Skip to content

Instantly share code, notes, and snippets.

View santosadrian's full-sized avatar
💭
Buscándome la vida que la muerte viene sola.

Adrian Santos santosadrian

💭
Buscándome la vida que la muerte viene sola.
View GitHub Profile
@santosadrian
santosadrian / file-inclusion.md
Last active August 1, 2023 15:45
File Inclusion

Local File Inclusion

Command Description
 Basic LFI
 /index.php?language=/etc/passwd Basic LFI
 /index.php?language=../../../../etc/passwd LFI with path traversal
 /index.php?language=/../../../etc/passwd LFI with name prefix
 /index.php?language=./languages/../../../../etc/passwd LFI with approved path
 LFI Bypasses
@santosadrian
santosadrian / SQL-Injection-Fundamentals.md
Created August 1, 2023 12:43
SQL Injection Fundamentals

MySQL

Command Description
General
mysql -u root -h docker.hackthebox.eu -P 3306 -p login to mysql database
SHOW DATABASES List available databases
USE users Switch to database
Tables
CREATE TABLE logins (id INT, ...) Add a new table
@santosadrian
santosadrian / MySQL-cheatsheet.md
Last active August 1, 2023 11:48
MySQL cheatsheet

MySQL

Command Description
General
mysql -u root -h docker.hackthebox.eu -P 3306 -p login to mysql database
SHOW DATABASES List available databases
USE users Switch to database
Tables
CREATE TABLE logins (id INT, ...) Add a new table
@santosadrian
santosadrian / cURL-cheatsheet.md
Created August 1, 2023 09:19
cURL cheatsheet

cURL

Command Description
 curl -h cURL help menu
 curl inlanefreight.com Basic GET request
 curl -s -O inlanefreight.com/index.html Download file
 curl -k https://inlanefreight.com Skip HTTPS (SSL) certificate validation
 curl inlanefreight.com -v Print full HTTP request/response details
 curl -I https://www.inlanefreight.com Send HEAD request (only prints response headers)
@santosadrian
santosadrian / ffuf-cheatsheet.md
Created August 1, 2023 09:05
ffuf fuzzing cheatsheet

Ffuf

Command Description
ffuf -h ffuf help
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ Directory Fuzzing
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ Extension Fuzzing
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php Page Fuzzing
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v Recursive Fuzzing
ffuf -w wordlist.txt:FUZZ -u https://FUZZ.hackthebox.eu/ Sub-domain Fuzzing
@santosadrian
santosadrian / nmap-cheatsheet.md
Created August 1, 2023 09:03
nmap cheatsheet

Scanning Options

Nmap Option Description
10.10.10.0/24 Target network range.
-sn Disables port scanning.
-Pn Disables ICMP Echo Requests
-n Disables DNS Resolution.
-PE Performs the ping scan by using ICMP Echo Requests against the target.
--packet-trace Shows all packets sent and received.
@santosadrian
santosadrian / scratch_22.py
Created February 5, 2020 08:13
"Example" 22
"""
There worn't be any code in this exercise or the next one, so there's no What You Should See or Study Drills either.
In fact, this exercise is like one giant Study drills. I'm going to have you do a review of what you have learned
so far.
First, go back through every exercise you have done so far and write down every word and symbol (another name for
"character" that you have used.
Make sure your list of symbols is complete,
Next to each word or symbol, write its name and what it does. If you can't find a name for a symbol in this book,
@santosadrian
santosadrian / scratch_21.py
Created February 5, 2020 06:12
Example 21
def add(a, b):
print(f"ADDING {a} + {b}")
return a + b
def subtract(a, b):
print(f"SUBTRACTING {a} - {b}")
return a - b
@santosadrian
santosadrian / scratch_20.py
Created February 5, 2020 05:51
Example 20.1
from sys import argv # from module sys import object named argv
script, input_file = argv # set the variables from command line
def print_all(f): # defines variable that is a file and a function object ???
print(f.read()) # what do the function, prints all that is written in (f)ile
def rewind(f: object) -> object: # defines function
@santosadrian
santosadrian / scratch_20.py
Created February 4, 2020 16:54
Example 20 commented out
from sys import argv # from module sys import object named argv
script, input_file = argv # set the variables from command line
def print_all(f): # defines variable that is a file and a function object ???
print(f.read()) # what do the function, prints all that is written in (f)ile
def rewind(f: object) -> object: # defines function