cheatsheet

Reverse Shell Cheat Sheet

If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding [...]

Tags: , , , , , , , , ,

Posted in: Shells

The Ultimate Unix Cheat Sheet

I just stumbled across Rosetta Stone for Unix, a brilliant page that lists how to do a large number of tasks in a variety of unix-like operating systems.  I wish I’d found this years ago. It should be very handy for pentesting or auditing those less familiar unix flavours. I’ll definitely taking a copy with [...]

Tags: , ,

Posted in: Blog

Informix SQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into Informix databases…

Tags: , ,

Posted in: SQL Injection

SQL Injection Cheat Sheets Updated

I had some really detailed feedback from Bernardo Damele A. G. on the SQL Injection Cheat Sheets.  I’ve just finished updating the cheat sheets for MSSQL, Oracle, MySQL and PostgreSQL . Thanks a lot Bernardo. If anyone else has suggestions, feel free to mail pentestmonkey at pentestmonkey dot net.

Tags: , ,

Posted in: Blog

Update to Postgres SQL Injection Cheat Sheet

Reiners spotted that I hadn’t included any info about writing files via SLQ injection in PostgreSQL.  I’ve update the Postgres Cheat Sheet accordingly.  Thanks Reiners. He’s also written some detailed blogs about SQL injection in MySQL that are worth reading: MySQL Table and Column Names MySQL Into Outfile  

Tags: , , ,

Posted in: Blog

SQL Cheat Sheet Updates

I’ve recently updated the MySQL, MSSQL and PostgreSQL cheat sheets with some notes on creating and deleting users.  Info on granting DBA rights is also included. This is useful for those situtations where you’ve found a SQL inject as a privileged user and also have have access to the database port (1433/TCP or whatever).

Tags: ,

Posted in: Blog

Updated Postgres SQL Injection Cheat Sheet

I just put some finishing touches to the PostgreSQL Injection Cheat Sheet .  All the TODO items have been removed now.  Let me know if you have any extra info you think should be included on the cheat sheet.

Tags: , ,

Posted in: Blog

Updated Postgres SQL Injection Cheat Sheet

I just read Nico Leidecker’s Having Fun With Postgres paper.  He mostly talks about the dblink function which is sometimes enabled in Postgres – it’s a bit like MSSQL’s openrowset .  There’s also some good generic advice on what to do when you get DBA access – like exeucting OS-level commands.  I’ve updated the cheat [...]

Tags: , ,

Posted in: Blog

Update to MySQL Injection Cheat Sheet

I just added some more notes to the MySQL Injection Cheat Sheet about command executation, file upload, privilege enumeration, casting, avoiding quotes and more.  The cheat sheet is reasonably complete now.

Tags: , ,

Posted in: Blog

MSSQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into MSSQL databases…

Tags: , ,

Posted in: SQL Injection