mirror of https://github.com/cheat/cheat.git
Merge pull request #136 from andrewjkerr/additional-cheatsheets
Added cheatsheets for markdown, ncat, and sqlmap.
This commit is contained in:
commit
e63e7b0e3c
|
@ -0,0 +1,41 @@
|
|||
# headers
|
||||
h1 header
|
||||
=========
|
||||
h2 header
|
||||
---------
|
||||
|
||||
# blockquotes
|
||||
> first level and paragraph
|
||||
>> second level and first paragraph
|
||||
>
|
||||
> first level and second paragraph
|
||||
|
||||
# lists
|
||||
## unordered - use *, +, or -
|
||||
* Red
|
||||
* Green
|
||||
* Blue
|
||||
|
||||
## ordered
|
||||
1. First
|
||||
2. Second
|
||||
3. Third
|
||||
|
||||
# code - use 4 spaces/1 tab
|
||||
regular text
|
||||
code code code
|
||||
or:
|
||||
Use the `printf()` function
|
||||
|
||||
# hr's - three or more of the following
|
||||
***
|
||||
---
|
||||
___
|
||||
|
||||
# links
|
||||
This is [an example](http://example.com "Title") inline link.
|
||||
|
||||
# emphasis
|
||||
*em* _em_
|
||||
|
||||
**strong** __strong__
|
|
@ -0,0 +1,30 @@
|
|||
# Connect mode (ncat is client) | default port is 31337
|
||||
ncat <host> [<port>]
|
||||
|
||||
# Listen mode (ncat is server) | default port is 31337
|
||||
ncat -l [<host>] [<port>]
|
||||
|
||||
# Transfer file (closes after one transfer)
|
||||
ncat -l [<host>] [<port>] < file
|
||||
|
||||
# Transfer file (stays open for multiple transfers)
|
||||
ncat -l --keep-open [<host>] [<port>] < file
|
||||
|
||||
# Receive file
|
||||
ncat [<host>] [<port>] > file
|
||||
|
||||
# Brokering | allows for multiple clients to connect
|
||||
ncat -l --broker [<host>] [<port>]
|
||||
|
||||
# Listen with SSL | many options, use ncat --help for full list
|
||||
ncat -l --ssl [<host>] [<port>]
|
||||
|
||||
# Access control
|
||||
ncat -l --allow <ip>
|
||||
ncat -l --deny <ip>
|
||||
|
||||
# Proxying
|
||||
ncat --proxy <proxyhost>[:<proxyport>] --proxy-type {http | socks4} <host>[<port>]
|
||||
|
||||
# Chat server | can use brokering for multi-user chat
|
||||
ncat -l --chat [<host>] [<port>]
|
|
@ -0,0 +1,45 @@
|
|||
# Test URL and POST data and return database banner (if possible)
|
||||
./sqlmap.py --url="<url>" --data="<post-data>" --banner
|
||||
|
||||
# Parse request data and test | request data can be obtained with burp
|
||||
./sqlmap.py -r <request-file> <options>
|
||||
|
||||
# Fingerprint | much more information than banner
|
||||
./sqlmap.py -r <request-file> --fingerprint
|
||||
|
||||
# Get database username, name, and hostname
|
||||
./sqlmap.py -r <request-file> --current-user --current-db --hostname
|
||||
|
||||
# Check if user is a database admin
|
||||
./sqlmap.py -r <request-file> --is-dba
|
||||
|
||||
# Get database users and password hashes
|
||||
./sqlmap.py -r <request-file> --users --passwords
|
||||
|
||||
# Enumerate databases
|
||||
./sqlmap.py -r <request-file> --dbs
|
||||
|
||||
# List tables for one database
|
||||
./sqlmap.py -r <request-file> -D <db-name> --tables
|
||||
|
||||
# Other database commands
|
||||
./sqlmap.py -r <request-file> -D <db-name> --columns
|
||||
--schema
|
||||
--count
|
||||
# Enumeration flags
|
||||
./sqlmap.py -r <request-file> -D <db-name>
|
||||
-T <tbl-name>
|
||||
-C <col-name>
|
||||
-U <user-name>
|
||||
|
||||
# Extract data
|
||||
./sqlmap.py -r <request-file> -D <db-name> -T <tbl-name> -C <col-name> --dump
|
||||
|
||||
# Execute SQL Query
|
||||
./sqlmap.py -r <request-file> --sql-query="<sql-query>"
|
||||
|
||||
# Append/Prepend SQL Queries
|
||||
./sqlmap.py -r <request-file> --prefix="<sql-query>" --suffix="<sql-query>"
|
||||
|
||||
# Get backdoor access to sql server | can give shell access
|
||||
./sqlmap.py -r <request-file> --os-shell
|
Loading…
Reference in New Issue