Specialists publish vulnerabilities in DDoS tools
The control server DDoS toolkits Dirt Jumper can be compromised by a SQL injection vulnerability and expropriate essentially completely. These vulnerabilities published, which specializes in protection against DDoS company Prolexic, whose website is achieving little more since then.
Prolexic discovered several units that take where the PHP programs of underground toolkits traded call parameters unfiltered query the MySQL database. It is possible to detect some of the open source tool sqlmap and then use it to display the contents of the PHP config file. Containing credentials in plain text, with which one could log in as administrator on the web front end DDoS toolkits. Prolexic describes the necessary commands in detail, but who she is against foreign server does, thus possibly even prosecution.
If one goal is just an acute DDoS attack itself that benefits anyway while, because the Command & Control server does not participate in the attacks - not appeared on the log files from the server. It only controls the activities of the drones. To get to the C & C server, you would have to first get such under his control and analyze their communication - which proves in practice often be quite difficult. Probably also just Prolexic is struggling. For their web sites since the publication of the "Vulnerability Disclosure Reports", which you can relate to giving his contact information to reach any more.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment