Merge pull request #136 from andrewjkerr/additional-cheatsheets

Added cheatsheets for markdown, ncat, and sqlmap.
This commit is contained in:
Chris Lane 2013-12-23 11:01:01 -08:00
commit e63e7b0e3c
3 changed files with 116 additions and 0 deletions

41
cheatsheets/markdown Normal file
View File

@ -0,0 +1,41 @@
# headers
h1 header
=========
h2 header
---------
# blockquotes
> first level and paragraph
>> second level and first paragraph
>
> first level and second paragraph
# lists
## unordered - use *, +, or -
* Red
* Green
* Blue
## ordered
1. First
2. Second
3. Third
# code - use 4 spaces/1 tab
regular text
code code code
or:
Use the `printf()` function
# hr's - three or more of the following
***
---
___
# links
This is [an example](http://example.com "Title") inline link.
# emphasis
*em* _em_
**strong** __strong__

30
cheatsheets/ncat Normal file
View File

@ -0,0 +1,30 @@
# Connect mode (ncat is client) | default port is 31337
ncat <host> [<port>]
# Listen mode (ncat is server) | default port is 31337
ncat -l [<host>] [<port>]
# Transfer file (closes after one transfer)
ncat -l [<host>] [<port>] < file
# Transfer file (stays open for multiple transfers)
ncat -l --keep-open [<host>] [<port>] < file
# Receive file
ncat [<host>] [<port>] > file
# Brokering | allows for multiple clients to connect
ncat -l --broker [<host>] [<port>]
# Listen with SSL | many options, use ncat --help for full list
ncat -l --ssl [<host>] [<port>]
# Access control
ncat -l --allow <ip>
ncat -l --deny <ip>
# Proxying
ncat --proxy <proxyhost>[:<proxyport>] --proxy-type {http | socks4} <host>[<port>]
# Chat server | can use brokering for multi-user chat
ncat -l --chat [<host>] [<port>]

45
cheatsheets/sqlmap Normal file
View File

@ -0,0 +1,45 @@
# Test URL and POST data and return database banner (if possible)
./sqlmap.py --url="<url>" --data="<post-data>" --banner
# Parse request data and test | request data can be obtained with burp
./sqlmap.py -r <request-file> <options>
# Fingerprint | much more information than banner
./sqlmap.py -r <request-file> --fingerprint
# Get database username, name, and hostname
./sqlmap.py -r <request-file> --current-user --current-db --hostname
# Check if user is a database admin
./sqlmap.py -r <request-file> --is-dba
# Get database users and password hashes
./sqlmap.py -r <request-file> --users --passwords
# Enumerate databases
./sqlmap.py -r <request-file> --dbs
# List tables for one database
./sqlmap.py -r <request-file> -D <db-name> --tables
# Other database commands
./sqlmap.py -r <request-file> -D <db-name> --columns
--schema
--count
# Enumeration flags
./sqlmap.py -r <request-file> -D <db-name>
-T <tbl-name>
-C <col-name>
-U <user-name>
# Extract data
./sqlmap.py -r <request-file> -D <db-name> -T <tbl-name> -C <col-name> --dump
# Execute SQL Query
./sqlmap.py -r <request-file> --sql-query="<sql-query>"
# Append/Prepend SQL Queries
./sqlmap.py -r <request-file> --prefix="<sql-query>" --suffix="<sql-query>"
# Get backdoor access to sql server | can give shell access
./sqlmap.py -r <request-file> --os-shell