Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is this hacker trying to do?

If you do a search for:

http://www.google.co.uk/search?q=0x57414954464F522044454C4159202730303A30303A313527&hl=en&start=30&sa=N

you will see a lot of examples of an attempted hack along the lines of:

1) declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --

What is exactly is it trying to do? Which db is it trying to work on? Do you know of any advisories about this?

like image 489
JW. Avatar asked May 28 '10 14:05

JW.


People also ask

What do cyber hackers want?

Social security numbers are the main target - they are worth much more to identity thieves to commit miscellaneous crimes pretending to be someone else. Hackers can open new credit and bank accounts, commit tax fraud, access brokerage accounts, get medical treatment or even apply for various benefits.

What do hackers actually do?

Computer hackers are unauthorized users who break into computer systems in order to steal, change or destroy information, often by installing dangerous malware without your knowledge or consent. Their clever tactics and detailed technical knowledge help them access the information you really don't want them to have.

Why do hackers hack you?

Some common reasons for hacking include basic bragging rights, curiosity, revenge, boredom, challenge, theft for financial gain, sabotage, vandalism, corporate espionage, blackmail, and extortion. Hackers are known to regularly cite these reasons to explain their behavior.


2 Answers

He is testing your server for SQL Injection, specifically this is a robust test that will work even if its Blind SQL Injection. Blind SQL Injection is when an attacker is able to execute SQL however, there isn't a viewable response. If the http request takes at least 15 seconds the attacker will know that he can execute SQL, and that your running MS-SQL. After this attack he will follow it up with a xp_cmpdshell() to infect your server.

like image 100
rook Avatar answered Oct 16 '22 17:10

rook


According to http://bytes.com/topic/mysql/answers/888849-hacker-attempt it looks like it's trying to run:

WAITFOR DELAY '00:00:15'

As others have pointed out it's not a DOS attack (as I originally stated) but merely a way to easily determine if the SQL Server is vulnerable and can be added to a list of hosts to perhaps further hack away at later on.

like image 22
Alistair Avatar answered Oct 16 '22 15:10

Alistair