Hello, I need assistance with an assignmnt in Python. I have attache the instructions below as well as the worksheet that should be used at the very bottom!

Thanks in advance!!!

_____________________________________________________________________________________________

Instructions

General Description

In this assignment, you will warm up your coding skills with one python project example. This example is very important because all the following assignments and final project are based on this project. Next, I will lead you to download this project and run it. You need to repeat all the steps and submit your work by using the attached Assignment 1 template.

Computer Requirements

Before we start, you have to make sure you have successfully installed Python, Python IDE (I recommend PyCharm), and PostgreSQL Database.

I believe you have learned how to set up Python, here is the link for PostgreSQL Database: https://www.postgresql.org/download/

If you never used a Python IDE, you need to see the tutorial: https://www.jetbrains.com/pycharm/learn/

You can choose any Python IDE if you are a Python Developer.

Now Let’s start

Setting Up a Database

To get started, you’re going to set up a fresh PostgreSQL database and populate it with data. Throughout the tutorial, you’ll use this database for witnessing firsthand how Python SQL injection works.

Step 1. Install PostgreSQL

You can download the installer from https://www.postgresql.org/download/

In the installation process, you will create a database “postgres” for user “postgres” by default if you didn’t change the names.

Step 2. Open the SQL Shell Tool

Step 3. Check your user and password

Input nothing for Server, Database, and Port. Just press Enter.

Input “postgres” in Username Enter

Input your password in Password for user postgresEnter

Then you will see the following in your window

Step 4. Add a User Table

Input the following command then you will see the following picture

psycopgtest=# CREATE TABLE users (

username varchar(30),

admin boolean);

Step 5. Add two users

Input the following command then you will see the following picture

Change one of the users to your name and set false (non-admin user)

psycopgtest=# INSERT INTO users

(username, admin)

VALUES

(‘ran’, true),

(‘YourName‘, false);

Step 6. Check all the users in Database

Input the following command then you will see the following picture

psycopgtest=# SELECT * FROM users;

Setting Up Python Environment

Step 7. Make sure you have installed Python

Check your python version with the command: python –version

If you have python set up on your computer, you will see a version number. If not, you need to install Python first. I believe you have learned how to do it in programming class.

Step 8. Install psycopg2

Use the command: sudo pip install psycopg2-binary

If you have error like the following picture, you need to update your pip by using the command: pip install –upgrade pip

After the upgrade, re-try: sudo pip install psycopg2-binary

If you still failed, you may need to re-install your python.

Run Python Code

Step 9. Download and run the python file “DatabaseInjectionExample.py”

• Open the downloaded file in any IDE or editor.
• [Only if you changed default database name and username] Change the database name and username to your database name and username
• Change the password to your password.
• Change the name “yan” in line 30 to your name used in Step. 5

Then, you will see the printout:

Step 10. Check an un-defined user

Change the name in line 30 to “foo”, then, you will see the error because there is no user “foo” in the database.

Step 11. Try database Injection attack

Change the name in line 30 to “‘; select true; –“

The code of line 30 will become to

print(is_admin(“‘; select true; –“))

Then run to see the output:

True? What happened? You hacked your Database!!

Step 12. Change your “username” to admin user illegally.

Add the following code after line 30. Don’t forget to change “Yan” to your username.

True? What happened? You hacked your Database!!

print(is_admin(“‘; update users set admin = ‘true’ where username = ‘yan’; select true; –“))
print(is_admin(“yan”))

Then you will see the output shows you are the admin user now!!

__________________________________________________________________________

https://kennesaw.view.usg.edu/d2l/le/dropbox/23998…

(worksheet that should be used)