LAZYPARIAH: generating reverse shell payloads on the fly

by do son · March 7, 2022

LAZYPARIAH

LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests and capture-the-flag (CTF) competitions to generate a range of reverse shell payloads on the fly.

The reverse shell payloads that LAZYPARIAH supports include (but are not limited to):

C binary payloads (compiled on the fly): c_binary
Ruby payloads: ruby, ruby_b64, ruby_hex, ruby_c
Powershell payloads: powershell_c, powershell_b64
Base64-encoded Python payloads: python_b64
Rust binary payloads (compiled on the fly): rust_binary
PHP scripts containing base64-encoded Python payloads called via the system() function: php_system_python_b64
Java classes (compiled on the fly): java_class
Perl payloads: perl, perl_b64, perl_hex, perl_c
Simple PHP payloads (targeting specific file descriptors): php_fd, php_fd_c, php_fd_tags

Dependencies

Ruby >= 2.7.1 (LAZYPARIAH has not been tested on previous versions of Ruby)
OpenJDK (Optional: Only required for java_class payloads.)
GCC (Optional: Only required for c_binary payloads.)
Rust (Optional: Only required for rust_binary payloads.)

Installation

LAZYPARIAH can be installed on most GNU/Linux and BSD systems using the RubyGems installer as follows:

gem install lazypariah

Usage

Usage:	lazypariah [OPTIONS] <PAYLOAD TYPE> <ATTACKER HOST> <ATTACKER PORT>

Note:	<ATTACKER HOST> may be an IPv4 address, IPv6 address or hostname.



Example:	lazypariah -u python_b64 10.10.14.4 1555

Example:	lazypariah python_c malicious.local 1337



Valid Payloads:

    awk

    bash_tcp

    c_binary

    java_class

    nc

    nc_openbsd

    nc_pipe

    nodejs

    nodejs_b64

    nodejs_c

    nodejs_hex

    perl

    perl_b64

    perl_c

    perl_hex

    php_fd

    php_fd_c

    php_fd_tags

    php_system_python_b64

    php_system_python_hex

    php_system_python_ipv6_b64

    php_system_python_ipv6_hex

    powershell_b64

    powershell_c

    python

    python_b64

    python_c

    python_hex

    python_ipv6

    python_ipv6_b64

    python_ipv6_c

    python_ipv6_hex

    ruby

    ruby_b64

    ruby_c

    ruby_hex

    rust_binary

    socat



Valid Options:

    -h, --help                       Display help text and exit.

    -l, --license                    Display license information and exit.

    -u, --url                        URL-encode the payload.

    -v, --version                    Display version information and exit.

    -D, --fd INTEGER                 Specify the file descriptor used by the target for TCP. Required for certain payloads.

    -P, --pv INTEGER                 Specify Python version for payload. Must be either 2 or 3. By default, no version is specified.

    -N, --no-new-line                Do not append a new-line character to the end of the payload.

        --b64                        Encode a c_binary, rust_binary or java_class payload in base-64.

        --hex                        Encode a c_binary, rust_binary or java_class payload in hexadecimal.

        --gzip                       Compress a c_binary, rust_binary or java_class payload using zlib.

        --gzip_b64                   Compress a c_binary, rust_binary or java_class payload using zlib and encode the result in base-64.

        --gzip_hex                   Compress a c_binary, rust_binary or java_class payload using zlib and encode the result in hexadecimal.