This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SQL Injection Types: Ref: https://www.imperva.com/learn/application-security/sql-injection-sqli/ | |
In-band SQLi: | |
Use same communication channel to both launch the attack and gather results. | |
SubTypes: | |
Error-based SQLi: | |
relies on error messages thrown by the database server to obtain information about the structure of the database. | |
Union-based SQLi: | |
UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response. | |
Inferential (Blind) SQLi | |
No data is actually transferred via the web application and the attacker would not be able to see the result of an attack in-band (which is why such attacks are commonly referred to as “Blind SQL Injection Attacks”). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Linux CLI Quicky | |
echo -n "Ashish" | md5sum | cut -d" " -f1 | |
# Python Quicky One | |
python3 -c 'import hashlib; print(hashlib.md5(b"Ashish").hexdigest())' | |
# LDAP | |
ldapsearch -x -h 127.0.0.1 -b "dc=domain,dc=com" -D user@domain -W | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Python3 | |
How to Install | |
apt-get update && apt-get install -y python3-opencv | |
pip3 install --upgrade pip # Important | |
pip3 install sklearn matplotlib numpy opencv-python scikit-image |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cat BL/socialnet/domains | awk '{ OFS = ","; print "56",$1,"*" }' >> data_set2.txt | |
cat BL/forum/domains | awk '{ OFS = ","; print "19",$1,"*" }' >> data_set2.txt | |
cat BL/finance/banking/domains | awk '{ OFS = ","; print "5",$1,"*" }' >> data_set2.txt | |
cat BL/finance/realestate/domains | awk '{ OFS = ","; print "49",$1,"*" }' >> data_set2.txt | |
cat BL/finance/banking/domains | awk '{ OFS = ","; print "18",$1,"*" }' >> data_set2.txt | |
cat BL/finance/realestate/domains | awk '{ OFS = ","; print "18",$1,"*" }' >> data_set2.txt | |
cat BL/finance/insurance/domains | awk '{ OFS = ","; print "18",$1,"*" }' >> data_set2.txt | |
cat BL/finance/moneylending/domains | awk '{ OFS = ","; print "18",$1,"*" }' >> data_set2.txt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cat 3000_unique_domains.txt | xargs -P 30 -n 1 -I{} curl "{}" -s -x 10.139.232.245:8080 --max-time 6.0 -w "Status: %{response_code}, Total-Time: %{time_total}\n" | tee -a test_4-cc30-17_50-4_may_2021-log.txt | |
cat pi_blocklist_porn_top1m.list | xargs -P 30 -n 1 -I{} curl "{}" -s -x 10.139.232.245:8080 --max-time 6.0 -w "Status: %{response_code}, Total-Time: %{time_total}, Url: %{url_effective}, Socket: %{local_ip}:%{local_port} \n" -o /dev/null| tee -a test_4-cc30-17_50-4_may_2021-log.txt | |
cat pi_blocklist_porn_top1m.list | xargs -P 30 -n 1 -I{} curl "{}" -s -x 10.139.232.245:8080 --max-time 6.0 -w "Status: %{response_code}, Total-Time: %{time_total}, Url: %{url_effective}, Socket: %{local_ip}:%{local_port} \n" -o /dev/null| tee -a test_4-cc30-17_50-4_may_2021-log.txt | |
COUNTER_1=0; cat pi_blocklist_porn_top1m.list | xargs -P 30 -n 1 -I{} curl "{}" -s -x 10.139.232.245:8080 --max-time 6.0 -w "Status: %{response_code}, Total-Time: %{time_total}, Url: %{url_effective}, Socket: %{local_ip}:%{local_port} \n" -o /de |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CSRF: | |
Cross-Site Request Forgery - Cross-Site Request Forgery (CSRF) is a malicious attack that tricks the user’s web browser to perform undesired actions so that they appear as if an authorized user is performing those actions. | |
OWASP: | |
Open Web Application Security Project | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Caching at the Object Level | |
1. Cache ASide | |
Easiest one used by me | |
Check the Cache | |
IF Cache Found -> Return | |
Else -> Ask DB | |
IF DB Found -> Add To Cache and Return | |
Else -> Do NOT Cache and Return NULL |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
---------------------- | |
Report Table Creation | |
---------------------- | |
website_name, download_size, upload_size, request_count, elapsed_time | |
username, website_name, download_size, upload_size, request_count, elapsed_time | |
============= | |
Single Table |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
record_id | |
client_id | |
request_id | |
date_time | |
elapsed_time | |
status | |
size | |
upload | |
download | |
bypassed |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Best Practise | |
# Reference: https://stackoverflow.com/questions/11482342/read-a-large-zipped-text-file-line-by-line-in-python/11482347 | |
# If Reading a Zipped/Compressed File | |
import zipfile | |
with zipfile.ZipFile(zip_file) as z: | |
with z.open(zip_file) as f: |