Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cycraft-corp/Prometheus-Decryptor
Prometheus-Decryptor is a project to decrypt files encrypted by Prometheus ransomware.
https://github.com/cycraft-corp/Prometheus-Decryptor
Last synced: about 2 months ago
JSON representation
Prometheus-Decryptor is a project to decrypt files encrypted by Prometheus ransomware.
- Host: GitHub
- URL: https://github.com/cycraft-corp/Prometheus-Decryptor
- Owner: cycraft-corp
- License: mit
- Created: 2021-06-11T08:18:36.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2021-08-18T18:16:36.000Z (over 3 years ago)
- Last Synced: 2024-11-06T05:33:45.841Z (2 months ago)
- Language: Go
- Homepage:
- Size: 16.1 MB
- Stars: 51
- Watchers: 5
- Forks: 18
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - cycraft-corp/Prometheus-Decryptor - Prometheus-Decryptor is a project to decrypt files encrypted by Prometheus ransomware. (Go)
README
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![made-with-Go](https://img.shields.io/badge/Made%20with-Go-1f425f.svg)](http://golang.org)# Prometheus-Decryptor
Prometheus-Decryptor is an project to decrypt files encrypted by Prometheus ransomware.
## Command Arguments
```
Usage of ./bin/prometheus_decrypt:
-b string
Custom search with byte value. (i.e. \xde\xad\xbe\xef -> deadbeef)
Please use ?? to match any byte (i.e. de??beef)
-c Use current tickcount. (only support in Windows)
-d int
Decrypt size when guessing. The default size is 100, and you can specify your own size corresponding to your search pattern.
0 stands for the guessing file size, and -1 stands for the max header size 100 except for Microsoft documents. (default -1)
-e string
Search file extension.
-f int
Found candidate. (default 1)
-i string
Input encrypted file.
-k string
Decrypt with this key.
-m int
Move backward m minutes from the current decrypted seed when guessing the next sample. (default 30)
-o string
Output decrypted file.
-p int
Use n thread. (default 1)
-r Reversed tickcount.
-s string
Custom search with regular expression.
-t int
Start tickcount.
```## Usage
### Guess password
Guess the password of a png image from tickcount 0.
```bash
./prometheus_decrypt -i ./sample/CyCraft.png.PROM\[[email protected]\] -o ./output/CyCraft.png -e png -p 16
```In this command, there are 4 arguments:
- i: input encrypted file
- o: output file
- e: search file format
- p: thread count### Reversed Tickcount
Guess the password of a png image from tickcount 100000 in reversed order.
```bash
./prometheus_decrypt -i ./sample/CyCraft.png.PROM\[[email protected]\] -o ./output/CyCraft.png -e png -p 16 -t 100000 -r
```There are 2 additional arguments:
- t: start from 100000
- r: reversed order (100000...0)### Guess from current tickcount (only for Windows)
Guess the password of a png image from the current tickcount in reversed order. This feature is usually used with reversed order.
```bash
./prometheus_decrypt -i ./sample/CyCraft.png.PROM\[[email protected]\] -o ./output/CyCraft.png -e png -p 16 -c -r
```There is an additional argument:
- c: start from the current tickcount### Decrypt (Encrypt) with a key
Decrypt (Encrypt) a file with a provided key.
```bash
./prometheus_decrypt -i ./sample/CyCraft.png.PROM\[[email protected]\] -o ./output/CyCraft.png -k "+@[%T-mZSh+E[^^i{W:dpwnhdL4