fixin some readme

README.md

@@ -68,4 +68,8 @@ nmap -p 31000-32000 localhost
 telnet localhost 3000
 ```
  
+----
+
+### License
+The material in this repository is licensed under the [Creative Commons Attribution-Noncommercial 3.0 license](http://creativecommons.org/licenses/by-nc/3.0/). All code is dedicated to the public domain. If your country does not recognize my right to dedicate work to the public domain, you may the [MIT license](http://opensource.org/licenses/MIT).
 

README.md~

@@ -0,0 +1,75 @@
+# My-Gray-Hacker-Resources
+
+All in one big bag. For fun, profits, or CTFs.
+
+
+## * CTFs and WARGAMES
+## * CRYPTOGRAPHY
+## * FORENSICS
+## * LINUX HACKING
+## * MEMORY EXPLOITS
+## * NETWORK and 802.11
+## * REVERSE ENGINEERING
+## * RUBBER DUCK
+## * STEGANOGRAPHY
+## * WEB EXPLOITS
+## * OTHER HACKINGS
+
+
+
+
+![](http://i.imgur.com/4WNqTJS.png)
+
+
+---- 
+
+### Useful Command Line
+
+#### Searching
+ 
+ 
+```
+grep word f1
+ 
+sort | uniq -c
+ 
+diff f1 f2
+ 
+find -size f1
+```
+ 
+
+
+ 
+#### Compressed Files
+ 
+ 
+```
+zcat f1 > f2
+ 
+gzip -d file
+ 
+bzip2 -d f1
+ 
+tar -xvf file
+```
+ 
+ 
+ 
+#### Connecting to a Server/Port
+ 
+```
+echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000
+ 
+openssl s_client -connect localhost:30001 -quiet
+ 
+nmap -p 31000-32000 localhost
+ 
+telnet localhost 3000
+```
+ 
+----
+
+### License
+The material in this repositoru are licensed under the [Creative Commons Attribution-Noncommercial 3.0 license](http://creativecommons.org/licenses/by-nc/3.0/). All code is dedicated to the public domain. If your country does not recognize my right to dedicate works to the public domain, you may also use code from my blog under the [MIT license](http://opensource.org/licenses/MIT).
+

Web_Exploits/SQLi/README.md

@@ -0,0 +1,24 @@
+# SQL Injections
+
+* A SQL query  search can be easily manipulated and assume that a SQL query search is a reliable command. This means  that SQL searches are capable of passing, unnoticed, by access control mechanisms. 
+* Using methods of diverting standard authentication and by checking the authorization credentials, you can gain access to important information stored in a database. 
+
+## Examples
+
+* A parameter passed for a name of a user:
+
+```
+SELECT * FROM users WHERE
+name="$name";
+```
+
+In this case, the attacker just needs to introduce a true logical expression like ```1=1```:
+
+```
+SELECT * FROM users WHERE 1=1;
+```
+So that the **WHERE** clause is always executed, which means that it will return the values that match to all users.
+
+Nowadays it is estimated that less than 5% of the websites have this vulnerability.
+
+

Web_Exploits/SQLi/README.md~

@@ -0,0 +1,119 @@
+# Web Exploits
+
+[My list of common web vulnerabilits.](http://bt3gl.github.io/a-list-of-common-web-vulnerabilities.html)
+
+## OS Command Injection
+
+---
+
+## SQLi
+
+- Brute force password
+- Timed SQLi
+- Cookie force brute
+
+
+--- 
+## PHP Shells
+
+- php primer
+- xor
+- exploits
+
+----
+
+## Scanners
+
+- heartbleed
+
+
+-----
+## User ID
+- cookie auth
+- user id
+
+----
+
+## Other Resources
+
+#### When we have a Website/IP Address:
+
+- Try to add folders to the domain, such as http://csaw2014.website.com or http://key.website.com.
+
+- We brute force the subdomains, for example, with [subbrute.py]. This tool performs multi-threaded DNS lookups to a configurable list of DNS resolvers, searching through a list of possible subdomains.
+
+- Use the command ```dig``` or ```ping``` in Linux to find the IP  address of the website.
+
+- *wgetting* the entire website with something like ```wget -e robots=off --tries=40 -r -H -l 4 <WEBSITE>```.
+
+- Check the *robot.txt* file for hidden folders.
+
+- Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax).
+
+
+-----
+
+## URLs
+
+#### Octal
+
+- Example: http://017700000001 --> 127.0.0.1
+
+- For example 206.191.158.50:
+
+((206 * 256 + 191) * 256 + 158 ) * 256 + 50 = 3468664370.
+
+Now, there is a further step that can make this address even more obscure. You can add to this dword number, any multiple of the quantity 4294967296 (2564) 
+
+
+#### Great @
+
+-Everything between "http://" and "@" is completely irrelevant
+
+```
+http://doesn'tmatter@www.google.org
+http://!$^&*()_+`-={}|[]:;@www.google.com
+```
+
+- @ symbol can be represented by its hex code %40 
+- dots are %2e
+
+
+
+----
+
+## HTTP
+
+The first line of a request is modified to include protocol version information and it's followed by zero or more name:value pairs (headers):
+- User-Agent: browser version information
+- Host: URL hostanme
+- Accept: supported MIME documents( such as text/plain or audio/MPEG)
+- Accept-Language: supported language codes
+- Referer: originating page for the request
+
+The headers are terminated with a single empty line, which may be followerd by any payload the client wishes to pass to the server (the lenght should be specified with the Content-Length header). The  payload is usually browser data, but there is no requirements.
+
+
+
+-----
+## Tools
+
+- [Burp Suite]
+- [FireBug] in Firefox
+
+
+
+
+
+-----------------
+[FireBug]: http://getfirebug.com/
+[Burp Suite]: http://portswigger.net/burp/
+[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
+[karmadecay]: http://karmadecay.com/
+[tineye]:  https://www.tineye.com/
+[images.google.com]: https://images.google.com/?gws_rd=ssl
+[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
+[subbrute.py]: https://github.com/SparkleHearts/subbrute
+[pnginfo]: http://www.stillhq.com/pngtools/
+[namechk]: http://namechk.com
+