Milan Kragujević milankragujevic
milankragujevic
/ drupal_passChange.php
Last active
September 5, 2021 13:49
Exploiting Drupal 7's SQL Injection vulnerability to change the admin user's password. http://milankragujevic.com/post/66
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /******************************************************** | |
| * Drupal 7 SQL Injection vulnerability demo | |
| * Created by Milan Kragujevic (of milankragujevic.com) | |
| * Read more at http://milankragujevic.com/post/66 | |
| * This will change the first user's username to admin | |
| * and their password to admin | |
| * Change $url to the website URL | |
| ********************************************************/ | |
| $url = '[URL HERE]'; // URL of the website (http://domain.com/) |
milankragujevic
/ youtube-extract-ids-from-playlist.js
Created
July 28, 2017 00:30
To extract all the video IDs from a YouTube playlist. Open the playlist page, scroll down to the bottom, click load more, repeat until the end, then open Console and paste this code. Output is a list of video IDs from the page.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var els = document.getElementsByClassName('pl-video'); | |
| for(i = 0; i < els.length; i++) { | |
| var el = els[i]; | |
| if(el) { | |
| var src = el.getElementsByClassName('yt-thumb-clip')[0].getElementsByTagName('img')[0].src; | |
| if(!src.match(/\.com\/vi\//g)) { continue; } | |
| var id = src.split('.com/vi/')[1].split('/')[0]; | |
| console.log(id); | |
| } |
milankragujevic
/ base32-to-hex.php
Created
September 18, 2017 19:46
Convert Base32 text into Hexadecimal with PHP (useful for converting Torrent hashes i.e. vpr33qqm3l6bfu5fgozxmbnoraffszww => abe3bdc20cdafc12d3a533b37605ae880a5966d6)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function mk_base32_to_hex($input) { | |
| $map = array( | |
| 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', | |
| 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', | |
| 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', | |
| 'Y', 'Z', '2', '3', '4', '5', '6', '7', | |
| '=' | |
| ); | |
| $flippedMap = array( |
milankragujevic
/ APUSONE_V102_UART.txt
Created
October 3, 2017 02:31
UART Boot dump of Alcatel V102 HDMI stick powered by APUS ONE MAP220 and Mediatek RT5572
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ?hello_world! | |
| ?hello_world! | |
| 525802 80wa witaitcheck_val=0x2700a0 | |
| ROM Monitor, Revision 0000.0312.0023. | |
| Copyright (c) tf Semiconductor Corp. - All Rights Reserved. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ESP8266WiFi.h> | |
| #include <ESP8266WebServer.h> | |
| #include <ESP8266mDNS.h> | |
| #include <IRremoteESP8266.h> | |
| #include <IRsend.h> | |
| #include <WiFiClient.h> | |
| MDNSResponder mdns; | |
| IRsend irsend(14); | |
| ESP8266WebServer server(80); |
milankragujevic
/ stark_groove_7w-l.fex
Created
November 15, 2017 02:09
Allwinner A33 Stark Groove 7W-L FEX config for SDK Android 6.0 Serbia
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [product] | |
| version = "100" | |
| machine = "U70BL1B3C" | |
| [platform] | |
| eraseflag = 1 | |
| next_work = 0 | |
| [target] | |
| boot_clock = 1008 |
milankragujevic
/ mkdump.sh
Created
November 15, 2017 02:10
Dump script.bin from Allwinner A33 tablet running Android. Run this on the device and then run `./perl.pl < sysconfig_dump.txt > script.bin`
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/system/bin/sh | |
| SYS_CONFIG_MEMBASE="0x43000000" | |
| SYS_CONFIG_MEMSIZE="0x10000" | |
| CHUNK="0x200" | |
| OUTFILE=/data/local/tmp/sysconfig_dump.txt | |
| rm $OUTFILE | |
| let address=$SYS_CONFIG_MEMBASE | |
| let "end=(SYS_CONFIG_MEMBASE+SYS_CONFIG_MEMSIZE)" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ▒UյU▒U▒▒U▒Օ▒UյU▒U▒▒U▒յU▒U▒▒U▒UյU▒U▒▒U▒U▒▒Uյ▒Օ▒Uյ▒▒U▒HELLO! BOOT0 is starting! | |
| boot0 version : 4.2.0 | |
| boot0 commit : 0b1334302d2064065c32a7e88e423c38766750e3 | |
| fel_flag = 0x00000000 | |
| rtc[0] value = 0x00000000 | |
| rtc[1] value = 0x0000000f | |
| rtc[2] value = 0x00000000 | |
| rtc[3] value = 0xf1f15000 | |
| DRAM DRIVE INFO: V1.6 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| part name = bootloader | |
| part start = 32768 | |
| part size = 65536 | |
| part name = env | |
| part start = 98304 | |
| part size = 32768 | |
| part name = boot | |
| part start = 131072 | |
| part size = 32768 | |
| part name = system |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sunxi#help | |
| ? - alias for 'help' | |
| base - print or set address offset | |
| boot - boot default, i.e., run 'bootcmd' | |
| boota - boota - boot android bootimg from memory | |
| bootd - boot default, i.e., run 'bootcmd' | |
| bootelf - Boot from an ELF image in memory | |
| bootm - boot application image from memory | |
| bootvx - Boot vxWorks from an ELF image |
OlderNewer