Skip to content

Instantly share code, notes, and snippets.

View carnal0wnage's full-sized avatar

Chris Gates carnal0wnage

View GitHub Profile
#!/usr/bin/python
'''
Python implementation of passcode hashing algorithm used on the Samsung Galaxy S4 GT-I9505 4.2.2
Correct PIN for hash and salt below is 1234.
Get 40-character hash value in ascii hex format from file /data/system/password.key on the phone
Get salt in signed numeric format by doing sqlite3 query SELECT value FROM locksettings WHERE name = 'lockscreen.password_salt' on /data/system/locksettings.db
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::Udp
def initialize(info = {})
super(update_info(info,
'Name' => 'XBMC Remote UDP Code Exec',
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
def initialize(info={})
super(update_info(info,
'Name' => "Belkin Netcam HD UPnP Command Injection",
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info = {})
super(update_info(info,
'Name' => 'WDMyCloud NAS Command Injection CSRF',
require 'msf/core'
require 'crypt/blowfish' # sorry, openssl is limited to 16-byte key size :(
# add gem 'crypt', '1.1.4' to Gemfile
module ::Crypt
class Blowfish
def setup_blowfish()
@sBoxes = Array.new(4) { |i| INITIALSBOXES[i].clone }
@pArray = INITIALPARRAY.clone
keypos = 0
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info = {})
super(update_info(info,
'Name' => 'NetGear UPnP CSRF',
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info = {})
super(update_info(info,
'Name' => 'WDMyCloud NAS Command Injection CSRF',
require 'msf/core'
require 'crypt/blowfish' # sorry, openssl is limited to 16-byte key size :(
# add gem 'crypt', '1.1.4' to Gemfile
module ::Crypt
class Blowfish
def setup_blowfish()
@sBoxes = Array.new(4) { |i| INITIALSBOXES[i].clone }
@pArray = INITIALPARRAY.clone
keypos = 0
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'HomeSeer Code Execution Vulnerability',