Home 0P3N Blog Explanation of DDoS Attacks and SQL Injections
Ready to Start Your Career?
Create Free Account
Antr4ck s profile image
By: Antr4ck
May 6, 2016

Explanation of DDoS Attacks and SQL Injections

By: Antr4ck
May 6, 2016
Antr4ck s profile image
By: Antr4ck
May 6, 2016
Explanation of DDoS Attacks and SQL Injections - CybraryIn most articles about hacking attacks, you usually learn of attacks by groups like Anonymous, LulzSec and AntiSec. And, you've also heard about websites and platforms that have been hacked, including, Sony for example. But, are you aware of the methods used to break down these services?There are many tools and techniques that some hackers use to reach their goals, but I won't give you this turnkey. Here, I'll briefly explain the operating principle of the two most known attacks on the web:-- DDoS (Distributed) Denial of Service-- SQL injections or SQLi DDoS attacks (Distributed) Denial of ServiceFirst of all, what is a DDoS attack?A Denial of Service (also known as Distributed Denial of Service, or DDoS) results in denial-of-service attack. This kind of attack is to make a service unavailable. Here, I use the example of an attack on a web server by flooding the network to prevent its operation. You understood the objective and a successful DDoS attack is to render a website inoperative for everyone. How Does it Work?In a DDoS attack, it's all about logistics. Nothing like an example to explain it all :)Take a good million malicious people coming together in order to sabotage X company's affairs using its call center. They will coordinate their actions to all call company X simultaneously on Friday at 10am. The company will be bombarded with millions of phone calls and probably won't manage it very well. The result is that legitimate customers wanting to call this company will struggle to reach them.A DDoS attack on a web server works exactly the same way. Indeed, there's virtually no way of knowing if the generated traffic comes from legitimate requests or hackers. This type of attack is usually very effective, but requires substantial resources following the targeted server. Implementation of the AttackA DDoS attack works virtually like a brute force. You'll need a fairly large number of computers to attack all coordinates simultaneously. According to the call center example I gave you, you can imagine it's rather difficult to directly control thousands of computers to attack a server. This is where zombie machines come in.As you probably know, there are a multitude of malware and Tojans that, once installed on a system. lay dormant pending instructions from the hacker who created them. One such instruction could be to send multiple requests to a web server. And, so one hacker who wanted to infect several thousand computers could use them to perpetrate the attack.With the use of multiple botnets in general it is very difficult to trace the source of such attacks because the hacker does not have to use its own machine to perform its action (besides controlling botnets but it goes without saying). SQL or SQLI InjectionsWhat is SQL injection?A SQL injection is an achievement - that is to say, a security flaw in an application connected to a database. Typically, such flaws leverage bad programming techniques of some developers. ^^This attack allows a compromise on even a server database if the user using the database system rights. But unlike a DDoS attack, a SQLi attack can be easily avoided if a web application is programmed correctly.Implementation of the attackWhen you want to connect to a web site, you enter your user name and password. To test these settings, the web application will make a request of this type:1SELECT user_id FROM users WHERE username = 'myuser' AND password = 'mypass';Note: The string variables must be enclosed in single quotes.Thus, the combination of username (myuser) and password (mypass) must match a line in the table of users (users) to a user_id, which would be returned.If no line is, no user_id is sent back. In this way, the connection with the entered password is invalid.However, if a user enters a substitution value that can be interpreted in the query, then at that time your application is susceptible to SQL injection.Suppose myuser '- entered the fields username with any password. This would give:1SELECT user_id FROM users WHERE username = 'myuser' - 'AND password =' mypass';The key to this application is the inclusion of two hyphens (-). This is actually the token to comment out an SQL query. And, so everything after the two dashes will be ignored. Here the query executed will be:1SELECT user_id FROM users WHERE username = 'myuser'As you've noticed, the most glaring omission here is the verification of the password! And, this is by including the username both times that the password is completely ignored. This is called a SQL injection.The resultsBy imagining that the site has full control over its database, then the consequences can be quite devastating. This can give the possibility to hack, delete, create or edit database records, etc ...To illustrate the damage that can be caused, consider this type of request:1SELECT user_id FROM users WHERE username = 'lama'; DROP TABLE users; - 'AND password =' mypass';Here, we've entered the user name input fields Lama '; DROP TABLE users; -. The semicolon used to end a statement and to create a new following. DROP TABLE users; will delete the users table in the database. Basically, the query executed by data base will be:1SELECT user_id FROM users WHERE username = 'lama';2DROP TABLE users;Sure, SQL permissions as the hacker, can be a lot worse! As you clear the entire database, create new logins, etc... Protect a SQL InjectionSQL injection can be easily circumvented by "disinfectant" or "escaping" the data. In English, we can translate these words to "Sanitize" or "Escape". In this way, a chain inside a request cannot be terminated prematurely.For example, to search the user name Wada in database, you're forced to escape the single quote after the L. So, you can "sanitize" the chain by inserting a "."Returning to the previous SQL injection example with the value myuser '-.1SELECT user_id FROM users WHERE username = 'myuser ' - 'AND password =' mypass';Escaping the single quote after myuser, the database will search the user name myuser '-. So, the query is executed fully and includes the second condition on the password.There are several methods to escape a string in a request. With PHP, for example, you can use the mysql_real_escape_string () to escape a string in a request.1$ Sql = "SELECT user_id FROM users";2$ Sql. = "WHERE username = '". mysql_real_escape_string ( "myuser" - "). "";3$ Sql. = "AND password = '". mysql_real_escape_string ( "mypass"). "";4$ Res = mysql_query ($ sql); In Summary:That is just about everything you need to know about DDoS attacks and SQL injections. And, although the attacks on the web are changing and becoming more sophisticated or moving into other types of vulnerabilities, it's important to remember that, in general, they're related negligence / developer (s). - By Antr4ck -SaveSaveSaveSave
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry