So welcome to this session on attacks in detail. In this session, we're gonna talk about cross-site scripting attack, which is sometimes described as SQL injection attack, which attacks databases. We'll look at cross-site scripting, which is sometimes described as CSS or XSS, which is another attack where you're stealing session cookies. And then we'll look at spyware, adware, and scareware. So, let me then demonstrate these things to you. In this session, as I said before, we're going to be looking at these types of attacks and techniques. So, the first one I wanna bring up is adware. Now, you've probably all come across this type of visualisation come up, an adware. Now, adware means that you've potentially won a competition. You've won, you know, you're the 51st person to access the site and you win an iPad, or you're a privileged user accessing the site and they want to congratulate you about something. Now, you'll never win anything, so anytime you've got these competitions, I'll just burst your bubble straight away, you're not going to win anything on these sites. All you'll get, if you click on these, is you'll download some form of a software onto your system. Some of it could be spyware. Now, the spyware could capture your webcam, or it could capture the keystrokes. Anything you're typing into your-, onto your keyboard could be captured through one of these types of adverts that pop up. Or they could change the settings in your browser, so you could be getting websites for shopping sites coming up each time, which can be a bit frustrating, especially when you're clicking on one and suddenly you come up with other shopping sites. And they make monetary gain from each one of these sites that you go to, sometimes 2p or 3p per site, but that's quite a lot of sites. That’s quite a lot of money that can be made from it.   

And these are quite annoying, so if these things do come up, I would recommend that you obviously close them down, and then run some antivirus or some form of malware tool to clear anything on your machines. Nothing would install itself on there unless you've clicked on some of the website itself. The other ones that I've come across, and you've probably come across yourself, is scareware. So, this one is scareware and basically says scareware could be-, you've got a virus. As this one's got here, you've got 41 infections on your machine. You haven't got any infections on your machine. It's trying to scare you into actually clicking on the site and then once you click on it, they might offer you a tool, which you have to pay for, or to help to get rid of malware on your machine. Well, actually, what it does instead is it installs malware onto your machine, or malicious software onto your machine, so if that comes up, then I would recommend that you cancel it. Sometimes it comes in different formats. Sometimes you may have been on some form of music site and the music site itself you might be on might be downloading a bit of music, which may, might not be legitimate music, and you get a warning come up. Another warning saying we-, you're under investigation by some law enforcement or police. That's also scareware. If that comes up, also close that down and run some form of malware checking or antivirus tool to clear those type of things down. So, these are some of these threats that come up, and just demonstrated a couple of these.  

The next thing I wanted to show you was cross-site scripting. Now, cross-site scripting, CSS or XSS. So, there's this little demonstration site I like to go to called Hacksplaining, and you'll see an example of a cross-site scripting attack. So, I'm gonna click on the site to activate it and this is just a test site, and this site here is telling us-, imagining you're on Breddit, which is obviously a play on Reddit, the social media site, and it's obviously social media for the baking industry. Now, the site itself is an application where you can actually input chat or communicate with people, and it's vulnerable to attacks by people. Obviously, the people have set it up, they're gonna communicate. As you can see, a demonstration of it on here, as I click through it. It's all to do with website discussion. They're inputting some code into the site itself. 'I love bread. I love it so much, I think I might be part a duck.' It's just a, a demonstration site, this one. So it's a-, this demonstration of they're accessing, putting chat in there and they're accessing some form of databases by doing that. However, along comes Mal, Mal being the malicious attacker. And he obviously sees there's a-,  the site's very popular and could be subject to a type of an attack, some form of nefarious attack. So, he's gonna inject some form of code in the site using HTML code. And the HTML is HyperText Markup Language, is a code that a lot of websites are built on, and he's gonna inject some form of JavaScript, some form of scripting language, cause he sees the website is vulnerable to this type of attack. And what he's gonna do, he's gonna do a script attack and there's gonna be a line of code he's gonna put in there and the script will have a code which either is to steal the session cookies, and the session cookies could be your credit card details if you've been on a banking site, or on a shopping site, or it could, could include other types of information there as well. So, it's something that you have to be careful, if you ever go to some of these sites, I would always recommend not hitting the X button but actually logging out of the site.  

But let's see an example of this example. So, Mal's injecting some malicious JavaScript, and they can see the script being communicated and put in there. That's a good example of a script attack, and you can see here, just a very simple script come up with a message saying croissants are limp and sad. That's just a very simple demonstration of it. Let's go to-, go into a bit more detail and do a bit more malicious stuff from a hacker perspective. So, this one is doing a real attack, a real cookie cross-site scripting attack. Cause the website is vulnerable to this type of attack, he's gonna inject a code into the site again. And the idea is to steal the session cookies, which then he could use in another type of attack against that individual person. And you can see here, just by putting that script into that site there, they were able to bring up its cookies, or they could use it as a dire service attack for the website, or whatever the type of attack that they wanna use. And this is a very simple and very easy way to, sort of, demonstrate cross-site scripting. The beauty of this site is it's quite good in demonstrating these type of techniques, and you can actually see in the site, if you clicked through, through into the site itself, you can actually see a method or a methodology that's been used for the attack, and how to defend against it. Which is obviously always a positive benefit.  

The last demonstration I'm gonna for you on this one here is an SQL injection attack. Using the same website, and this is SQL injection. Now, SQL is structured query language. It's to do with databases. You're attacking a database of some form. So, we're gonna see an example. I'm gonna attack a vulnerable banking application, which is vulnerable to this type of attack. 

And you can see this bank application's come up. You'll see down on the bottom, there's a logs folder, which-, where all the logs in terms of the communication, whatever interaction with the site, will come up in terms of the information from it, and you'll see me start to break the application and more errors will come up. And then eventually it will give me full access to the site itself. So, let's just do an example of that. First of all, it wants me to put an e-mail address in there, which is obviously a test one. So user@email.com and then password, obviously just a simple demonstration there, -password. And this will basically not give me access to the site cause I'm not a recognised user and you can see there ‘Unknown e-mail or password’. So quite a normal thing that you might come across yourself when you've gone onto different sites. Can't render the login page because I'm not a recognised user. Now, with this one here, I'm going to do it again. I'm gonna put the same e-mail address in again and I'm gonna add an apostrophe at the end of password, and this is gonna cause an error on the database itself, ‘cause it is vulnerable to this application. By just adding an apostrophe in there, because the system is vulnerable to an SQL injection attack, which will-, could affect the database, by just injecting and putting that extra code in there, it's gonna cause unforeseen circumstances on the website. So, I've just entered that password in there and you can see an error's occurred, and it's going, 'Ooh, not a recognised user,' but the apostrophe code itself, because the application is vulnerable, has made it vulnerable to unexpected errors which could then be manipulated by a hacker, which you will see as we progress in this type of attack.   

So, you’ll see the SQL syntax error's coming up. It's telling you some of the information about what the error is. Sometimes too much information in the error code can also be used by hackers to identify further ways of attacking your websites themselves. So, we can see there 'unexpected error has happened on the website,' which has caused unforeseen circumstances on the site. And you can also see on the code side itself, the application code itself and the background, has caused some problems behind the scenes. So, this error has caused the application to become vulnerable. And as you'll see, as we progress with this one, by entering the same password again, and the web-, bear in mind the website is not happy with something I've entered before, but because it's vulnerable, I'm gonna basically break the database by entering this code again, and then I can exploit the database by putting another script language in later on. So, a password with apostrophe on again, caused another unexpected error, and it's shown-, it's rendering the page and it's showing it's vulnerable to further exploitation by myself. And you can see here, the quotes inserted directly into the SQL strain so it's actually embed itself in the code and changed the code in the background, which obviously then, from a hacker perspective, can be manipulated. So now, I'm gonna enter in a very common command that we put in for SQL injection attack. Now, when you come to do your exam, if this-, if you see this code in the exam question, then that type of question could tell you, or indicate to you, this is an SQL injection attack. So, I'm gonna put the apostrophe in again and then I'm also gonna go one equals-, one equals one, and then minus minus, and that would indicate a SQL injection attack.  

So, if you saw that question in the exam, that would be an SQL injection attack. And then I'm gonna click login. Because the system is vulnerable to this type of application, I've broken the application, and now I've got a direct access to the bank account or I could download the data from the website. So, these are different options that people could do on this type of site and exploit this different way. So, this is a, a good way to, sort of, demonstrate, see how it happens. If you wanna click through it, you'll be able to see some further information about it to help you, but this is the end of this type of attack, so I hope you've enjoyed that little session there.