Penetration Testing Payloads

https://github.com/payloadbox

• SQL Injection Payload
• SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

• XSS Payload
• XXE Payload
• Command Injection Payload
• Open-redirect Payload
• RFI-LFI Payload

XML Elements

 

XSLT and XPath - W3Schools

• XSL (eXtensible Stylesheet Language) is a styling language for XML.
• XSLT stands for XSL Transformations.
• XSLT is a language for transforming XML documents.
• XPath is a language for navigating in XML documents.
• XQuery is a language for querying XML documents.

XSL

> Extensible Stylesheet Language

> CSS is the style sheet for HTML

> XLS is the stylesheet for XML (In fact it is more than a stylesheet)

XSL consists of four parts:

• XSLT - a language for transforming XML documents
• XPath - a language for navigating in XML documents
• XSL-FO - a language for formatting XML documents (discontinued in 2013)
• XQuery - a language for querying XML documents

XSLT

• XSLT stands for XSL Transformations
• XSLT transforms an XML document into another XML document
• XSLT uses XPath to navigate in XML documents

XSLT is used to transform an XML document into another XML document, or another type of document that is recognized by a browser, like HTML and XHTML. Normally XSLT does this by transforming each XML element into an (X)HTML element.

A common way to describe the transformation process is to say that XSLT transforms an XML source-tree into an XML result-tree.

With XSLT you can add/remove elements and attributes to or from the output file. You can also rearrange and sort elements, perform tests and make decisions about which elements to hide and display, and a lot more.

Maven - Introduction / Maven.apache.org

Maven is a build automation tool used primarily for Java projects. Maven can also be used to build and manage projects written in C#, Ruby, Scala, and other languages. The Maven project is hosted by the Apache Software Foundation, where it was formerly part of the Jakarta Project. Wikipedia

Maven is a Java tool, so you must have Java installed in order to proceed.

Running this on Ubuntu, shows mvn is already installed. [This was installed because we ran this command previously

curl -O https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/8.4.0.jre14/mssql-jdbc-8.4.0.jre14.jar

]

abc@ubuntu:~/src/connector$ mvn --version

Apache Maven 3.5.2 (138edd61fd100ec658bfa2d307c43b76940a5d7d; 2017-10-18T18:58:13+11:00)
Maven home: /home/abc/bin/apache-maven-3.5.2
Java version: 14.0.1, vendor: Oracle Corporation
Java home: /home/abc/bin/jdk-14.0.1
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "5.4.0-45-generic", arch: "amd64", family: "unix"

Git command reference (Launchschool)

CommandDescription

• git status Run this command any time and often to check on the status of the files in the git repository.
• git add This command stages changed files, readying them to be wrapped into the next commit.
• git commit This command commits staged files, wrapping them into a commit. A historical record of commits is what we refer to as a codebase's version or commit history.
• git log View the repository's commit history.

These are common Git commands used in various situations:

start a working area (see also: git help tutorial)

   clone             Clone a repository into a new directory

   init              Create an empty Git repository or reinitialize an existing one

work on the current change (see also: git help everyday)

   add               Add file contents to the index

   mv                Move or rename a file, a directory, or a symlink

   restore           Restore working tree files

   rm                Remove files from the working tree and from the index

   sparse-checkout   Initialize and modify the sparse-checkout

examine the history and state (see also: git help revisions)

   bisect            Use binary search to find the commit that introduced a bug

   diff              Show changes between commits, commit and working tree, etc

   grep              Print lines matching a pattern

   log               Show commit logs

   show              Show various types of objects

   status            Show the working tree status

grow, mark and tweak your common history

   branch            List, create, or delete branches

   commit            Record changes to the repository

   merge             Join two or more development histories together

   rebase            Reapply commits on top of another base tip

   reset             Reset current HEAD to the specified state

   switch            Switch branches

   tag               Create, list, delete or verify a tag object signed with GPG

collaborate (see also: git help workflows)

   fetch             Download objects and refs from another repository

   pull              Fetch from and integrate with another repository or a local branch

   push              Update remote refs along with associated objects

'git help -a' and 'git help -g' list available subcommands and some

concept guides. See 'git help <command>' or 'git help <concept>'

to read about a specific subcommand or concept.

See 'git help git' for an overview of the system.

================================

abc@ubuntu:~/src/git_basics/.git$ git remote

origin

abc@ubuntu:~/src/git_basics/.git$ git remote -v

origin https://github.com/nvijaysudhakar/my-test-repository.git (fetch)

origin https://github.com/nvijaysudhakar/my-test-repository.git (push)

abc@ubuntu:~/src/git_basics/.git$ git remote rm

usage: git remote remove <name>

abc@ubuntu:~/src/git_basics/.git$ git remote remove origin

abc@ubuntu:~/src/git_basics/.git$ 

==================================

Examples

========

abc@ubuntu:~/src$ 

abc@ubuntu:~/src$ 

abc@ubuntu:~/src$ mkdir git_basics

abc@ubuntu:~/src$ cd git_basics

abc@ubuntu:~/src/git_basics$ ll

total 8

drwxrwxr-x 2 abc abc 4096 Aug 31 21:10 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

abc@ubuntu:~/src/git_basics$ echo '# README #' > README.md

abc@ubuntu:~/src/git_basics$ ll

total 12

drwxrwxr-x 2 abc abc 4096 Aug 31 21:10 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ echo '# LICENSE #' > LICENSE.md

abc@ubuntu:~/src/git_basics$ ll

total 16

drwxrwxr-x 2 abc abc 4096 Aug 31 21:10 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

-rw-rw-r-- 1 abc abc   12 Aug 31 21:10 LICENSE.md

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ git init

Initialized empty Git repository in /home/abc/src/git_basics/.git/

abc@ubuntu:~/src/git_basics$ ll

total 20

drwxrwxr-x 3 abc abc 4096 Aug 31 21:10 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

drwxrwxr-x 7 abc abc 4096 Aug 31 21:10 .git/

-rw-rw-r-- 1 abc abc   12 Aug 31 21:10 LICENSE.md

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ touch .gitignore

abc@ubuntu:~/src/git_basics$ ll

total 20

drwxrwxr-x 3 abc abc 4096 Aug 31 21:11 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

drwxrwxr-x 7 abc abc 4096 Aug 31 21:10 .git/

-rw-rw-r-- 1 abc abc    0 Aug 31 21:11 .gitignore

-rw-rw-r-- 1 abc abc   12 Aug 31 21:10 LICENSE.md

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ ll

total 24

drwxrwxr-x 3 abc abc 4096 Aug 31 21:11 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

drwxrwxr-x 7 abc abc 4096 Aug 31 21:10 .git/

-rw-rw-r-- 1 abc abc   43 Aug 31 21:11 .gitignore

-rw-rw-r-- 1 abc abc   12 Aug 31 21:10 LICENSE.md

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ git status

On branch master

No commits yet

Untracked files:

  (use "git add <file>..." to include in what will be committed)

.gitignore

LICENSE.md

README.md

nothing added to commit but untracked files present (use "git add" to track)

abc@ubuntu:~/src/git_basics$ git add .gitignore

abc@ubuntu:~/src/git_basics$ ll

total 24

drwxrwxr-x 3 abc abc 4096 Aug 31 21:11 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

drwxrwxr-x 7 abc abc 4096 Aug 31 21:12 .git/

-rw-rw-r-- 1 abc abc   43 Aug 31 21:11 .gitignore

-rw-rw-r-- 1 abc abc   12 Aug 31 21:10 LICENSE.md

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ git status

On branch master

No commits yet

Changes to be committed:

  (use "git rm --cached <file>..." to unstage)

new file:   .gitignore

Untracked files:

  (use "git add <file>..." to include in what will be committed)

LICENSE.md

README.md

abc@ubuntu:~/src/git_basics$ git add LICENSE.md

abc@ubuntu:~/src/git_basics$ git status

On branch master

No commits yet

Changes to be committed:

  (use "git rm --cached <file>..." to unstage)

new file:   .gitignore

new file:   LICENSE.md

Untracked files:

  (use "git add <file>..." to include in what will be committed)

README.md

abc@ubuntu:~/src/git_basics$ git add README.md

abc@ubuntu:~/src/git_basics$ git status

On branch master

No commits yet

Changes to be committed:

  (use "git rm --cached <file>..." to unstage)

new file:   .gitignore

new file:   LICENSE.md

new file:   README.md

abc@ubuntu:~/src/git_basics$ git commit -m 'Add first project files'

[master (root-commit) 81bb26c] Add first project files

 3 files changed, 4 insertions(+)

 create mode 100644 .gitignore

 create mode 100644 LICENSE.md

 create mode 100644 README.md

abc@ubuntu:~/src/git_basics$ git status

On branch master

nothing to commit, working tree clean

abc@ubuntu:~/src/git_basics$ git log

commit 81bb26c447474fb8cba25e5fd91b0bb425822a79 (HEAD -> master)

Author: Maya Angelou <MayaAngelou@poets.com>

Date:   Mon Aug 31 21:13:52 2020 +1000

    Add first project files

abc@ubuntu:~/src/git_basics$ 

Git Cheat Sheet (Ruby Garage)