Ingres SQL Injection Cheat Sheet
Ingres seems to be one of the less common database backends for web applications, so I thought it would be worth installing it and making some notes to make my next Ingres-based web app test a little...
View ArticleDB2 SQL Injection Cheat Sheet
Finding a SQL injection vulnerability in a web application backed by DB2 isn’t too common in my experience. When you do find one, though it pays to be prepared… Below are some tabulated notes on how...
View ArticlePostgres SQL Injection Cheat Sheet
Some useful syntax reminders for SQL Injection into PostgreSQL databases… This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to tabulate the data to make it...
View ArticleMySQL SQL Injection Cheat Sheet
Some useful syntax reminders for SQL Injection into MySQL databases… This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to tabulate the data to make it easier...
View ArticleOracle SQL Injection Cheat Sheet
Some useful syntax reminders for SQL Injection into Oracle databases… This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to tabulate the data to make it...
View ArticleMSSQL Injection Cheat Sheet
Some useful syntax reminders for SQL Injection into MSSQL databases… This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to tabulate the data to make it easier...
View ArticleInformix SQL Injection Cheat Sheet
Some useful syntax reminders for SQL Injection into Informix databases… Below are some tabulated notes on how to do many of thing you’d normally do via SQL injection. All tests were performed on...
View ArticleJohn The Ripper Hash Formats
John the Ripper is a favourite password cracking tool of many pentesters. There is plenty of documentation about its command line options. I’ve encountered the following problems using John the...
View ArticleSSH Cheat Sheet
SSH has several features that are useful during pentesting and auditing. This page aims to remind us of the syntax for the most useful features. NB: This page does not attempt to replace the man page...
View ArticleReverse Shell Cheat Sheet
If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account /...
View Article