# SQL Injection Attack Simulation

SQL injection is a common attack vector where malicious SQL statements are inserted into an input field to manipulate a database. In this notebook, we'll simulate a basic SQL injection attack and then show how to prevent it.

**Objectives:**
- Understand how SQL injection works.
- Simulate an SQL injection attack.
- Learn how to defend against SQL injection.


In [None]:
Below is an example of simulating SQL Injection

In [2]:
# Simulating a basic SQL query without protection against SQL injection
def authenticate_user(username, password):
    query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'"
    print(f"SQL Query: {query}")
    # Simulating database return value
    if username == 'admin' and password == 'admin':
        return "Login successful!"
    return "Login failed."

# Simulate an attack
result = authenticate_user("admin", "' OR '1'='1")
print(result)


SQL Query: SELECT * FROM users WHERE username = 'admin' AND password = '' OR '1'='1'
Login failed.


In the example above, the attacker enters a crafted password that manipulates the SQL query, effectively bypassing authentication. The query becomes:

```sql
SELECT * FROM users WHERE username = 'admin' AND password = '' OR '1'='1'


Preventing SQL injections - written in python

In [5]:

# Defending against SQL injection using parameterized queries
import sqlite3

def safe_authenticate_user(username, password):
    connection = sqlite3.connect(':memory:')
    cursor = connection.cursor()
    
    # Create a users table for demonstration
    cursor.execute("CREATE TABLE users (username TEXT, password TEXT)")
    cursor.execute("INSERT INTO users (username, password) VALUES ('admin', 'admin')")
    
    # Use a parameterized query
    cursor.execute("SELECT * FROM users WHERE username = ? AND password = ?", (username, password))
    
    user = cursor.fetchone()
    if user:
        return "Login successful!"
    return "Login failed."

# Simulate the attack again
result = safe_authenticate_user("admin", "' OR '1'='1")
print(result)


Login failed.


### Exercise: Test SQL Injection Defenses

- Try modifying the attack input to see if you can bypass the authentication with the safe function.
- Experiment with different types of SQL injections. Can you find other potential vulnerabilities in a non-secured query?


In [6]:
# Example of simple malware signatures (hexadecimal patterns)
malware_signatures = [
    "4D5A",  # Common signature for PE (Portable Executable) files
    "89504E47",  # PNG file signature
    "25504446",  # PDF file signature
]

# Function to check for malware signatures in a file
def check_for_malware(file_content):
    for signature in malware_signatures:
        if signature in file_content:
            return True
    return False

# Example file content (simulated as hexadecimal strings)
file_content = "4D5A90000300000004000F00FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000"

# Check if the file contains malware signatures
is_malicious = check_for_malware(file_content)
print(f"Is the file malicious? {is_malicious}")


Is the file malicious? True


The example above is for detecting Malware Signatures. The function above checks for the presence of known malware signatures in a file. These signatures are typically hexadecimal patterns that indicate the presence of specific types of files, such as executables or images, which could be malware.


### Exercise: Identify Malware in Files

- Create your own list of malware signatures based on known file types.
- Write a function to scan a directory of files and identify any that contain these signatures.
- How might you improve this method to avoid false positives?


In [None]:
# Simple Port Scanner

A port scanner is a tool used to probe a server or host for open ports. Port scanning is often the first step in identifying potential vulnerabilities in a network. In this notebook, we'll build a basic port scanner using Python.

**Objectives:**
- Understand the purpose of port scanning.
- Implement a basic port scanner using Python's `socket` library.
- Scan a host for open ports.


In [7]:
import socket

def scan_port(ip, port):
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(1)
        result = sock.connect_ex((ip, port))
        sock.close()
        return result == 0
    except Exception as e:
        return False

# Define target IP and ports
target_ip = "192.168.1.1"
ports = [21, 22, 80, 443, 8080]

# Scan ports
for port in ports:
    if scan_port(target_ip, port):
        print(f"Port {port} is open on {target_ip}")
    else:
        print(f"Port {port} is closed on {target_ip}")


Port 21 is closed on 192.168.1.1
Port 22 is closed on 192.168.1.1
Port 80 is open on 192.168.1.1
Port 443 is open on 192.168.1.1
Port 8080 is closed on 192.168.1.1


The script above attempts to connect to each port on the target IP. If the connection is successful, the port is considered open; otherwise, it is closed. This is a basic example of a TCP connect scan, one of the simplest forms of port scanning.


### Exercise: Enhance the Port Scanner

- Modify the script to scan a range of IP addresses.
- Implement a multi-threaded version of the port scanner to speed up the scanning process.
- Can you add additional features, such as detecting the service running on each open port?
