Add installation script for Debian and Ubuntu Devices. Modified Front End.

README.md

@@ -4,22 +4,21 @@ Build In | Contributors | Live version
 --- | --- | ---
 **PHP/SQL/HTML/CSS** | [@philip-hub](https://github.com/philip-hub) | Clone and run with your local SQL server
 
-![SQL Server Hacking](https://i.giphy.com/media/TOWeGr70V2R1K/giphy.webp)
-
 # Description and Setup
+A modified version of [sql-injectiono-hack-workshop](https://github.com/philip-hub/sql-injection-hack-workshop) to run on a Debian or Ubuntu machine hosting a LAMP stack application.
 
-This is a dummy bank website with poor security to teach people about the basics of SQL injection. In order to use this you will need a PHP server and you will need to create a SQL server, database, and table. Both of these tasks can easliy be done with [MAMP](https://www.mamp.info/en/). Once MAMP is instaled clone this repo to the desired path on your machine. MAMP Preferences then Web Server and navigate to the path that you cloned this repo too. Start MAMP up and should bring you to a MAMP homepage on your local host where you can access myPHPAdmin. Use myPHPadmin to create a SQL database and table. This [video](https://www.youtube.com/watch?v=s7p5aS8m57k) is a good guide for this task. Name your table "mhc_bank" without the quotes. In your table create the columns "username" , "password", and "amount" as type TEXT all as those are spelled without the quotes. Use the insert command in the menu bar to add some fake users with passwords and amounts. Then open the your repo path in your favorite a text or code editor. Create a connect.php file. Put the following code in connect.php.<br>
+This is a dummy bank website with poor security to teach people about the basics of SQL injection. This website requires a PHP server and a SQL server with a database as well as a table both named mhc_bank. The mhc_bank table has three TEXT columns labeled  "username" , "password", and "amount". You can setup the website and install all of its dependences by running this repo's installation script. In a terminal, run ```sudo ./install.sh```. After the installation script is done running, modifiy ```connect.php``` in ```/var/www/html``` with your favorite text editor under root privileges. Edit the following code.<br>
 
 ```
 <?php
-$servername = "localhost:8889"; //on Mac (and maybe window) but this is displayed on in myPHPAdmin when in the table menu
-$username = "root"; //with default mamp settings
-$password = "root"; //with default mamp settings
-$dbname = "mhc_bank";
+$servername = "localhost"; // Use localhost (127.0.0.1) as server.
+$username = "username"; // Replace the value "username" with the username for your MySQL root account.
+$password = "password"; // Replace the vaule "password" with the password for your MySQL root account.
+$dbname = "mhc_bank"; // Use mhc_bank database.
 ?>
+
 ```
-<p>Try signing in to one user's account then refernce the article below and the source code and try some SQL injection commands.
-W3 Schools has a great article about SQL injection <a href="https://www.w3schools.com/sql/sql_injection.asp">here</a></p>
+<p>Verify the website is working by opening a web browser and going to http://localhost/. Once at the login page, try signing in to a user's account. Reference the article below and try some SQL injection commands. W3 Schools has a great article about SQL injection <a href="https://www.w3schools.com/sql/sql_injection.asp">here.</a></p>
 
 ---
 

connect.php

@@ -0,0 +1,6 @@
+<?php
+$servername = "localhost"; // Use localhost (127.0.0.1) as server.
+$username = "username"; // Replace the value "username" with the username for your MySQL root account.
+$password = "password"; // Replace the vaule "password" with the password for your MySQL root account.
+$dbname = "mhc_bank"; // Use mhc_bank database.
+?>

index.html

@@ -1,47 +1,32 @@
 <!DOCTYPE html>
 <html>
+
 <head>
     <link href="style.css" rel="stylesheet" type="text/css" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
     <title>
-    The Secure Bank
+        The Secure Bank
     </title>
     <style>
-        body{
-    width: 100%;
-    height: -webkit-fill-available;
-    min-height: 100%;
-    background-image: url("https://i.giphy.com/media/9SJ0zZnGVQSajeSMZ2/giphy.webp");
-    background-size: cover;
-    background-position-x: center;
-    color: #f0f0f0;
-    font-family: 'Fira Sans', sans-serif;
-    box-shadow: 0 20000px rgba(15, 15, 15, .96)  inset;
-
-}
-        </style>
+        body {
+            width: 100%;
+            min-height: 100%;
+            background-color: rgb(65, 64, 64);
+            color: #f0f0f0;
+            box-shadow: 0 20000px rgba(15, 15, 15, .96) inset;
+        }
+    </style>
 </head>
+
 <body>
     <br>
-<h1>Sign into your bank secure account today</h1><br>
-<form action="index.php" method="post" enctype="multipart/form-data"><br>
-    <label>Username</label><br><input type="text" name="username"></text><br><br>
-    <label>Password</label><br><input type="text" name="password"></text><br><br>
-    <input type="submit" name="submit" value="Sign Into *Your* Account"><br>
-    <br>
-</form>
-<br>
-<br>
-<br>
-
-
-
-<center>
-<a href="https://www.instagram.com/memphishackclub/" target="_blank" class="fa fa-instagram"></a>
-<a href="https://twitter.com/MHackclub" target="_blank" class="fa fa-twitter"></a>
-<a href="https://www.facebook.com/groups/656997425191729" target="_blank" class="fa fa-facebook"></a>
- <a href="https://www.linkedin.com/company/memphis-hack-club/?viewAsMember=true" class="fa fa-linkedin" target="_blank"></a>
- <a href="https://www.youtube.com/channel/UCQEw733Z4ID3AVLtFpQ5hyw" class="fa fa-youtube" target="_blank"></a>
- </center>
+    <h1>Sign into your bank secure account today</h1><br>
+    <form action="index.php" method="post" enctype="multipart/form-data"><br>
+        <label>Username</label><br><input type="text" name="username"></text><br><br>
+        <label>Password</label><br><input type="text" name="password"></text><br><br>
+        <input type="submit" name="submit" value="Sign Into *Your* Account"><br>
+        <br>
+    </form>
+    <br> 
 </body>
+
 </html>

index.php

@@ -10,7 +10,12 @@
 // Make a SQL query
 $username=$_POST["username"];
 $password = $_POST["password"];
-$sql = 'SELECT * FROM userinfo WHERE username ="'.$username.'" AND password ="'.$password.'";';
+
+// Sanitize input
+// $username=filter_var($username, FILTER_SANITIZE_STRING);
+// $password=filter_var($password, FILTER_SANITIZE_STRING);
+
+$sql = 'SELECT * FROM mhc_bank WHERE username ="'.$username.'" AND password ="'.$password.'";';
 // echo $sql;
 $result = mysqli_query($conn, $sql);
 
@@ -31,52 +36,38 @@
         }
     }
 } else {
-    $bank_info = "    <style>
-    body{
-width: 100%;
-height: -webkit-fill-available;
-min-height: 100%;
-background-image: url('https://i.giphy.com/media/9SJ0zZnGVQSajeSMZ2/giphy.webp');
-background-size: cover;
-background-position-x: center;
-color: #f0f0f0;
-font-family: 'Fira Sans', sans-serif;
-box-shadow: 0 20000px rgba(15, 15, 15, .96)  inset;
-
-}
-    </style><br><p>Sorry This Account does not exsist<br><a href ='index.html'>Return to Sign In</a></p>";
+    $bank_info = "
+    <style>
+        body {
+            width: auto;
+            height: auto;
+            background: rgb(65,64,64);
+            color: #f0f0f0;
+            font-family: Arial, Helvetica, sans-serif;
+            box-shadow: 0 20000px rgba(15, 15, 15, .96)  inset;
+        }
+    </style>
+    <br><p>Sorry This Account does not exsist<br><br><a href ='index.html'>Return to Sign In</a></p>";
 }
 
-
 ?>
 <!DOCTYPE html>
 <html>
 <head>
 <link href="style.css" rel="stylesheet" type="text/css" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
     <title>
     *Your* Secure Info
     </title>
 </head>
 <body>
 
 <?php
-
-
-
 echo $bank_info;
-
 ?>
+
 <br>
 <br>
 <br>
-<center>
-<a href="https://www.instagram.com/memphishackclub/" target="_blank" class="fa fa-instagram"></a>
-<a href="https://twitter.com/MHackclub" target="_blank" class="fa fa-twitter"></a>
-<a href="https://www.facebook.com/groups/656997425191729" target="_blank" class="fa fa-facebook"></a>
- <a href="https://www.linkedin.com/company/memphis-hack-club/?viewAsMember=true" class="fa fa-linkedin" target="_blank"></a>
- <a href="https://www.youtube.com/channel/UCQEw733Z4ID3AVLtFpQ5hyw" class="fa fa-youtube" target="_blank"></a>
- <br>
- </center>
+
 </body>
-</html>
+</html>

install.sh

@@ -0,0 +1,113 @@
+#!/bin/bash
+# Colors
+RED='\033[0;31m'
+GREEN='\u001b[32m'
+YELLOW='\u001b[33m'
+NC='\033[0m'
+
+# Ensure Script is executed under root privileges.
+if [ "$EUID" -ne 0 ]
+then echo -e "${RED}-RUN AS ROOT-${NC}"
+exit
+fi
+
+# Update & Upgrade System
+echo -e "Update System? ${GREEN}Y${YELLOW}/${RED}N${NC}"
+read input
+
+if [[ $input == Y ]] || [[ $input == y ]] || [[ $input == yes ]]; then
+  apt update && apt upgrade -y
+  apt autoremove -y
+  echo -e "${GREEN}-SYSTEM UPDATED-${NC}" 
+elif [[ $input == N ]] || [[ $input == n ]] || [[ $input == no ]]; then
+  echo -e "${RED}-SYSTEM NOT UPDATED-${NC}" 
+else
+  echo -e "${RED}-INVALID INPUT-${NC}"
+fi
+
+# Install Apache
+echo -e "Install Apache? ${GREEN}Y${YELLOW}/${RED}N${NC}"
+read input
+
+if [[ $input == Y ]] || [[ $input == y ]] || [[ $input == yes ]]; then
+  apt install apache2 apache2-utils -y
+  systemctl enable apache2
+  systemctl start apache2
+  echo -e "${GREEN}-APACHE INSTALLED-${NC}" 
+elif [[ $input == N ]] || [[ $input == n ]] || [[ $input == no ]]; then
+  echo -e "${RED}-APACHE NOT INSTALLED-${NC}" 
+else
+  echo -e "${RED}-INVALID INPUT-${NC}"
+fi
+
+
+# Install MySQL (MariaDB)
+echo -e "Install MySQL? ${GREEN}Y${YELLOW}/${RED}N${NC}"
+read input
+
+if [[ $input == Y ]] || [[ $input == y ]] || [[ $input == yes ]]; then
+  apt install mariadb-server -y
+  systemctl enable mariadb
+  systemctl start mariadb
+  echo -e "${GREEN}-MYSQL INSTALLED-${NC}" 
+elif [[ $input == N ]] || [[ $input == n ]] || [[ $input == no ]]; then
+  echo -e "${RED}-MYSQL NOT INSTALLED-${NC}" 
+else
+  echo -e "${RED}-INVALID INPUT-${NC}"
+fi
+
+# Configure MySQL Service
+echo -e "Configure MySQL Service? ${GREEN}Y${YELLOW}/${RED}N${NC}"
+read input
+
+if [[ $input == Y ]] || [[ $input == y ]] || [[ $input == yes ]]; then
+  mysql_secure_installation
+  echo -e "${GREEN}-MYSQL SERVICE CONFIGURED-${NC}" 
+elif [[ $input == N ]] || [[ $input == n ]] || [[ $input == no ]]; then
+  echo -e "${RED}-MYSQL SERVICE NOT CONFIGURED-${NC}" 
+else
+  echo -e "${RED}-INVALID INPUT-${NC}"
+fi
+
+# Configure MySQL Database
+echo -e "Configure MySQL Database? ${GREEN}Y${YELLOW}/${RED}N${NC}"
+read input
+
+if [[ $input == Y ]] || [[ $input == y ]] || [[ $input == yes ]]; then
+  echo "Enter password for MySQL root account."
+  mysql -u root -p < setupDatabase.sql
+  echo -e "${GREEN}-MYSQL DATABASE CONFIGURED-${NC}" 
+elif [[ $input == N ]] || [[ $input == n ]] || [[ $input == no ]]; then
+  echo -e "${RED}-MYSQL DATABASE NOT CONFIGURED-${NC}" 
+else
+  echo -e "${RED}-INVALID INPUT-${NC}"
+fi
+
+# Install PHP
+echo -e "Install PHP? ${GREEN}Y${YELLOW}/${RED}N${NC}"
+read input
+
+if [[ $input == Y ]] || [[ $input == y ]] || [[ $input == yes ]]; then
+  apt install php php-cli php-mysql libapache2-mod-php php-gd php-xml php-curl php-common -y
+  echo -e "${GREEN}-PHP INSTALLED-${NC}" 
+elif [[ $input == N ]] || [[ $input == n ]] || [[ $input == no ]]; then
+  echo -e "${RED}-PHP NOT INSTALLED-${NC}" 
+else
+  echo -e "${RED}-INVALID INPUT-${NC}"
+fi
+
+# Install Website
+echo -e "Install Website? ${GREEN}Y${YELLOW}/${RED}N${NC}"
+read input
+
+if [[ $input == Y ]] || [[ $input == y ]] || [[ $input == yes ]]; then
+  # Move files to /var/www/html
+  echo "cp index.html index.php style.css connect.php /var/www/html/"
+  cp index.html index.php style.css connect.php /var/www/html/
+  echo -e "${GREEN}-WEBSITE INSTALLED-${NC}" 
+elif [[ $input == N ]] || [[ $input == n ]] || [[ $input == no ]]; then
+  echo -e "${RED}-WEBSITE NOT INSTALLED-${NC}" 
+else
+  echo -e "${RED}-INVALID INPUT-${NC}"
+fi
+

setupDatabase.sql

@@ -0,0 +1,23 @@
+-- Create database mhc_bank, and use it.
+CREATE DATABASE mhc_bank;
+USE mhc_bank;
+
+-- Create table mhc_bank and three text columns named username, password, amount.
+CREATE TABLE mhc_bank (
+  username TEXT(255),
+  password TEXT(255),
+  amount TEXT(255)
+);
+
+-- Insert data into mhc_bank table.
+INSERT INTO mhc_bank (username, password, amount)
+VALUES ("alice", "apples123", "500");
+
+INSERT INTO mhc_bank (username, password, amount)
+VALUES ("bob", "banana321", "250");
+
+INSERT INTO mhc_bank (username, password, amount)
+VALUES ("carol", "coconut231", "750");
+
+-- Showcase data in mhc_bank.
+SELECT * FROM mhc_bank;