Now you can access any block site, by your mozilla browser
1). The mysql client program enables you to send queries to the MySQL server and receive their results. It can be used interactively or it can read query input from a file in batch mode.
2). Interactive mode is useful for day-to-day usage, for quick one-time queries, and for testing how queries work.
3). Batch mode is useful for running queries that have been prewritten and stored in a file. It’s especially valuable for issuing a complex series of queries that’s difficult to enter manually, or queries that need to be run automatically by a job scheduler without user intervention.
4). mysql interactively from the command line syntax : mysql -uuser_name -p -hhost_name
5). We can also provide a database name to select that database as the default database: mysql -uuser_name -p -h host_name db_name
6). We can run multiple query in a single line in MySQL : SELECT DATABASE(); SELECT VERSION();
7). When we dont end the mysql statement by “;”, then mysqlchanges the prompt from mysql> to -> to give you feedback that it’s still waiting to see the end of the statement.
8). If you change your mind about a statement that you’re composing, enter\c andmysql will cancel the statement and return you to a new mysql> prompt.
9). To quit mysql, use\q, QUIT, or EXIT.
10). We can execute a statement directly from the command line by using the -e or –execute option:
mysql -e “SELECT VERSION()”
mysql -e “SELECT DATABASES”
11). No statement terminator is necessary unless the string following-e consists of multiple statements. In that case, separate the statements by semicolon characters:
mysql -e “SHOW DATABASES; SELECT VERSION();”
12). You may use any of several terminators to end a statement. Two terminators are the semicolon character (‘;’) and the ‘\g’ sequence. They’re equivalent and may be used interchangeably:
SELECT VERSION(), DATABASE();
SELECT VERSION(), DATABASE()\g
13). The\G sequence also terminates queries, but causesmysql to display query results in a vertical style that shows each output row with each column value on a separate line.
SELECT VERSION(), DATABASE()\G
14). Meaning of Prompt :
mysql> Ready for new statement
-> Waiting for next line of statement
‘> Waiting for end of single-quoted string
“> Waiting for end of double-quoted string or identifier
`> Waiting for end of backtick-quoted identifier
/*> Waiting for end of C-style comment
15). The mysql>prompt is the main (or primary) prompt. It signifies that mysqlis ready for you to begin entering a new statement. The other prompts are continuation (or secondary) prompts.
16). mysqlsupports input-line editing, which enables you to recall and edit input lines.
17). mysqlalso supports tab-completion to make it easier to enter queries. With tab-completion, you can enter part of a keyword or identifier and complete it using the Tab key. This feature is supported on Unix only.
18). An input file containing SQL statements to be executed is known as a “script file” or a “batch file.”
19). One way to process a script file is by executing it with aSOURCEcommand from within mysql:
20). The other way to execute a script file is by naming it on themysql command line.
shell> mysql db_name <input_file
21). If a statement in a script file fails with an error,mysql ignores the rest of the file. To execute the entire file regardless of whether errors occur, invokemysqlwith the –force or -f option.
22). A script file can containSOURCEcommands to execute other files, but be careful not to create a SOURCEloop. For example, if file1contains a SOURCE file2command, file2should not contain a SOURCE file1command.
23). By default,mysql produces output in one of two formats:
a). When invoked interactively,mysql displays query output in a tabular format that uses bars and dashes to display values lined up in boxed columns.
b). When you invokemysql with a file as its input source on the command line,mysql runs in batch mode with query output displayed using tab characters between data values.
24). To override the default output format, use these options:
a). –batch or -B : Produce batch mode (tab-delimited) output, even when running interactively.
b). –table or -t : Produce tabular output format, even when running in batch mode.
25). To select an output format different from either of the default formats, use these options:
a). –html or -H : Produce output in HTML format.
b). –xml or -X : Produce output in XML format.
26). STATUS : Displays information about the current connection to the server, as well as status information about the server itself.
27). To get all the list of MySQL Commands :
28). mysqlcommands have both a long form and a short form. The long form is a full word (such asSOURCE, STATUS, or HELP). The short form consists of a backslash followed by a single character (such as\., \s, or \h). The long forms may be given in any lettercase. The short forms are case sensitive.
29). Unlike SQL statements,mysqlcommands cannot be entered over multiple lines. For example, if you issue aSOURCEinput_filecommand to execute statements stored in a file, input_filemust be given on the same line asSOURCE. It cannot be entered on the next line.
30). Themysql program can access server-side help. That is, you can perform lookups in the MySQL Reference Manualfor a particular topic, right from themysql>prompt. The general syntax for accessing server-side help is HELP keyword. To display the topmost entries of the help system, use thecontents keyword:
mysql> HELP contents;
mysql> HELP STATUS;
mysql> HELP SHOW;
29). It’s possible to inadvertently issue statements that modify many rows in a table or that return extremely large result sets. The –safe-updates option helps prevent these problems.
1). Git is a distributed version control system.
2). The core of Git was originally written in the programming language C but Git has also been re-implemented in other languages, e.g. Java, Ruby and Python.
3). Bare repositories are used on servers to share changes coming from different developers
4). Non-bare repositories allow you to create new changes through modification of files and to create new versions in the repository
5). If you want to delete a Git repository, you can simply delete the folder which contains the repository.
6). Users with sufficient authorization can push changes from their local repository to remote repositories. They can also fetch or pull changes from other repositories to their local Git repository.
7). Git supports branching which means that you can work on different versions of your collection of files. A branch separate these different versions and allows the user to switch between these version to work on them.
8). For example if you want to develop a new feature, you can create a branch and make the changes in this branch without affecting the state of your files in another branch.
9). The user works on a collection of files which may originate from a certain point in time of the repository. The user may also create new files or change and delete existing ones. The current collection of files is called the working tree.
10). You need to mark changes in the working tree to be relevant for Git. This process is called staging or to add changes to the staging area.
11). You add changes in the working tree to the staging area with the git add command. This command stores a snapshot of the specified files in the staging area.
12). The git add command allows you to incrementally modify files, stage them, modify and stage them again until you are satisfied with your changes.
13). For committing the staged changes you use the git commit command.
14). If you commit changes to your Git repository, you create a new commit object in the Git repository. This commit object is addressable via a SHA-1 checksum. This checksum is 40 bytes long and is a secure hash of the content of the files, the content of the directories, the complete history of up to the new commit, the committer and several other factors.
15). The commit object points via a tree object to the individual files in this commit. The files are stored in the Git repository as blob objects and might be packed by Git for better performance and more compact storage. Blobs are addressed via their SHA-1 hash.
16). HEAD : HEAD is a symbolic reference most often pointing to the currently checked out branch.Sometimes the HEAD points directly to a commit object, this is called detached HEAD mode. In that state creation of a commit will not move any branch.
17). Repository : A repository contains the history, the different versions over time and all different branches and tags.
18). Revision : Represents a version of the source code. Git implements revisions as commit objects (or short commits).
19). Tags : A tag points to a commit which uniquely identifies a version of the Git repository.
20). File states in Git
a). untracked: the file is not tracked by the Git repository, this means it was neither staged, i.e. added to the staging
area nor committed
b). tracked: committed and not staged
c). staged: staged to be included in the next commit
d). dirty / modified: the file has changed but the change is not staged
21). You can use ^ (caret) and ~ (tilde) to reference predecessor commits objects from other references. Predecessor commits are sometimes also called parent commits. You can combine the ^ and ~ operators.
22). Install git on Ubuntu : sudo apt-get install git
23). Git allows you to store global settings in the .gitconfig file located in the user home directory. Git stores the committer and author of a change in each commit. This and additional information can be stored in the global settings.
24). In each Git repository you can also configure the settings for this repository. Global configuration is done if you include the –global flag, otherwise your configuration is specific for the current Git repository.
25). You can also setup system wide configuration. Git stores theses values is in the /etc/gitconfig file, which contains the configuration for every user and repository on the system. To set this up, ensure you have sufficient rights, i.e. root rights, in your OS and use the –system option.
26). User Configuration :
# configure the user which will be used by git
# Of course you should use your name
git config –global user.name “Example Surname”
# Same for the email address
git config –global user.email “firstname.lastname@example.org”
27). Push configuration : The following command configure Git so that the git push command pushes only the active branch (in case it is connected to a remote branch, i.e.configured as remote tracking branches) to your Git remote repository. As of Git version 2.0 this is the default and therefore it is good practice to configure this behavior.
# set default so that only the current branch is pushed
git config –global push.default simple
# alternatively configure Git to push all matching branches
# git config –global push.default matching
28). Avoid merge commits for pulling : If you pull in changes from a remote repository, Git by default creates merge commits if you pull in divergent changes. This may not be undesired and you can avoid this via the following setting.
# set default so that you avoid unnecessary commits
git config –global branch.autosetuprebase always
29). Color Highlighting : The following commands enables color highlighting for Git in the console.
git config –global color.ui true
git config –global color.status auto
git config –global color.branch auto
30). Every Git repository is stored in the .git folder of the directory in which the Git repository has been created. This directory contains the complete history of the repository. The .git/config file contains the configuration for the repository. All files inside the repository folder excluding the .git folder are the working tree for a Git repository.
31). The following command creates a Git repository in the current directory.
# Initialize the Git repository
# for the current directory
32). The git status command shows the working tree status, i.e. which files have changed, which are staged and which are not part of the staging area. It also shows which files have merge conflicts and gives an indication what the user can do with these changes, e.g. add them to the staging area or remove them, etc.
33). # add all files to the index of the
# Git repository
git add .
34). After adding the files to the Git staging area, you can commit them to the Git repository. This creates a new commit object with the staged changes in the Git repository and the HEAD reference points to the new commit. The -m parameter allows you to specify the commit message. If you leave this parameter out, your default editor is started and you can enter the message in the editor.
35). Looking at the result : The Git operations you performed have created a local Git repository in the .git folder and added all files to this repository via one commit. Run the git log command
36). You can use the git rm command to delete the file from your working tree and record the deletion of the file in the staging area.
git rm nonsense2.txt
37). To remove the added file from the git repo : git commit -a -m “File nonsense.txt is now removed”
38). The git –amend command makes it possible to replace the last commit. This allows you to change the last commit including the commit message.
# assume you have something to commit
git commit -m “message with a tpyo here”
git commit –amend -m “More changes – now correct”
39). A remote repository on a server typically does not require a working tree. A Git repository without a working tree is called a bare repository. You can create such a repository with the –bare option. The command to create a new empty bare remote repository is displayed below.By convention the name of a bare repository should end with the .git extension.
# create a bare repository
git init –bare
Step by step Git commands:
1). git init –bare : Create a bare repositary on remote server
2). git clone “path of the server repo” : For cloning the repositary on local system
3). cd “name of repo” : Change the directory to the repo directory
4). gedit file1.php : create a file in local repo
5). git add file1.php : Adding the file into the staging
6). git commit -m “Messgae” : Commiting the file on the staging server
7). git push origin master : Final Commiting the file in the branch
8). git config –list : List all the configuration of the git
9). git rm <filename> : To remove the file from git repo.
10). git status : To get the status of the git
11). git log : To get all the log details of git commit
12). git config –global <variable_name> “Value” : To set the variable in global. We can get all the varibale list using “git config –list”
Step by Step Branch Creation/Operation :
1). To list all the branch
git branch : To list the local branch
git branch -a : To list all the branch (Remote and Local)
git branch -r : To list only the remote branch
git ls-remote : To list remote branches
git remote show origin : List all the branches of the remote with some extra information
git remote : Show all the remote repo
2). git brach “New Branch name” : To create a new branch in git repo
3). git push origin “New Branch Name” : To commit the branch on server
4). git checkout “New Branch Name” : To checkout the new branch
5). git merge “New Brach Name” : For merging the two branches. Do the “push” operation after merging.
6). git branch -m “Old Branch” “New Branch” : Renaming the branch, it will rename the branch name locally.
7). git push origin <new branch name>:master : Pushing the content into master branch from new branch.
8). To Delete branch from server :
git push origin –delete <branchName> ‘OR’
git push origin :<branchName>
9). git diff master your_branch : To get the difference between two branches
10). git fetch origin : Fetches all the objects from the remote repository that are not present in the local one
11). git pull : Fetch all the files from the repo. (git fetch + git merge)
12). git show : Shows information about a git object.
13). git ls-tree <branch name>: List the files with their SHA1 values.
14). git log –since=”01/07/2013″ –until=”31/07/2013″ : Date Between Log
15). git whatchanged –since=”01/07/2013″ –until=”31/07/2013″ : Changed Log
- Newer include, require, or otherwise open a file with a filename based on user input.
- Be careful with eval()
- Be careful when using register_globals = ON
- Never run unescaped queries
- For protected areas, use sessions or validate login every time
- Types of attack for PHP : XSS, CSRF, SQL Injection, Local and Remote File Inclusion, File Uploads
- Disable all the errors reporting and set display errors to OFF.
- Allways set the expose_php = OFF in php.ini, it hides the PHP version information.
- To get the php version of website : curl -I http://www.cyberciti.biz/index.php
- Disallow Uploading Files if users are not uploading the files in php.ini.
- Turn Off Remote Code Execution : Always set the allow_url_fopen=Off
- Always sets the sql.safe_mode=On
- Always sets the magic_quotes_gpc=Off
- Control POST Size : Always sets the post_max_size=1K to minimum to avoid the POST requests to eat your system resources
- Resource Control (DoS Control) : You can set maximum execution time of each php script, in seconds
- max_execution_time = 30
- max_input_time = 30
- memory_limit = 40M
- Disabling Dangerous PHP Functions :
- disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
- Limit PHP Access To File System : Set the open_basedir=”/var/www/html/” to avoid users to access other parts of the server.
- Restrict File and Directory Access : Make sure you run Apache as a non-root user such as Apache or www. All files and directory should be owned by non-root user (or apache user) under /var/www/html:
- chmod -R 0444 /var/www/html/
- chown -R apache:apache /var/www/html/
- Make sure all directories permissions are set to 0445 under /var/www/html/
- # set in seconds
Boot from live CD/USB. Open terminal emulator and start: get name of your linux partition: sudo fdisk -l | egrep '83[ \t]*Linux' for example it outputs: /dev/sda1 mount it and chroot into it: sudo mount /dev/sda /mnt chroot /mnt restore grub loader: update-grub grub updater will detect list of installed OSes automatically. After that you just need to reboot. Incase of cannot find a device error: mount --bind /dev /mnt/dev chroot /mnt
1). Check the Network Latency by traceroute command 2). Check the robot.txt using the site http://www.sxw.org.uk/computing/robots/check.html 3). Apache Bech for testing the performace of Apache Server : Command: ------------- ab -kc 10 -t30 URL/ The above command tells Apache Bench to Make 10,000 connections, use the HTTP "keep alive" feature of Apache, and wait for a maximum of 30 seconds for a response from the server. The output contains various figures. 4). Check the Memory Usage : fire the "top" command to check the memory usage 5). Move the extra services, mail servers such as "postfix" on the different server to speed up the performance. 6). Use ps-aux | sort -u and netstat -anp | sort -u to check the processes and their resources consuptions. 7). Remove the unused module from the server. 8). Configure apache for Optimum Performance
- nmap.org : Nmap And Zenmap
- nessus.org : Nessus
- Nikto2 : Open Source
- Acunetix WVS : http://www.acunetix.com/
- AppScan : http://www-01.ibm.com/software/rational/offerings/websecurity/
- Burp Suite : http://www.portswigger.net/suite/
- GamaScan : http://www.gamasec.com/Gamascan.aspx
- Grabber : Open Source : http://rgaucher.info/beta/grabber/
- Grendel-Scan : Open Source : http://sourceforge.net/p/grendel/code/ci/c59780bfd41bdf34cc13b27bc3ce694fd3cb7456/tree/
- Hailstorm : http://www.cenzic.com/
- IKare : http://www.ikare-monitoring.com/
- N-Stealth : http://www.nstalker.com/
- Netsparker : http://www.mavitunasecurity.com/
- NeXpose : http://www.rapid7.com/products/nexpose-community-edition.jsp
- NTOSpider : http://www.ntobjectives.com/ntospider
- ParosPro : http://www.milescan.com/hk/
- QualysGuard : http://www.qualys.com/products/qg_suite/was/
- Retina : http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx
- ScanDo : http://www.kavado.com/
- SecurityQA Toolbar : https://www.isecpartners.com/SecurityQAToolbar.html
- Securus : http://www.orvant.com/
- SecPoint Penetrator : https://www.secpoint.com/penetrator.html
- Sentinel : http://www.whitehatsec.com/home/services/services.html
- Vega : Open Source : http://www.subgraph.com/products.html
- Wapiti : Open Source : http://wapiti.sourceforge.net/
- WebApp360 : http://www.ncircle.com/index.php?s=products_webapp360
- WebInspect : https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__
- OpenVAS : Open Source : http://www.openvas.org/
- WebKing : http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=86
- Trustkeeper Scanner : https://www.trustwave.com/external-vulnerability-scanning.php
- WebScanService : http://www.german-websecurity.com/en/products/webscanservice/product-details/overview/
- Wikto : Open Source : http://www.sensepost.com/research/wikto/
- N-Stalker : http://nstalker.com/products/free
- Skipfish : http://code.google.com/p/skipfish/
- Scrawlr : http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx
- Watcher : http://websecuritytool.codeplex.com/
- x5s : http://xss.codeplex.com/
- Exploit-Me : http://labs.securitycompass.com/index.php/exploit-me/
- WebScarab : http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
- cd /tmp/
- wget http://www.eng.lsu.edu/mirrors/apache/lucene/solr/4.4.0/solr-4.4.0.zip
- unzip solr-4.4.0.zip
- mv solr-4.4.0 apache-solr
- cp -r apache-solr /usr/share/apache-solr
- cd apache-solr/example
- java -jar start.jar
- Open the Admin Page : http://localhost:8983/solr/admin