BUUCTF-CRYPTO-[INSHack2018]Crypt0r part 1

    # Crypt0r part 1
    Our IDS detected an abnormal behavior from one of our user. We extracted this pcap, could you have a look at it? 
    <a href="http://crypt0r.challenge-by.ovh/ids_alert_24032018.pcap">http://crypt0r.challenge-by.ovh/ids_alert_24032018.pcap</a>
    
    
      
      
      
    

    #!python3
    # -*- coding: utf-8 -*-
    # @Time : 2020/10/26 13:23
    # @Author : A.James
    # @FileName: test.py
    
    string1 = "PMSFADNIJKBXQCGYWETOVHRULZpmsfadnijkbxqcgywetovhrulz"
    string2 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
    str1 = """
    CRYPT0R_SEED:58
    CRYPT0R:PMSFADNIJKBXQCGYWETOVHRULZSELYO0E_PSB
    SELYO0E:PXX_NGGFSELYO0E:NAO_HJSOJQ_JF>{A2FS3118-0399-48S7-857S-43D9528DD98F}
    SELYO0E:HJSOJQ_JF_JT>....SELYO0E:NAO_DJCPX_QTN
    SELYO0E:DJCPX_QTN_JT>!!! PXX LGVE DJXAT IPHA MAAC ACSELYOAF !!!
    
    Selyo0e toegba mpsb pcf lgv ngo dvsb*f mvffl. Lgv spccgo faselyo lgve fpop ausayo jd lgv ypl qa $500. #TIGRQAOIAQGCAL pcf J rjxx njha lgv mpsb lgve fpop.
    
    Dgxxgr oiata jctoevsojgct:
    - Jctopxx oia oge megrtae, pcf ng og gve yplqaco yxpodgeq: iooy://bu4ifi2zg5etosvk.gcjgc (YSJ-FTT pyyeghaf gds meg).
    - Acoae lgve yaetgcpx bal: JCTP{mW9CLVlPjpUtbZFdccPioVV01jdaUeGv}
    
    Oipcbt dge vtjcn ql epctgqrpea.
    
    Rjoi xgha,
    Selyo0qpc
    """
    print (str1.translate(str.maketrans(string1,string2)))
    
    
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
    

    NWPAS0W_CRRF:58
    NWPAS0W:ABCDEFGHIJKLMNOPQRSTUVWXYZCRYPT0R_ACK
    CRYPT0R:ALL_GOODCRYPT0R:GET_VICTIM_ID>{E2DC3118-0399-48C7-857C-43F9528FF98D}
    CRYPT0R:VICTIM_ID_IS>....CRYPT0R:GET_FINAL_MSG
    CRYPT0R:FINAL_MSG_IS>!!! ALL YOUR FILES HAVE BEEN ENCRYPTED !!!
    
    Crypt0r stroke back and you got fuck*d buddy. You cannot decrypt your data except if you pay me $500. #SHOWMETHEMONEY and I will give you back your data.
    
    Follow these instructions:
    - Install the tor browser, and go to our payment platform: http://kx4hdh2zo5rstcuj.onion (PCI-DSS approved ofc bro).
    - Enter your personal key: INSA{bQ9NYUyAiaXskZDfnnAhtUU01ifeXrOu}
    
    Thanks for using my ransomware.
    
    With love,
    Crypt0man
    
    
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
    

    INSA{bQ9NYUyAiaXskZDfnnAhtUU01ifeXrOu}