stefan
/
presentations
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

theme change and typos

This commit is contained in:
Stefan Friese 2024-04-18 13:56:25 +00:00
parent f1a8b2cbeb
commit 70851726f6
5 changed files with 416 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
introduction-to-sql-injection/build-presentation.sh Executable file
View File

@ -0,0 +1,5 @@
#!/usr/bin/env bash
pandoc -s --mathml -i -t revealjs sql_injection.md -V theme=simple -o presentation.html --css=./robot-lung.css
sed -i 's|<body>|<body>\n<div class="line top"></div>\n<div class="line bottom"></div>\n<div class="line left"></div>\n<div class="line right"></div>\n|' presentation.html

22
introduction-to-sql-injection/example/README.md
View File

@ -15,7 +15,15 @@ Dependencies can be found inside the `./pyproject.toml` file.
After installation has been done, start the flask server.
### Usage
### Create the Database
Execute the [create_db](./create_db.py) script to setup the database
```sh
python3 ./create_db.py
```
### Run Flask
```sh
poetry run python3 ./flask_sqli.py
@ -33,7 +41,7 @@ source venv/bin/activate
pip install flask
```
### Usage after manual installation
### Run Flask After Manual Installation
Start the flask server without poetry in the following way.
@ -41,3 +49,13 @@ Start the flask server without poetry in the following way.
source venv/bin/activate
python3 ./flask_sqli.py
```
## Usage
First start the server, open your browser and open the website on locahost and
the port displayed after starting the flask server. Using the default
configuration of flask, the port is `5000`.
```
http://localhost:5000
```

55
introduction-to-sql-injection/presentation.html
View File

@ -93,9 +93,15 @@
code span.vs { color: #4070a0; } /* VerbatimString */
code span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
</style>
<link rel="stylesheet" href="https://unpkg.com/reveal.js@^4//dist/theme/dracula.css" id="theme">
<link rel="stylesheet" href="https://unpkg.com/reveal.js@^4//dist/theme/simple.css" id="theme">
<link rel="stylesheet" href="./robot-lung.css"/>
</head>
<body>
<div class="line top"></div>
<div class="line bottom"></div>
<div class="line left"></div>
<div class="line right"></div>
<div class="reveal">
<div class="slides">
@ -122,30 +128,30 @@ Next Presentation</li>
<section class="slide level1">
<h3 id="number-1">Number 1</h3>
<p>An SQL Query as a string embedded in other languages</p>
<p>An SQL Query as a string embedded in other languages.</p>
<div class="sourceCode" id="cb1"><pre
class="sourceCode python"><code class="sourceCode python"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span></span>
<span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a> cursor.execute(</span>
<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a> <span class="st">&quot;SELECT * FROM users WHERE username = &#39;admin&#39; </span><span class="ch">\</span></span>
<span id="cb1-4"><a href="#cb1-4" aria-hidden="true" tabindex="-1"></a><span class="st"> AND password = &#39;s3cur3P4ssw0rd&#39;&quot;</span></span>
class="sourceCode sql"><code class="sourceCode sql"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span></span>
<span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a> <span class="kw">cursor</span>.<span class="kw">execute</span>(</span>
<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a> <span class="ot">&quot;SELECT * FROM users WHERE username = &#39;admin&#39; \</span></span>
<span id="cb1-4"><a href="#cb1-4" aria-hidden="true" tabindex="-1"></a> <span class="kw">AND</span> <span class="kw">password</span> <span class="op">=</span> <span class="st">&#39;s3cur3P4ssw0rd&#39;</span><span class="ot">&quot;</span></span>
<span id="cb1-5"><a href="#cb1-5" aria-hidden="true" tabindex="-1"></a> )</span></code></pre></div>
</section>
<section class="slide level1">
<h3 id="number-2">Number 2</h3>
<p>User input is possible as a string and is a part of said SQL
query</p>
<p>User input is possible inside a value of type string as a part of
said SQL query.</p>
<div class="sourceCode" id="cb2"><pre
class="sourceCode python"><code class="sourceCode python"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span></span>
<span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a> cursor.execute(</span>
<span id="cb2-3"><a href="#cb2-3" aria-hidden="true" tabindex="-1"></a> <span class="st">&quot;SELECT * FROM users WHERE username = &#39;</span><span class="sc">%s</span><span class="st">&#39; AND password = &#39;</span><span class="sc">%s</span><span class="st">&#39;&quot;</span> \</span>
<span id="cb2-4"><a href="#cb2-4" aria-hidden="true" tabindex="-1"></a> <span class="op">%</span> (username, password)</span>
class="sourceCode sql"><code class="sourceCode sql"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span></span>
<span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a> <span class="kw">cursor</span>.<span class="kw">execute</span>(</span>
<span id="cb2-3"><a href="#cb2-3" aria-hidden="true" tabindex="-1"></a> <span class="ot">&quot;SELECT * FROM users WHERE username = &#39;%s&#39; AND password = &#39;%s&#39;&quot;</span> \</span>
<span id="cb2-4"><a href="#cb2-4" aria-hidden="true" tabindex="-1"></a> % (username, <span class="kw">password</span>)</span>
<span id="cb2-5"><a href="#cb2-5" aria-hidden="true" tabindex="-1"></a> )</span></code></pre></div>
</section>
<section class="slide level1">
<h2 id="how-to-exploit-an-sql-injection">How to Exploit an SQL
Injection</h2>
<h2 id="how-to-exploit-an-sqli-vulnerability">How to Exploit an SQLi
Vulnerability</h2>
<ul>
<li class="fragment">Close the string through an ending quote</li>
<li class="fragment">Continue the query with your own SQL code</li>
@ -178,9 +184,11 @@ class="sourceCode sql"><code class="sourceCode sql"><span id="cb4-1"><a href="#c
<h3 id="other-queries">Other Queries</h3>
<div class="sourceCode" id="cb5"><pre
class="sourceCode sql"><code class="sourceCode sql"><span id="cb5-1"><a href="#cb5-1" aria-hidden="true" tabindex="-1"></a><span class="st">&#39; UNION SELECT &#39;</span>a<span class="st">&#39;,NULL,NULL,NULL -- -</span></span>
<span id="cb5-2"><a href="#cb5-2" aria-hidden="true" tabindex="-1"></a><span class="st">&#39;</span> <span class="kw">UNION</span> <span class="kw">SELECT</span> <span class="op">*</span> <span class="kw">FROM</span> users <span class="kw">WHERE</span> user_id <span class="op">=</span> <span class="dv">1</span> <span class="co">-- -</span></span>
<span id="cb5-3"><a href="#cb5-3" aria-hidden="true" tabindex="-1"></a><span class="st">&#39; UNION SELECT * FROM users WHERE user_id != 1337 -- -</span></span></code></pre></div>
class="sourceCode sql"><code class="sourceCode sql"><span id="cb5-1"><a href="#cb5-1" aria-hidden="true" tabindex="-1"></a><span class="st">&#39; UNION SELECT &#39;</span>a<span class="st">&#39;,NULL,NULL,NULL -- -</span></span></code></pre></div>
<div class="sourceCode" id="cb6"><pre
class="sourceCode sql"><code class="sourceCode sql"><span id="cb6-1"><a href="#cb6-1" aria-hidden="true" tabindex="-1"></a><span class="st">&#39; UNION SELECT * FROM users WHERE user_id = 1 -- -</span></span></code></pre></div>
<div class="sourceCode" id="cb7"><pre
class="sourceCode sql"><code class="sourceCode sql"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true" tabindex="-1"></a><span class="st">&#39; UNION SELECT * FROM users WHERE user_id != 1337 -- -</span></span></code></pre></div>
</section>
<section class="slide level1">
@ -198,10 +206,17 @@ href="https://github.com/sqlmapproject/sqlmap">SQLMap</a></li>
<section class="slide level1">
<h2 id="try-for-yourself">Try for Yourself</h2>
<p>Use the provided <a href="./example">example</a> inside this
presentations repository. There is a <a
<ul>
<li class="fragment"><p>Use the provided <a href="./example">example</a>
inside this presentations repository. There is a <a
href="./example/README.md">readme</a> which guides you through the
setup.</p>
setup.</p></li>
<li class="fragment"><p>Further, try <a
href="https://github.com/digininja/DVWA">Damn Vulnerable Web
Application</a> which you can setup by yourself or use <a
href="https://tryhackme.com/r/room/dvwa">Tryhackmes DVWA
Room</a>.</p></li>
</ul>
</section>
<section id="the-end" class="slide level1">
<h1>The End</h1>

340
introduction-to-sql-injection/robot-lung.css Normal file
View File

@ -0,0 +1,340 @@
/**
[ robot-lung ]
A hot pink theme for Reveal.js with Roboto fonts and a colorful border.
By Josh Dzielak, https://dzello.com/, License MIT
The bold border is optional and requires some HTML. To use it:
1. Add 4 divs to your HTML page:
<div class="line top"></div>
<div class="line bottom"></div>
<div class="line left"></div>
<div class="line right"></div>
2. Set { margin: 0.2 } in the Reveal.js initializer to make sure
your presentation content doesn't collide with the frame.
Like the theme but don't like the colors? Don't fret. Just change
$borderColor and/or $linkColor below to something else and rebuild.
Or if you don't want to rebuild the theme just override the .line background
property with some CSS:
.line {
background: <new-color>;
}
*/
@import url(https://fonts.googleapis.com/css?family=Roboto+Slab:300,700);
@import url(https://fonts.googleapis.com/css?family=Roboto:700);
section.has-light-background, section.has-light-background h1, section.has-light-background h2, section.has-light-background h3, section.has-light-background h4, section.has-light-background h5, section.has-light-background h6 {
color: #141414; }
.reveal .controls {
right: 50px;
bottom: 50px; }
.line {
content: '';
position: fixed;
background: #FF4081;
z-index: 105; }
.line.top {
left: 0;
top: 0;
width: 100%;
height: 30px; }
@media (max-width: 840px) {
.line.top {
height: 15px; } }
.line.bottom {
left: 0;
top: auto;
bottom: 0;
width: 100%;
height: 30px; }
@media (max-width: 840px) {
.line.bottom {
height: 15px; } }
.line.left {
left: 0;
top: 0;
width: 30px;
height: 200%; }
@media (max-width: 840px) {
.line.left {
width: 15px; } }
.line.right {
left: auto;
right: 0;
top: 0;
width: 30px;
height: 200%; }
@media (max-width: 840px) {
.line.right {
width: 15px; } }
.reveal.has-dark-background .line {
display: none; }
/*********************************************
* GLOBAL STYLES
*********************************************/
body {
background: #fff;
background-color: #fff; }
.reveal {
font-family: "Roboto Slab", serif;
font-size: 32px;
font-weight: normal;
color: #363636; }
::selection {
color: #fff;
background: #ffc0d5;
text-shadow: none; }
::-moz-selection {
color: #fff;
background: #ffc0d5;
text-shadow: none; }
.reveal .slides > section,
.reveal .slides > section > section {
line-height: 1.3;
font-weight: inherit; }
/*********************************************
* HEADERS
*********************************************/
.reveal h1,
.reveal h2,
.reveal h3,
.reveal h4,
.reveal h5,
.reveal h6 {
margin: 0 0 20px 0;
color: #141414;
font-family: "Roboto", sans-serif;
font-weight: 700;
line-height: 1.2;
letter-spacing: normal;
text-transform: uppercase;
text-shadow: none;
word-wrap: break-word; }
.reveal h1 {
font-size: 2.6em; }
.reveal h2 {
font-size: 2.2em; }
.reveal h3 {
font-size: 1.7em; }
.reveal h4 {
font-size: 1.4em; }
.reveal h1 {
text-shadow: none; }
/*********************************************
* OTHER
*********************************************/
.reveal p {
margin: 20px 0;
line-height: 1.3; }
/* Ensure certain elements are never larger than the slide itself */
.reveal img,
.reveal video,
.reveal iframe {
max-width: 95%;
max-height: 95%; }
.reveal strong,
.reveal b {
font-weight: bold; }
.reveal em {
font-style: italic; }
.reveal ol,
.reveal dl,
.reveal ul {
display: inline-block;
text-align: left;
margin: 0 0 0 1em; }
.reveal ol {
list-style-type: decimal; }
.reveal ul {
list-style-type: disc; }
.reveal ul ul {
list-style-type: square; }
.reveal ul ul ul {
list-style-type: circle; }
.reveal ul ul,
.reveal ul ol,
.reveal ol ol,
.reveal ol ul {
display: block;
margin-left: 40px; }
.reveal dt {
font-weight: bold; }
.reveal dd {
margin-left: 40px; }
.reveal blockquote {
display: block;
position: relative;
width: 70%;
margin: 20px auto;
padding: 5px;
font-style: italic;
background: rgba(255, 255, 255, 0.05);
box-shadow: 0px 0px 2px rgba(0, 0, 0, 0.2); }
.reveal blockquote p:first-child,
.reveal blockquote p:last-child {
display: inline-block; }
.reveal q {
font-style: italic; }
.reveal pre {
display: block;
position: relative;
width: 90%;
margin: 20px auto;
text-align: left;
font-size: 0.55em;
font-family: monospace;
line-height: 1.2em;
word-wrap: break-word;
box-shadow: 0px 0px 6px rgba(0, 0, 0, 0.3); }
.reveal code {
font-family: monospace;
text-transform: none; }
.reveal pre code {
display: block;
padding: 5px;
overflow: auto;
max-height: 400px;
word-wrap: normal; }
.reveal table {
margin: auto;
border-collapse: collapse;
border-spacing: 0; }
.reveal table th {
font-weight: bold; }
.reveal table th,
.reveal table td {
text-align: left;
padding: 0.2em 0.5em 0.2em 0.5em;
border-bottom: 1px solid; }
.reveal table th[align="center"],
.reveal table td[align="center"] {
text-align: center; }
.reveal table th[align="right"],
.reveal table td[align="right"] {
text-align: right; }
.reveal table tbody tr:last-child th,
.reveal table tbody tr:last-child td {
border-bottom: none; }
.reveal sup {
vertical-align: super; }
.reveal sub {
vertical-align: sub; }
.reveal small {
display: inline-block;
font-size: 0.6em;
line-height: 1.2em;
vertical-align: top; }
.reveal small * {
vertical-align: top; }
/*********************************************
* LINKS
*********************************************/
.reveal a {
color: #FF4081;
text-decoration: none;
-webkit-transition: color .15s ease;
-moz-transition: color .15s ease;
transition: color .15s ease; }
.reveal a:hover {
color: #ff8db3;
text-shadow: none;
border: none; }
.reveal .roll span:after {
color: #fff;
background: #f30053; }
/*********************************************
* IMAGES
*********************************************/
.reveal section img {
margin: 15px 0px;
background: rgba(255, 255, 255, 0.12);
border: 4px solid #363636;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.15); }
.reveal section img.plain {
border: 0;
box-shadow: none; }
.reveal a img {
-webkit-transition: all .15s linear;
-moz-transition: all .15s linear;
transition: all .15s linear; }
.reveal a:hover img {
background: rgba(255, 255, 255, 0.2);
border-color: #FF4081;
box-shadow: 0 0 20px rgba(0, 0, 0, 0.55); }
/*********************************************
* NAVIGATION CONTROLS
*********************************************/
.reveal .controls {
color: #FF4081; }
/*********************************************
* PROGRESS BAR
*********************************************/
.reveal .progress {
background: rgba(0, 0, 0, 0.2);
color: #FF4081; }
.reveal .progress span {
-webkit-transition: width 800ms cubic-bezier(0.26, 0.86, 0.44, 0.985);
-moz-transition: width 800ms cubic-bezier(0.26, 0.86, 0.44, 0.985);
transition: width 800ms cubic-bezier(0.26, 0.86, 0.44, 0.985); }
.reveal .progress {
z-index: 1000;
color: #FF80A1; }

22
introduction-to-sql-injection/sql_injection.md
View File

@ -20,9 +20,9 @@ An SQL injection occurs when two things come together.
### Number 1
An SQL Query as a string embedded in other languages
An SQL Query as a string embedded in other languages.
```python
```sql
sql_query =
cursor.execute(
"SELECT * FROM users WHERE username = 'admin' \
@ -34,9 +34,9 @@ sql_query =
### Number 2
User input is possible as a string and is a part of said SQL query
User input is possible inside a value of type string as a part of said SQL query.
```python
```sql
sql_query =
cursor.execute(
"SELECT * FROM users WHERE username = '%s' AND password = '%s'" \
@ -46,7 +46,7 @@ sql_query =
---
## How to Exploit an SQL Injection
## How to Exploit an SQLi Vulnerability
* Close the string through an ending quote
* Continue the query with your own SQL code
@ -79,7 +79,13 @@ SELECT * FROM users WHERE username = '' or '1' = '1' -- - AND password '%s'
```sql
' UNION SELECT 'a',NULL,NULL,NULL -- -
```
```sql
' UNION SELECT * FROM users WHERE user_id = 1 -- -
```
```sql
' UNION SELECT * FROM users WHERE user_id != 1337 -- -
```
@ -95,9 +101,13 @@ SELECT * FROM users WHERE username = '' or '1' = '1' -- - AND password '%s'
## Try for Yourself
Use the provided [example](./example) inside this presentation's repository.
* Use the provided [example](./example) inside this presentation's repository.
There is a [readme](./example/README.md) which guides you through the setup.
* Further, try [Damn Vulnerable Web
Application](https://github.com/digininja/DVWA) which you can setup by yourself
or use [Tryhackme's DVWA Room](https://tryhackme.com/r/room/dvwa).
---
# The End