shiny key that we can use to lock up our files. So let’s use it. Let’s get back into our script. Now with our key, we don’t wanna print it out because then that’ll just give the user the key. And um, no, we want to have them give us money, right?
But we do need to save our key, right? We, we wanna be able to unlock the files later. So let’s go ahead and save that key to a file for that. We’re gonna do this type in with, and then we’re gonna create a new file and write to it. So we’ll use the open function open, then we’ll do open parenthesis and I’ll create my file name with a double quotes. I’ll say the key dot key closing double quote, then I’ll do a comma and I’ll choose my mode. I’m gonna open that file in for this one. I’m gonna do WB for right binary. Normally this will be just w for right, but we’re using binary for this one and then closing parenthesis. And then I’ll say, I’m opening this as, and I’ll just call it the key. So if you’re new to opening files and writing files and reading files and Python, what’s happening here is we’re using the open function to create, or just simply open a file called the key dot key.
We’re gonna open it in a specific mode, which is right mode. And we’re gonna refer to it right now in our function as the key. Let’s try it out real quick, hit enter and tab. And all we’re gonna do is say the key dot write and we’ll write our variable key. So remember, this is how we’re referring to this file. As we’re saying, Hey, this file is actually called the key. When we’re working with this, we’re saying the key, I want you to write something to it and we’re gonna write the variable key, which we define right here. It’s our, our key
The key dot key there it is. And if we cat that file cat, the key there is our key. Now we have one problem here that we have to solve though. The next time we run our Voldemort dot pie script, what’s gonna happen to our key. Like we saved it as a file here. What do you think VOR is gonna do to it? He’s gonna encrypt it, right? He’s gonna encrypt the key with the key. And we’re kind of getting into like an inception of encryption here. We can’t have that. So
So we have our key. We generated it. We saved it to a file. Now let’s lock up some files. We’re gonna use the width open command again, except with all the files. We’re gonna destroy what we’re gonna do it with a for loop. So here we go. This is gonna be really fun. It’s so cool. So for file and our list files, which we defined at the top, I’ll do colon enter and tab. Let’s do things to it. So here we’ll say with open. So every file on that list, we’re gonna with open it. The name of it is gonna be file and we’ll open it and read binary mode, then closing double quote, closing parenthesis. And we’ll open that as the file, colon double tap. And now we’re gonna save the contents of that file to a variable. And we’ll just call it contents.
We’ll have that equal the file.read. And that’s literally all we’re doing. We’re saying, Hey, the contents of whatever file we’re opening right now, save it to that variable contents. And we’re using the read function on that file or the read method. Rather, now that we’ve opened it, let’s encrypt it. So we’ll set a new variable. We’ll say contents underscore encrypted, and we’ll have that equal. Here’s where we actually encrypt the data we’re gonna use for net to type in for net and parenthesis will reference our key. This is the key we’re gonna use to lock it up and it’s gonna be our key variable. The one we had set earlier, right up here when we generate it the key, and then we’ll do dot encrypt. And then we’ll parentheses reference the content which we set as the variable contents. So this is this guy right here.
Now, if you’re new to Python, this is probably getting a bit hairy for you. You’re like, wait, hold on. Well, what’s happening. It’s okay. Pause the video. Rewind. Or maybe check out my Python course ride around here somewhere. If you need to kind of brush up on some things. Okay. So we’ve opened up like file. We encrypted the content. Now we need to write that encrypted content back to the file. So we’re gonna again do with open. We’re gonna open up that same file file, but this time we’re gonna open it as write binary mode because we’re now writing something to it. Close parenthesis. You’ll say as the file tap tab, and we’ll say the file dot, right? And we’re gonna write contents underscore encrypted, which is the variable that we set right here when we encrypted the content. So this four loop right here should go through every file and our list.
It’ll open it and encrypt it and then write it back to the file as an encrypted file. And at this point it’s done, like it’s gonna do it. So let’s, uh, save our file. Control X Y enter to save. And so let’s just, let’s say goodbye to our files real quick. Let’s LS. Let’s like cap the file TXT right now. He’s he’s just, this is a file. He says stuff. It’s not encrypted. Now let’s run our file or our ransomware Python, three of VOR, top pie. Goodbye buddy. Now some things have happened. Let’s let’s cat that file again. Cat filed out TXT. Whoa, encrypted. What was, this is a file before is now just gobbly cook. It’s nothing. Your files are locked. Can’t get ’em back sucker.
That’s the key to unlock it. I’ll show you how to unlock it right now. So take yourself a quick coffee break. I need one. And the good news is that the description script you’re gonna write is very similar to the encryption script. So similar that we’re just gonna copy it. So right here in our, uh, terminal type in CP for copy, we’ll see Voldemort and we’ll copy it to a file. We’ll just call it decrypt, decrypt dot pie. And let’s jump into that file. So nano decrypt, and obviously we’re gonna have to make some changes to it. The first bit is totally okay. We’re still gonna find the files. We’re still gonna add them to a list and we’re still gonna ignore the files. We don’t need to mess with. Here’s some things we’re not gonna do though. First, we’re not going to define a new key and then override it.
No, we’re not gonna do that. So let’s take out all that code, but we are going to need that key to unlock the files. So we’re gonna have to open up that key file. I set it to a variable. Let’s do that right now. So we’ll do a width open. We’re gonna open the key file. So I’ll specify that with double quotes, it’s called the key key, and we’re gonna open that and read binary mode. I’ll open it as key, and then we’re gonna set a new variable. I’ll call it secret key and I’ll have the equal key.read opening, closing parenty. So what we’re doing here is we’re opening our key file and read binary mode. We’re gonna refer to it as key, and we’re gonna say, Hey, we’re gonna set a new variable secret key, and have that equal the contents of that file.
So now we have our key and our script. It’s the key variable, our secret key variable. And with our key loaded, we can now unlock it. And really, we only have to change one thing over here. We’re still gonna use a for loop to go through all our files. We’re still gonna do that first step where we open the file up and read it. But right here, when we encrypt the content, this will be different. So let’s scroll over to our contents encrypted. I’m gonna change that to contents decrypted, and have that equal to for net. And we’re gonna change the key to secret key, cuz that’s what we set our variable to this matches this right here. And then instead of saying encrypt, we’re gonna say decrypt contents. And then we’ll write those decrypted contents back to the file, which we need to change that variable from contents encrypted to contents, decrypted to match perfect.
That should do it. And before we test it, there is one thing we have to do. We’ve defined a new file in our directory. We have decrypted dot high, which is another file that we have to ignore in our script or things will break. So up here in our filter, let’s add one more or, or just after the key file equals decrypt dot pie. Cool. So that should be ignored. Now we can test it out. So CTR X Y enter to save. Let’s verify our files are still encrypted. Cat file TXT. Yes. It’s still Goble de cook, but now let’s unlock it. Let’s do Python on three decrypt dot pie and here comes the magic. Let’s see if it worked. Let’s cat that file once more. Yes, it unlocked. How cool was that? We encrypted a file and now we decrypted it. Does that not get you excited?
Coffee break for you, man. So fun now we’re not done quite yet because we did the bones, the structure of how we do random wear, but let’s add some fun to it to make it seem like actual ransomware. So let’s get back into our VOR file nano Voldemort pie. Now first we need to add our filter for the decrypt file. So it doesn’t decrypt our decrypt. So we’ll do or file equals decrypt dot pie. Let’s just add some fun print language here, like at the very end of our script, we’ll say print, all of your files have been encrypted. Send me 100 Bitcoin or I’ll delete them in 24 hours. Done. Done. Done. Cool. So control X Y enter to safe right now. Let’s just verify real quick. Let’s make sure all our files are decrypted. Let’s do cat file. Two dot TXT looks great.
Cat file. Um, or no, we’ll do, please. Don’t hurt me all decrypted. Now it’s encrypted again. Let’s run our Baltimore file or script. Here we go. All of your files have been encrypted
I’ll do a back slash and to give some space there, make it look pretty close. That input statement out. So here we set a secret phrase. It’s coffee. Now we’re asking them to enter a secret phrase. Now let’s evaluate it. We’ll use an F statement. If user phrase equals secret phrase, then you know, we’ll do is we will nest R decryption underneath it. So let’s back that sucker up tab underneath. We actually have to tab everything over once to make it look like. So, because again, spacing’s extremely important in Python. So now with our new script, their files will only be decrypted if their secret phrase, which is the user phrase, they enter matches our secret phrase, which is coffee. So let’s try it out first. I’ll enter our wrong one and actually hold on. I, I wanna give them the congratulations at the end if they get it right. Uh, I’ll print. Congrats. Your files R decrypted. Enjoy your coffee and then I’ll do an else.
Print. Sorry. Wrong secret phrase. Send me more Bitcoin. Cool. That should do it. All right. Control X Y enter to save. Our files are still encrypted. Let me just check. Yep. Still encrypted. Clear my screen. Let’s run our decryption file. Python three decrypt dot pie. Enter the secret phrase. Let’s get it wrong. Let’s do liket or something. Sorry. Wrong phrase. CI Moore, Bitcoin. Let’s see if our files got decrypted. Cat file TXT. Nope. Still encrypted. Let’s try it again. But they sent me enough Bitcoin and now they have the right password Python three decrypt up pie type in coffee.
Yes. Everything’s working. So at this point, we, you just wrote some ransomware using Python now. Yes. This is simple. Typical ransomware does get much more complex, but at the bones of it, this is how it, it works. I mean, this does work. Isn’t this scary and also cool.
It’s pretty cool. So lemme show you how to get it going real quick. All we’re gonna do is, uh, first I’ll have this link below. We’ll copy building to his GitHub. I’m gonna cd.dot into my home directory. Yes, I’m home. And I’m going to get clone paste that repository and just like that. And now we’re downloaded. Now I have fun with this. There are two things you gotta do first. Make sure you have PIP three installed, which is what we’re gonna use with Python to install additional libraries. And then we’re gonna actually install some requirements using PIP. So I’m gonna do that right now. Actually, I’m gonna do a quick pseudo, a P T update to update my repositories and then we’ll do pseudo a PT install, Python three dash PIP. We’ll do a dash. Why at the end? And that’ll install PIP three for us.
Go coffee break. Done. All right. Now, if we do an LS, we’ll see that we have a new, uh, directory called malware showcase. Let’s go ahead and jump in there. CD malware showcase. If we LS that directory, we got a few things going on before we play with it. We want to install a requirements and here’s how we’ll do it type in pit three, install dash R and then requirements dot TXT. It’ll go through that. That text file. Look at all the stuff it wants to install and actually install it. Go ahead and hit enter and another coffee break.
And that should be it. So if we analyze that directory, we can jump into each of those. So for example, CD file infection file less that I can see, we have some example, target files and target folders, and also an effect dot pie file. The actual script are gonna run. So if I jump in there real quick, actually nano vector dot pie, there’s some fancy advanced Python in here using things like classes and, and uh, functions. But what’s cool is it shows you how this kind of stuff works so you can dissect it and learn it for yourself. And of course we can run it too. So if, uh, I can jump into the readme a less the read me file. Great. Read me files. It’ll tell you exactly how things work. Hit Q to exit that. And then I could run the file Python on three factor pie and at ran.
So I’m not gonna show you every one of these, just feel free to go crazy and play with it. And please only play with it. If you’re using a throwaway Linnux box, like we just did in ode, otherwise they do show you how to set up a virtual environment, a Python virtual environment with E V. But yeah, malware is crazy and scary and also pretty fun. The purpose of this video was to help you understand kind of how it works and how it’s written and code. We got to do some really fun stuff in Python, and we wrote our own ransomware, which is just cool. You can tell your friends and your coworkers and your mom that you wrote ransomware today. Congrats. It’s a good day today. You accomplish something just please don’t use it against somebody. This is for educational purposes. Only don’t hurt anybody. Don’t be evil. Isn’t that? Google’s uh,