Session Hijacking-03

0 0

Types of session Hijacking
There are two types of hijacking attacks:
  1. Active
    In an active attack, an attacker finds an active session and takes over.
  2. Passive
    With a passive attack, an attacker hijacks a session, but sits back and watches and records all of the traffic that is being sent forth.
Note
 Session hijacking can be active or passive in nature depending on the degree of involvement of the attacker in the attack. The essential difference between an active and passive hijack is that while an active hijack takes over an existing session, a passive attack monitors an ongoing session.

Generally a passive attack uses sniffers on the network allowing the attacker to obtain information such as user id and password so that he can use it later to logon as that user and claim his privileges. Password sniffing is only the simplest attack that can be performed when raw access to a network is obtained. Counters against this attack range from using identification schemes such as one-time password (e.g. skey) to ticketing identification (such as Kerberos). While these may keep sniffing from yielding any productive results, they do not insure the network from an active attack neither as long as the data is neither digitally signed nor encrypted.

In an active attack, the attacker takes over an existing session by either tearing down the connection on one side of the conversation or by actively participating by being the man-in-the-middle. These have been discussed at length under the discussion covering the various steps involved in a session hijack.
This requires the ability to predict the sequence number before the target can respond to the server. Sequence number attacks have become much less likely because OS vendors have changed the way initial sequence numbers are generated. The old way was to add a constant value to the next initial sequence number; newer mechanisms use a randomized value for the initial sequence number.

Sequence Numbers
  • Sequence Numbers are very important to provide reliable communication but they are also crucial to hijacking a session.
  • Sequence numbers are a 32-bit counter, which means the value can be any of over 4 billion possible combinations.
  • The sequence numbers are used to tell the receiving machine what order the packets should go in when they are received.
  • Therefore an attacker must successfully guess the sequence number to hijack a session.
TCP provides a full duplex reliable stream connection between two end points. A connection is uniquely defined by the IP address of sender, TCP port number of the sender, IP address of the receiver and TCP port number of the receiver.

Every byte that is sent by a host is marked with a sequence number and is acknowledged by the receiver using this sequence number. The sequence number for the first byte sent is computed during the connection opening. It changes for any new connection based on rules designed to avoid reuse of the same sequence number for two different sessions of a TCP connection.

We have sent the increment of sequence number in our discussion of the three way handshake. What happens if the sequence number is predictable? When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer.

The next step taken was to tighten the OS implementation of TCP and introduce randomness in the ISN. This was done by the use of pseudo-random number generators (PRNGs). PRNGs introduced some randomness when producing ISNs used in TCP connections. However, adding a series of numbers together provided insufficient variance in the range of likely ISN values; thereby allowing an attacker to disrupt or hijack existing TCP connections or spoof future connections against vulnerable TCP/IP stack implementations.

This implied that systems relying on random increments to make ISN numbers harder to guess were still vulnerable to statistical attack. In other words, with the passage of time, even computers choosing random numbers will repeat themselves, because the randomness is based on an internal algorithm that is used by a particular operating system. Once a sequence number has been agreed to, all following data will be the ISN+1. This makes injecting data into the communication stream possible.

Threat
If a sequence number within the receive window is known, an attacker can inject data into the session stream or choose to terminate the connection. If the attacker knows the initial sequence number, he can send a simple packet to inject data or kill the session if he is aware of the number of bytes transmitted in the session this far.

As this is a difficult proposition, the attacker can guess a suitable range of sequence numbers and send out a number of packets into the network with different sequence numbers - but falling within the range. Since the range is known, it is likely that at least one packet will be accepted by the server. This way, the attacker need not send a packet for every sequence number, but resort to sending an appropriate number of packets with sequence numbers a window-size apart. But how does he know how many packets are to be sent?

This is obtained by dividing the range of sequence numbers to be covered by the fraction of the window size that is used as an increment. Why was this possible despite the introduction of PRNGs? The problem lay in the use of increments themselves, random or otherwise, to advance an ISN counter, making statistical guessing practical. The result of this is that remote attackers can perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN. The more random the ISNs are, the more difficult it is to carry out these attacks.

Programs that perform Session Hijacking
  • There are several programs available that perform session hijacking. Following are a few that belongs to this category:
    • Juggernaut
    • Hunt
    • TTY Watcher
    • IP Watcher
    • T-Sight
There are few programs/source codes available for doing a TCP hijack.
  • Juggernaut
  • TTY Watcher
  • IP Watcher
  • T-Sight
  • Hunt

COMMENTS

BLOGGER
Group Of Oceninfo™ © , All Rights Reserved.
Name

©2012 Oceninfo.co.cc,2,10:29 IST,1,2012,1,Adfly Bot,2,AFCEH,1,Ajax security,1,all posts for education purpose only...www.facebook.com/princebhalani,1,Android,1,android developer,1,android phone,1,android phone-1,1,anonymous email,1,Anti-Trojan software,8,Antivirus,1,Apple,1,article marketing,1,at risk,1,attacks,1,australian federal police,1,Auto Clicker,1,Auto surfer,1,backtrack link,2,Bank Hacking,2,BCMSN,2,BIOS Update,1,Blockchain,1,Blog and tagged Ransomware,1,boot fast...,1,boot xp faster,1,Business Deals,1,Bypass Antivirus and Hack Window Systems,1,CCIE,2,CCNA,2,CCNP,2,CEH,2,challenge-response system,1,Changing Root Bridge Election Results,2,code,2,commands,1,company deals,1,Computer Hacking,3,Connect,1,cookie stealing,3,Country,1,Crack,1,Credit Card Fraud,2,credit cards,1,Cryptography,1,cyber cell updated,1,cyber security,1,DATA CARD TRICK,1,delhi,1,Digital Marketing,1,direct admission in any colleges,2,Direct Link,3,Directory Traversal Attacks,1,Dos and Ddos,1,DotNetNuke Remote File Upload Vulnerability,1,Earn Lots of money,3,EARN MONEY PART2,1,earnings in$,1,email hacking,4,email spoofing,2,Er Prince Bhalani jobs,1,Ethical Hacker job,1,ethical hacking,8,exploit,1,facebook autoliker,1,Facebook tricks,3,Fake Mail,1,fake sms,1,FB hackz,1,FBI,1,FBI HACKERS,2,FBI Jobs,2,featured,6,Finger scan,1,fingerprint Hacking,1,format without pain,1,Free Download,1,Free Flash Templates,1,free hacking book,5,Free Recharge,1,free sms,2,Freebeacon,1,friendship day,2,friendship day image,2,friendship image,1,Future Computer,2,future of hacking,1,Gadgets,1,good clean fun,1,google,3,Google Ads,1,google adsense account,1,Google hacking,3,google hacks,1,google search,1,hack,2,hack the world,2,HACK WEBSITES USING SQL INJECTION,2,hacker,1,hacker uni,1,hacker/LPT/etc,1,hackers,2,Hackerz info,1,hacking,4,hacking games,1,hacking matterial,1,HACKING OFER,1,hacking softwares,1,hacking tools,2,Hacking with Mobile phones,1,HackingTeacher Security Solutions,1,hacks,1,hijack,1,history of hacking,1,How to,8,How to Hack,37,how to play,1,How to sniff,1,html,1,HTTPS/SSL secured sites,1,I LOVE YOU VIRUS,1,i-phone hacking,1,ICITAM 2012,1,iCloud Era,1,In Flow,1,indian cyber cell,4,information security,1,interesting,1,inurl:fcklinkgallery.as,1,IP hacks,1,iphone,1,IT Act,1,IT Decision Maker,1,IT Implem_App/LOB Spec,1,IT Implem_Desktop/EndUser Spec,1,IT Implem_Infrastructure Spec,1,IT Implem_IT Generalist and IT Manager.,1,it security,1,java,1,jobs for ethical hacker,3,jobs in hacking,5,Joe job,1,Just for education purpose only,1,Kaspersky,1,kaspersky crack 2013,1,keyboard hacking,1,keyloggers,1,keywords,1,Laptop Tracking,1,Laws of computer crime,1,Learn Cracking,1,Learn Website Hacking,7,Linkbucks Bot,1,Macromedia Flash,1,make some rules...|||_|||,1,malicious code,1,Malware,1,malware analysis,1,man in the middle attack (LAN),1,master,1,master list,1,metasploit,3,Microsoft scams,1,mobile,1,mobile recharge,1,moblie phone hacking,1,munging,1,network hack,1,Network Sniffers,1,new command set,1,new projects,1,nmap,1,No Survey,1,not infrequent,1,online scanners,1,paisa live hack,1,panetration for educational purpose only,1,Parental Controls,1,password hacking,4,Password sniffing with arp poisoning,1,PC TIPS,1,PE_PARITE (Trend Micro),1,penetration testing,1,pharming,1,phishing,1,phone hacking charged,1,PHP,1,pin ball,1,Play WMV Files,1,Press Trust of India / New Delhi Aug 15,1,Prime minister,1,prince bhalani,1,princebhalani,1,Professional job in FBI,1,Professional Penetration Testing,1,Programming,1,Programming of virus,2,protect my pc against hackin,1,proxy list by http,1,Proxy SOCKS Port,1,R-Admin With Key,1,Radmin,1,RAW Jobs,1,Real Hackers vs fake ethical hackers. ..:),1,Register of Known Spam Operations (ROKSO),1,repair corrupt hard disk,1,RFT,1,Robbery,1,Rupert Murdoch,1,SAMPLE,1,Sample dynamic flash template from TM website,1,Scams,2,Scanned Vulnerabilities,1,SEA,2,search engine hacking,1,Search Operators,1,Security,2,Security breach,1,security code brack,1,SEM,4,SEO,112,SEO Mistakes,1,SEO TOOLS,1,SEO Tricks,3,SERM,1,SERP,1,Session Hijacking,4,SET,1,shell commands...,1,shell list with download,1,SITES,1,Smart Home,1,Smartphones,1,SMM,1,SMO,2,sms spoofing,1,SMTP Servers,1,Sniffing passwords,1,Sothink SWF Decompiler,1,spam cocktail (or anti-spam cocktail),1,spam trap,1,spear phishing,2,SQL hacking,2,SQL Injection Attacks by Example,2,SSL,1,SSL Analysis,1,starting of help,1,System Information,1,System Restore,1,Tablet in 1000,1,Tablets,1,Temporary Email Service,1,time need,1,timer,1,tracing,1,Traffic,3,tricks,5,Tricks and Tips,1,Trojan,1,Trojan tools,1,Trojans and Backdoors,2,trojon,7,Turbo C++,1,UK phone hacking,1,UK phone hacking arrest,1,USA JOBS,4,Virus,2,virus writing,2,VPN,1,vulnerabilities,1,vulnerability assessment,1,W32/Pate (McAfee),1,W32/Pinfi (Symantec),1,Washington,2,web hacking,6,web security,1,Website Development,1,Website Hacking,3,White House,1,wifi hacking,3,Win32 : parite (Avast),1,Win32.Parite (Kaspersky),1,Win32/Parite,1,windows,2,Windows 8 event for IT Professionals,1,wirless hack,1,WordPress,1,WordPress hacking,1,working with Virus and worm,9,XP Hacking,1,xp hacking-1,1,XP part 3,1,xss hacking,1,
ltr
item
Group Of Oceninfo: Session Hijacking-03
Session Hijacking-03
Group Of Oceninfo
https://oceninfo.blogspot.com/2012/06/session-hijacking-03.html
https://oceninfo.blogspot.com/
https://oceninfo.blogspot.com/
https://oceninfo.blogspot.com/2012/06/session-hijacking-03.html
true
6415817773321450103
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy