# Comandos ## Módulo 9 [SQL Injection] AppliesTo=.asp,.aspx DenyDataSection=SQL Injection Strings ScanUrl=0 ScanAllRaw=0 ScanQueryString=1 ScanHeaders=0 [SQL Injection Strings] \-\- ;%3b ; a semicolon /* @ ; also catches @@ char ; also catches nchar and varchar alter begin cast convert create cursor declare delete drop end exec ; also catches execute fetch insert kill open select sys ; also catches sysobjects and syscolumns table update ## Módulo 10 USE MASTER; GO CREATE MASTER KEY ENCRYPTION BY PASSWORD='Passw00rdCND' GO CREATE CERTIFICATE CND WITH  SUBJECT='CERTIFIED NETWORK DEFENCE'; GO USE [CNDAccess] GO CREATE TABLE empdata (Empid nvarchar(50) NOT NULL, Empname nvarchar(50) NULL, CONSTRAINT [PK_empdata] PRIMARY KEY CLUSTERED(Empid)); GO INSERT INTO empdata (Empid, Empname) VALUES(1,'john'); INSERT INTO empdata (Empid, Empname) VALUES(2,'Martin'); INSERT INTO empdata (Empid, Empname) VALUES(3,'Alice'); INSERT INTO empdata (Empid, Empname) VALUES(4,'Bob'); INSERT INTO empdata (Empid, Empname) VALUES(5,'Cherry'); Create Database Encryption Key with Algorithm = AES_256  Encryption by Server Certificate CND; GO Alter Database CNDAccess SET ENCRYPTION ON; GO Use MASTER select * from sys.certificates; Select encryption_state, percent_complete, encryptor_type, * from sys.dm_database_encryption_keys -----BEGIN PGP PUBLIC KEY BLOCK----- mQENBGNqVQoBCACo00Pwtr/75+PoJs8UlOqVc3zSj2FoAlz8tvhkKvUgRwA84VvF lq5Nq6RGYu7YHYBbvBP3KUbVM5vyGu6e3TG9dD747zF2lSzSgujdmq670fqIO5Q5 eoGb4NHr9J0C/nVZybzrXSYrNqtcKarjCZ2WKker48yhtWFF50hqZmAAUZD0lMgE Oni6+5ENVzG5d75bLibTk4gjpi5A8fOR6jyJqmmWlhLf8N0eqqaeu/i6AuVe2lkh jHKiKlE5KBiqiIFuzM6RL1y5yUKBiYksUCunqPHshcIeRQ3CcaLsdp1ne9XTSj8B pRgGZFqzVywWG1rf2jcjjI2olGCBsMbb/vC9ABEBAAG0H0NORCBVc2VyIDIgPGNu ZHVzZXIyQGdtYWlsLmNvbT6JAU4EEwEIADgWIQS76WduDRVbzRJdEuDNO6mqfjU8 RAUCY2pVCgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDNO6mqfjU8RCiz B/9HqWIt46J1W5/EANBWA6vw7rDTrZRVBIgHVv7OPZ3c4u0k94iEZSiw63GmM3Ds jbA/Q2Cs1+ga8e91177ofARbhUKa0ylhItZnVbXfl1HTqTaZy1ZHj3VYS8BVLJCH Dg/N8z0wRT2AO31dsTkorp4te1BYxDtS2IrIai6wpIfmvNj/veBSBM4QZU8pK37A sB+JoPSvq6SiC/g+KrVh18W80vY9eNe8svO4Q40V0AswqUDkzuyt5xyFgspVGxGm 1Ixct9r4F25GbkkFJ36/l1CHerZxbfKdJFaWFnQ8nN/qaixcbr5/BZ9zyM0xMr5U uiQCERlVnwrBGKIB6cSn0ypuuQENBGNqVQoBCACswTPB5uoLDuuv+KbzsrFzH1Se dVZ/ZccFIiwze/e667VY0kEC2av3dfBpuyD4zv/TKds392lLgKJKv1SnHhijeD1S +FULyYGK1L0OPYMjBAa05xwuRk5pYfVN35fiBCjNy0NzCJloLCH1CXLKLubdhxjM wqsXqDba7ycU/2/j5uQd4mxoqTAvxMJhUTbm6A6L6ZUpVpC9seZrAyUbFK7/ICZG /qlGIwgdL47RuBHhH1QDakuFM5rVu/tXRIXZ9+8cSHGw21rEUa7f+ntUC5b+JFRt ZWr4p25vNZuu9Lu0QCwfbOOcWyQV1HFB0szdAT52xVodF3reu3nfq+XfxFnvABEB AAGJATYEGAEIACAWIQS76WduDRVbzRJdEuDNO6mqfjU8RAUCY2pVCgIbDAAKCRDN O6mqfjU8RK36B/9NiMcq0HgfkOJ0SA258DhIL0maPR1X+64KOOLszHzd/Fj7s6YZ 0+FnZCJvqZjCREonMhYnfdqqARkVOY/Xqk6Axthu8MWnqifQnKF2cAvl2agTrwid ORfuLaW9tXTLEVHekxP40VKCmi45qA04Yg/YTqmOZt2Uos/Eb2+1EfdfoS3Lue4g fw6OXO4nW0T4oelThdeNA500A/qvLSbmjWNx4JAitrY9JVZL/DCzrz6fHXwrBeCz bCysQKlR7PV6MjiK4Q6k8gSYOK5mSP+9zO88CpTdlaDmTSQARfqZM+m4I1fektG0 zSgHHw89EjLtXldgedskQ7AG9YVVih6799F5 =Alue -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- mQENBGNqoDgBCADCGNaxS7oH231/bWBwU4qM7RoIj1pj8SoTC8U+70V+QPWb1JB3 8UJWf2OwKaUfWkn/sfiP5+IjsQzJQ6av9w2IWk76jj4N8XXWTLpqDVkTfij1kShA m6bE/TIZl6NPWjVSr/73cKDaDsfobYpHH4EexYAgqhVEkK9hfLpOMCOHYpbwPDg6 RolyOj/V8DhigrT47dGOQ6eszatGrc7+Esjy3SKH2cMSi+KERyOQnLJKn0ECHAJZ XfEyptRSDVSHgkujyz9U469w96lYBVCJEXWO5iuL2kkOoHVxJp67lo1/xO1uz6Rl A6979aaM0SRzPGm9KOh/3GUiZYNkLhdV214xABEBAAG0JU5pbHNvbiBTYW5neSA8 bmlsc29uLnNhbmd5QGdtYWlsLmNvbT6JAU4EEwEIADgWIQRO6NGYr803hZxgeUxv sGwR5j/3qAUCY2qgOAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBvsGwR 5j/3qJc6CACtbS8HBkZi8Suq56xu4SuDRO/jlfb56+TIxatPoDYPgTIHY/HSYFgX jhVz/VTEOXue0lxrXDlwDAJ+qfOJaTzRE7hrVteJwnfSf6RO93BIo6mmRiDsJkXy Viw5LuLGZ0+oW6nOy6z2cmpWkflOrnAXTReX6uAyhzpSI2oQQABCxW8Yw5sk+X3x T9NJepSkfcK5K6fwAOkBHQJtCQ7uFOdeV0sAssr/SFVIiCkEDTL34p/dR8N2G+hK ickiBkQeq3qrNkbIZAnOjUIgkHy021mrnFNb6WOOfTFwUVvmOZaQ8RyFrtUCAGsn UNzt/CE9fLOfCMiTA7nZ2qnE0ZPW8EcxuQENBGNqoDgBCADsQV+JyyEOmF5FNDIa NgLIGSAWU9ld+qM5lu5wHf2anwDlTz7DvI4v7IrM4fjmp00XvhD5yu84pMBBhw6p 0ouQnsF/pnIA9ovJ2hnRrnFTXnsyQYJm+37koJXz1czP6ouw2QTh5K0yz2MmhHS2 Qdenr5mVLayKXsKrmUIKvLsgq3DvTiPY4HQ9h+t/jpMmxbXID6zwGYoT7eabzhFT KM9iXGCfB9epYvI/gdwy1llozXTp0NY11MesacA+zTRIGzMltZPfVEoQ5aOblVz0 2bCYoRjsWgaqOeWZJMNZ1SEovRyGVLPXUu0Oy25bZkN+R73luHechuDEiDSLx/5h 35lVABEBAAGJATYEGAEIACAWIQRO6NGYr803hZxgeUxvsGwR5j/3qAUCY2qgOAIb DAAKCRBvsGwR5j/3qOrMB/407/OMmo/u731vLlfO7WQwY+OLARGeKiNgD1m1sQDy Kfugoj8wjKsiFdW9OfR8gphOMpIG9/o76quWNL6pIrHJAuXUyLi0U+nNw5gd4qHV G1s2JchSpDDTlcbeEvTnFbt/rBH5ocg/pht2mIFH40xE3HBmGNAVDTXjshAoYDwF HM3qoqvVdAcJv2oPMkybhbtgHq4+PpIHB1Y+uB9fngyE8SWlxQ4LSU1aa1st9YgS FT6ewLnuFGG/LNMj2DHVqtdqsj7zKg9v0aQnl1rLqOH7vUyxYlrpjxb/hjUmc75W NLer39NJHrP2+YmNmDV0iqObsa0Sx4dddEebmlyWj3V7 =fLbg -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP MESSAGE----- hQEMA2/zRj+z8cr5AQgAoJj7G0pQsqTsOiuCKeIjNqHyVejtc2L8a5HdRRA00zVI k6dBS90OBEXGH4TSXcp5/ecq/kpT7OHIt34T6ib+kqt1p9SfPv1DFY2NdfhHxSKd UcW7/8kVTTeWHZbLEWR7ucTylm9+bNdqqvC3GOzdHItKzU4lJvVa0l090WDzn4A1 JttnngEN6LclxM1rJRPDg+OfjpozpdDNKIXcSALcLs6rv7baxYPxR1qnfDXIXJ3M BeXEgCAyDA8hSeCZYza8/JIOt7Fm3V6NOyhg+jtivJ4hsF7H5uDkqJiXHuw+Htp3 k6EoEov7KpGo5fbg3G+zTf6YPIYIyI0XRGyHUe4xrdJxAS8ZAZSXOXE9rlGS+o+M hiFm08FDnkBqrO7c+zNA8VmDAdKrWhtOqBVxwZOh5w+vgQLxTNu3iEM9dtIhKEBZ bej50nuFG5lNAsyk51WbnempgYwMqgQ1gBO8doRO/Rqc/XFWlf3+PoIGprVLcO5H wMY= =xmwd -----END PGP MESSAGE----- ## Módulo 11 { "icc": false, "userns-remap": "default", "log-driver": "syslog", "live-restore": true, "userland-proxy": false, "no-new-privileges": true } ## Módulo 15 Passo 18. [monitor://C:\inetpub\logs\logfiles]  sourcetype=iis  ignoreOlderThan =14d  host = WebServer 21.  [iis*] Pulldown_type=true MAXTIMESTAMPLOOKAHEAD =32 SHOULD_LINEMERGE = False CHECK_FOR_HEADER REPORT – iis2 =iis2 24. [iis*] Pulldown_type=true MAXTIMESTAMPLOOKAHEAD =32 SHOULD_LINEMERGE =False CHECK_FOR_HEADER REPORT -iis2 =iis2 27. [default] host -WebServer [ignore_comments] REGEX = ^# .* DEST_KEY =queue FORMAT =nullQueue [iis2] DELIMS =” ” FIELDS = date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken