Coder Social home page Coder Social logo

seraph776 / sql-injection-hacker-challenge Goto Github PK

View Code? Open in Web Editor NEW
0.0 1.0 0.0 50 KB

A Python script to conduct a SQL Injection attack on a mock database designed for this challenge.

License: MIT License

Python 100.00%
cybersecurity educational-project python-script python3 sql sql-injection sql-injection-exploitation tutorial-sourcecode game-script sqlite3-database

sql-injection-hacker-challenge's Introduction

SQL Injection 💉

made-with-Python GitHub Repo stars GitHub forks GitHub issues GitHub

HACK3R Challenge!

🐛 Report Bugz · 📫 Contact me · ☕Buy me Coffee

Show your support and give this repo a 💫

ℹ️ Table of Content
  1. Overview
  2. Requirements
  3. Source Code
  4. Screenshot
  5. Demonstration
  6. Setup Instructions
  7. Usage
  8. Discussions
  9. Contact me
  10. License

💡Overview

SQL injection is a type of cybersecurity attack that targets data-driven applications by inserting or "injecting" malicious SQL statements in the input field of a web page. Run this script, and try to execute a SQL Injection attack on a mock database that was designed for this challenge. If successful, you’ll have an opportunity to answer some fun Bonus Challenge Questions.

💥 Bonus Challenge Questions

After succefully dumping the database, try solving the following Bonus Questions:

  1. Decrypt the administrator’s password. Hint: MD(101)
  2. What 1995 "crime/action/romance" movie did these users played in? Hint: Solve the first bonus question.

Requirements

Required Version
Python 3.0 +
sqlite3 3.39.2
requests 2.28.1

⚡Source Code

Click to view source code 
import sqlite3
import requests

# SQL statements:
CREATE_USERS_TABLE = "CREATE TABLE IF NOT EXISTS usernames (id INTEGER PRIMARY KEY, username TEXT, password TEXT);"
INSERT_USER_DATA = "INSERT INTO usernames (username, password) VALUES (?, ?)"


def get_userdata() -> list:
    """Returns username, and password in tuple from online username.dat file."""
    # url to username and password file
    URL = "https://pastebin.com/raw/ih7szSSv"
    raw = [i.strip() for i in requests.get(URL).text.split('\n')]
    output = []
    for i in raw:
        users = i.split(', ')[0].split(',')[0]
        passwords = i.split(', ')[0].split(',')[1]
        output.append((users, passwords))
    return output


# Create database in memory
conn = sqlite3.connect(":memory:")
# Get usernames and passwords
user_data = get_userdata()

# Create table
conn.execute(CREATE_USERS_TABLE)
# Insert username, passwords into database
conn.executemany(INSERT_USER_DATA, user_data)


while True:
    INJECTION = input("Enter your SQL Injection:\n>  ")
    sql = f"SELECT * FROM usernames WHERE id = 776 {INJECTION}"
    try:
        results = conn.execute(sql).fetchall()
        if results:
            print(f"\n\033[92m" + "Good job, you did it!" + "\033[0m")
            with conn:
                for row in results:
                    print(row)
            conn.close()
            break
    except sqlite3.OperationalError as e:
        print("\n\033[91m" + "Nope, try again!" + "\033[0m")
        pass

Screenshot

image

Demonstration

Replit Demo

Setup Instructions

Create a Virtual Environment using Pipenv
  1. Download zip file
  2. Extract zip files
  3. Change directory into the sql-injection-attack-challenge\app directory:
$ cd sql-injection-attack-challenege
  1. Install from Pipfile:
$ pipenv install
  1. Run the application from within virtual environment:
$ pipenv run python app/script.py

ℹ️ Virtual Environment Reference.

Usage

Once you run the script, you will be prompted to "Enter you SQL Injection". Keep trying until you successfully achieve a SQL Injection attack! For more information read documentation.

Reporting Issues

For instructions on reporting issues please read our Contributing Guidelines.

Discussions

Have any Questions or suggestions? Visit Discussions which is a space for our community to have conversations, ask questions and post answers without opening issues. Please read our Code of Conduct which defines the standards for engaging with the community!

Contact me

If you have any questions or wish to collaborate please contact me please feel free to contact me:

License

MIT © Seraph 天

sql-injection-hacker-challenge's People

Contributors

seraph776 avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.