Explanation of DDoS Attacks and SQL Injections

May 6, 2016 | Views: 18816

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

In most articles about hacking attacks, you usually learn of attacks by groups like Anonymous, LulzSec and AntiSec. And, you’ve also heard about websites and platforms that have been hacked, including, Sony for example. But, are you aware of the methods used to break down these services?

There are many tools and techniques that some hackers use to reach their goals, but I won’t give you this turnkey. Here, I’ll briefly explain the operating principle of the two most known attacks on the web:

DDoS (Distributed) Denial of Service
SQL injections or SQLi

 

DDoS attacks (Distributed) Denial of Service

First of all, what is a DDoS attack?

A Denial of Service (also known as Distributed Denial of Service, or DDoS) results in denial-of-service attack. This kind of attack is to make a service unavailable. Here, I use the example of an attack on a web server by flooding the network to prevent its operation. You understood the objective and a successful DDoS attack is to render a website inoperative for everyone.

 

How Does it Work?

In a DDoS attack, it’s all about logistics. Nothing like an example to explain it all 🙂

Take a good million malicious people coming together in order to sabotage X company’s affairs using its call center. They will coordinate their actions to all call company X simultaneously on Friday at 10am. The company will be bombarded with millions of phone calls and probably won’t manage it very well. The result is that legitimate customers wanting to call this company will struggle to reach them.

A DDoS attack on a web server works exactly the same way. Indeed, there’s virtually no way of knowing if the generated traffic comes from legitimate requests or hackers. This type of attack is usually very effective, but requires substantial resources following the targeted server.

 

Implementation of the Attack

A DDoS attack works virtually like a brute force. You’ll need a fairly large number of computers to attack all coordinates simultaneously. According to the call center example I gave you, you can imagine it’s rather difficult to directly control thousands of computers to attack a server. This is where zombie machines come in.

As you probably know, there are a multitude of malware and Tojans that, once installed on a system. lay dormant pending instructions from the hacker who created them. One such instruction could be to send multiple requests to a web server. And, so one hacker who wanted to infect several thousand computers could use them to perpetrate the attack.

With the use of multiple botnets in general it is very difficult to trace the source of such attacks because the hacker does not have to use its own machine to perform its action (besides controlling botnets but it goes without saying).

 

SQL or SQLI Injections

What is SQL injection?

A SQL injection is an achievement – that is to say, a security flaw in an application connected to a database. Typically, such flaws leverage bad programming techniques of some developers. ^^

This attack allows a compromise on even a server database if the user using the database system rights. But unlike a DDoS attack, a SQLi attack can be easily avoided if a web application is programmed correctly.

Implementation of the attack

When you want to connect to a web site, you enter your user name and password. To test these settings, the web application will make a request of this type:

1
SELECT user_id FROM users WHERE username = ‘myuser’ AND password = ‘mypass’;

Note: The string variables must be enclosed in single quotes.

Thus, the combination of username (myuser) and password (mypass) must match a line in the table of users (users) to a user_id, which would be returned.

If no line is, no user_id is sent back. In this way, the connection with the entered password is invalid.

However, if a user enters a substitution value that can be interpreted in the query, then at that time your application is susceptible to SQL injection.

Suppose myuser ‘- entered the fields username with any password. This would give:
1
SELECT user_id FROM users WHERE username = ‘myuser’ – ‘AND password =’ mypass’;

The key to this application is the inclusion of two hyphens (-). This is actually the token to comment out an SQL query. And, so everything after the two dashes will be ignored. Here the query executed will be:
1
SELECT user_id FROM users WHERE username = ‘myuser’

As you’ve noticed, the most glaring omission here is the verification of the password! And, this is by including the username both times that the password is completely ignored. This is called a SQL injection.

The results

By imagining that the site has full control over its database, then the consequences can be quite devastating. This can give the possibility to hack, delete, create or edit database records, etc …

To illustrate the damage that can be caused, consider this type of request:
1
SELECT user_id FROM users WHERE username = ‘lama’; DROP TABLE users; – ‘AND password =’ mypass’;

Here, we’ve entered the user name input fields Lama ‘; DROP TABLE users; -. The semicolon used to end a statement and to create a new following. DROP TABLE users; will delete the users table in the database. Basically, the query executed by data base will be:
1
SELECT user_id FROM users WHERE username = ‘lama’;
2
DROP TABLE users;

Sure, SQL permissions as the hacker, can be a lot worse! As you clear the entire database, create new logins, etc…

 

Protect a SQL Injection

SQL injection can be easily circumvented by “disinfectant” or “escaping” the data. In English, we can translate these words to “Sanitize” or “Escape”. In this way, a chain inside a request cannot be terminated prematurely.

For example, to search the user name Wada in database, you’re forced to escape the single quote after the L. So, you can “sanitize” the chain by inserting a “.”

Returning to the previous SQL injection example with the value myuser ‘-.
1
SELECT user_id FROM users WHERE username = ‘myuser ‘ – ‘AND password =’ mypass’;

Escaping the single quote after myuser, the database will search the user name myuser ‘-. So, the query is executed fully and includes the second condition on the password.

There are several methods to escape a string in a request. With PHP, for example, you can use the mysql_real_escape_string () to escape a string in a request.
1
$ Sql = “SELECT user_id FROM users”;
2
$ Sql. = “WHERE username = ‘”. mysql_real_escape_string ( “myuser” – “). “”;
3
$ Sql. = “AND password = ‘”. mysql_real_escape_string ( “mypass”). “”;
4
$ Res = mysql_query ($ sql);

 

In Summary:

That is just about everything you need to know about DDoS attacks and SQL injections. And, although the attacks on the web are changing and becoming more sophisticated or moving into other types of vulnerabilities, it’s important to remember that, in general, they’re related negligence / developer (s).

 

– By Antr4ck –

Save

Save

Save

Save

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
23 Comments
  1. Good Work
    Share the same for different attacks so that everyone is aware of them. Include also Brute Force/Dictionary just to make people aware of different attacks. Browser based attack articles also will support.

  2. Nice article, keep it up good work!

  3. This is very informative and a great knowledge. I want to learn SQL injection is any one here…

  4. @Antr4ck This was a very informative article. There are some incomplete thoughts/missing words in sentences that did make it harder to read through. Cleaning that up would make it even better, thanks for the article!

  5. Thank you all for your comments! If you have any questions, don’t hesitate. 😉

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel