SQL Cheatsheet

Generic Update field UPDATE table_name SET column1 = value1, column2 = value2, ... WHERE condition; Single-line comment -- stuff to comment out Multi-line comment /** stuff to comment out **/ Delete the last n rows from a table DELETE FROM `table` WHERE `table`.`tableID` in (SELECT TOP 500 tableID FROM table ORDER BY tableID…

Modernizing Techvomit

In case it wasn't obvious, this site runs on Ghost. I made this decision a couple of years ago on a 4 hour plane ride when I was bored, and wanted to kill two birds with one stone: start learning how some of the AWS services worked, and get a…

AWS Stuff

This contains various commands and information that I find useful for AWS work. UI Backup instance manually Go to your instance Right click and select Image from the dropdown Click Create Image Give your backup a name and description Click No reboot if you want your instance to stay in…

Web Application Penetration Testing Notes

XXE Once you've intercepted the POST to the vulnerable page, see if you can get the system to do what it would normally, but with entities: <?xml version="1.0"?> <!DOCTYPE a [ <!ENTITY test "THIS IS A STRING!"> ]> <methodCall&…

Docker login dangers

Vulnerability During a recent engagement, I was doing some post exploitation work on a container once I had gotten root (looking for reused ssh keys and the like for lateral movement). After some time, I happened upon this file: /root/.docker/config.json and was rewarded with base64 encoded credentials.…