Session Hijacking Tools-04

0 0

Hacking Tool: Juggernaut
  • Juggernaut is a network sniffer that can be used to hijack TCP sessions. It runs on Linux Operating systems.
  • Juggernaut can be set to watch for all network traffic or it can be given a keyword like password to look out for.
  • The main function of this program is to maintain information about various session connections that are occurring on the network.
  • The attacker can see all the sessions and he can pick a session he wants to hijack.
Tools
Juggernaut is basically a network sniffer that can also be used to hijack TCP sessions. It runs on Linux and has a Trinux module as well. Juggernaut can be activated to watch all network traffic on the local network.
For example, Juggernaut can be configured to wait for the login prompt, and then record the network traffic that follows (usually capturing the password). By doing so, this tool can be used to capture certain types of traffic by simply leaving the tool running for a few days, and then the attacker just has to pick up the log file that contains the recorded traffic. This is different than regular network sniffers that record all network traffic making the log files extremely huge (and thus easy to detect).
However, the main feature of this program is its ability to maintain a connection database. This means an attacker can watch all the TCP based connection made on the local network, and possibly "hijack" the session. After the connection is made, the attacker can watch the entire session (for a telnet session, this means the attacker sees the "playback" of the entire session. This is like actually seeing the telnet window).
When an active session is watched, the attacker can perform some actions on that connection, besides passively watching it. Juggernaut is capable of resetting the connection (which basically means terminating it), and also hijacking the connection, allowing the attacker to insert commands in the session or even to completely take the session into his hands (resetting connection on the legitimate client).

Hacking Tool: Hunt
Download Link : http://lin.fsid.cvut.cz/^kra/index.html

Hunt is a program that can be used to listen, intercept, and hijack active sessions on a network.
Hunt Offers:
  • Connection management
  • ARP Spoofing
  • Resetting Connection
  • Watching Connection
  • MAC Address discovery
  • Sniffing TCP traffic
Tools
Hunt is designed by Pavel Krauz. Hunt is considered by many to be one of the best session hijacking tools available because it is well written and has a comprehensive feature set. The hunt doesn't distinguish between local network connections and connections going to/from Internet. It can handle all connections it sees. Connection hijacking is aimed primarily at the telnet or rlogin traffic. In the words of its author, "the main goal of the HUNT project is to develop [a] tool for exploiting well known weaknesses in the TCP/IP protocol suite".

The features of version 1.5 of Hunt include:
  • Detection and watching of active connections.
  • Insertion of commands into a session: With ARP spoofing the user can force the Switch to send the traffic for hosts on another segment/switched port. This may not work if the Switch has some security policy and MACs have been explicitly set up on a per port basis but in reality this configuration is hardly done on an "ordinary" network.
  • Total takeover of a session.
  • Synchronization of the original client with the server after a hijack: This is one of the main features of hunt. If the user inputs some data to the TCP stream (through simple active attack or ARP spoofing), he can desynchronize the stream from the server/original client point of view. He can also synchronize the connection after his objective is met. The main goal behind this is to synchronize the sequence numbers on both client and server again.
  • Connection reset: With a single properly constructed packet the user can reset the connection (RST flag in TCP header). User can reset server, client, or both. When user resets only one end the other end is reset. This is because when it tries to send data to the first host it will respond with RST as the connection is already.
  • Network sniffing with the ability to search for a particular string.
  • Handling of ACK storms with ARP (Address Resolution Protocol) spoofing: User can insert packets to the network (rerouting) it receives from ARP spoofed hosts.
Illustration
  1. Alice opens a telnet session to Bob and starts doing some work.
  2. Eve uses Hunt to observe all connections passing her location on the network. Seeing the connection between Alice and Bob, Eve selects it for hijacking.
  3. Eve sends an ARP reply to Alice, mapping Bob's IP address to a MAC address that does not exist on the LAN segment.
  4. Eve sends an ARP reply to Bob, mapping Alice's IP address to a MAC address that does not exist on the LAN segment.
  5. Alice and Bob will try to send data to each other, but because their respective ARP caches contain mappings to non-existent MAC addresses, the data will not arrive at the intended destination. However, Eve, who is strategically located in the middle and listening in promiscuous mode, is able to capture all traffic between Alice and Bob.
  6. Eve can use Hunt's ARP daemon to control the traffic between Alice and Bob. She can insert commands, completely take over the session or simply relay all the traffic between Alice and Bob. Bob thinks that he is still connected with Alice. Alice will notice a lack of response from Bob if Eve hijacks the session. During the hijack there will not be an ACK storm because Alice is not receiving data from Bob.
  7. Eve must be located on a network segment that is passing traffic between Alice and Bob. in order that other connections on the network are not affected by Eve's attack, Eve uses Hunt's ARP relay daemon to relay the data for some of these connections.
Hacking Tool: TTY Watcher
Download Link : http://www.cerias.purdue.edu
  • TTY-watcher is a utility to monitor and control users on a single system.
  • Sharing a TTY. Anything the user types into a monitored TTY window will be sent to the underlying process. In this way you are sharing a login session with another user.
  • After a TTY has been stolen, it can be returned to the user as though nothing happened.
(Available only for Sun Solaris Systems.)
Tools
TTY-Watcher is a utility to monitor and control users on a single system. It is based on our IP-Watcher utility, which can be used to monitor and control users on an entire network. It is similar to advice or tap, but with many, more advanced features and a user friendly (either X-Windows or text) interface

TTY-Watcher allows the user to monitor every tty on the system, as well as interact with them by:
  1. Sharing a TTY. Anything the user types into a monitored TTY window will be sent to the underlying process (and consequently echoed back to the real owner of the TTY). In this way, the user is "sharing" a login session with another user.
  2. Termination. At the click of a button (or an escape sequence with the text interface), the current connection can be instantly terminated.
  3. Stealing. Another click of the button allows the user to "steal" the monitored TTY. The TTY will continue to function as normal for the TTY-Watcher user, but the real owner of the TTY will see no output, and his keystrokes will be ignored.
  4. Returning the TTY. After a TTY has been stolen, it can be returned to the user, as though nothing happened.
  5. Sending the user a message. A message can be sent to the real owner of the TTY without interfering with the commands he's typing. The message will only be displayed on his screen and will not be sent to the underlying process.
Aside from monitoring and controlling TTYs, individual connections can be logged to either a raw logfile for later playback or to a text file. Currently TTY-Watcher works under SunOS 4.x and Solaris 2.x systems.

Hacking Tool: IP watcher
Download Link : http://engarde.com
  • IP watcher is a commercial session hijacking tool that allows you to monitor connections and has active countermeasures for taking over a session.
  • The program can monitor all connections on a network allowing an attacker to display an exact copy of a session in real-time, just as the user of the session sees the data.
Tools
IP-Watcher is a network security and administration tool that can control any login session on the network. IP-Watcher is an extremely valuable tool for investigating suspicious activity, obtaining evidence of misuse, and also to obstruct malicious users before they do any damage. This network monitoring tool can be used to inspect the data being transferred between two hosts. It can monitor all the connections on a network, allowing the user to display an exact copy of a session in real-time, just as the user of the session sees the data.

From an attacker's perspective, IP-Watcher lets him hijack an IP session by clandestinely diverting the victim to a rogue computer, where he will be tricked into thinking that he is still at the legitimate IP address. When the tool is used for legitimate purposes, it can gather evidence against the attacker. In the words of the author, "These connections are an intruder's footprints, and the best way to catch the intruder is to have an advanced visualization of those footprints."

The Windows version of IP-Watcher is T-sight. There are a number of ways an attacker can use IP-Watcher. IP-Watcher can create network traffic with spoofed source and destination addresses. This makes it possible to kill any user's connection. This could be used to deny access to a legitimate user.
When IP-Watcher terminates a user's connection while trying to log in, it appears to the user as a network fault. If the user tries to log in again, IP-Watcher can divert his connection so that it steals the user's password. If a system administrator uses the "su" command to enter a root account, IP-Watcher will sniff the clear text password through its ability to log keystrokes. It can be configures to log what it sniffs into small files. This can prevents the sysadmin from discovering a hidden sniffer by looking for unexplained large files. IP-Watcher can be used to hijack a connection by a trusted user using a one time password. While the user is going about his or her business, the intruder can be secretly using the same connection to install back doors.

T-Sight
Download Link : http://engarde.com
  • T-Sight, an advanced intrusion investigation and response tool for Windows NT and Windows 2000 can assist you when an attempt at a break-in or compromise occurs.
  • With T-sight, you can monitor all your network connections (i.e. traffic) in real-time and observe the composition of any suspicious activity that takes place.
  • T-Sight has the capability to hijack any TCP sessions on the network.
  • Due to security reasons Engarde Systems licenses this software to pre-determined IP address.
Attack Methods
T-sight, is an advanced intrusion investigation and response tool for Windows NT and Windows 2000 platforms. It can assist when an attempt at a break-in or a compromise occurs. It is an automatic intrusion detection system. However, it can be configured to activate when certain transactions take place.

It is specifically designed to investigate user defines activity and then let the user take action to stop the attack (take over or terminate the connection). T-sight supplements the authentication program, which can be circumvented through session hijacking or a backdoor left by an attacker. It can interpret connections for telnet, rlogin, ftp, smtp, sib, rsh and http. The program presents a customizable interface listing the connections established on the netw ork.

Remote TCP Session Reset Utility
This security tool can remotely display all active sessions on a terminal server, router, dial-in server, access server, etc. The user can reset any TCP session remotely.
Resetting a connection is simple.
  1. Start up the remote TCP session reset
  2. Enter the IP address of the machine whose connection is to be reset.
  3. Enter the read-write community string.
  4. Click on connect to retrieve a list of active TCP connections
  5. Click on the connection that is to be disconnected, and select 'Break' from the toolbar.
Protecting against Session Hijacking
  1. Use Encryption
  2. Use a secure protocol
  3. Limit incoming connections
  4. Minimize remote access
  5. Have strong authentication.
Countermeasure
When practical, limit successful sessions to specific IP addresses. This usually only works when dealing within an intranet setting, where the IP ranges are predictable and finite.
Countermeasure
Re-authenticate the user before critical actions are performed. If possible, try to limit unique session tokens to each browser instance (e.g. generate the token with a hash of the MAC address of the computer and process id of the browser, etc.) Configure the appropriate spoof rules on gateways (internal and external). Monitor for ARP cache poisoning, by using IDS products or ARPwatch.
Countermeasure
Use x.509 certificates to prevent more traditional types of TCP hijacking.
Countermeasure
Use encryption. This can be done by one or more of the following.
  • Forcing all incoming connections from the outside world to be fully encrypted.
  • Forcing all connections to critical machines to be fully encrypted.
  • Forcing all traffic on the network to be encrypted.
  • Using encrypted protocols, like those found in the OpenSSH suite. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keygen and sftp-server.
Countermeasure
Use strong authentication (like Kerberos) or peer-to-peer VPN's.


Summary
  • In the case of a session hijacking an attacker relies on the legitimate user to connect and authenticate and then take over the session.
  • In spoofing attack, the attacker pretends to be another user or machine to gain access.
  • Successful session hijacking is extremely difficult and only possible when a number of factors are under the attacker s control.
  • Session hijacking can be active or passive in nature depending on the degree of involvement of the attacker in the attack.
  • A variety of tools exist to aid the attacker in perpetrating a session hijack.
  • Session Hijacking could be very dangerous and there is a need for implementing strict countermeasures.

COMMENTS

BLOGGER
Group Of Oceninfo™ © , All Rights Reserved.
Name

©2012 Oceninfo.co.cc,2,10:29 IST,1,2012,1,Adfly Bot,2,AFCEH,1,Ajax security,1,all posts for education purpose only...www.facebook.com/princebhalani,1,Android,1,android developer,1,android phone,1,android phone-1,1,anonymous email,1,Anti-Trojan software,8,Antivirus,1,Apple,1,article marketing,1,at risk,1,attacks,1,australian federal police,1,Auto Clicker,1,Auto surfer,1,backtrack link,2,Bank Hacking,2,BCMSN,2,BIOS Update,1,Blockchain,1,Blog and tagged Ransomware,1,boot fast...,1,boot xp faster,1,Business Deals,1,Bypass Antivirus and Hack Window Systems,1,CCIE,2,CCNA,2,CCNP,2,CEH,2,challenge-response system,1,Changing Root Bridge Election Results,2,code,2,commands,1,company deals,1,Computer Hacking,3,Connect,1,cookie stealing,3,Country,1,Crack,1,Credit Card Fraud,2,credit cards,1,Cryptography,1,cyber cell updated,1,cyber security,1,DATA CARD TRICK,1,delhi,1,Digital Marketing,1,direct admission in any colleges,2,Direct Link,3,Directory Traversal Attacks,1,Dos and Ddos,1,DotNetNuke Remote File Upload Vulnerability,1,Earn Lots of money,3,EARN MONEY PART2,1,earnings in$,1,email hacking,4,email spoofing,2,Er Prince Bhalani jobs,1,Ethical Hacker job,1,ethical hacking,8,exploit,1,facebook autoliker,1,Facebook tricks,3,Fake Mail,1,fake sms,1,FB hackz,1,FBI,1,FBI HACKERS,2,FBI Jobs,2,featured,6,Finger scan,1,fingerprint Hacking,1,format without pain,1,Free Download,1,Free Flash Templates,1,free hacking book,5,Free Recharge,1,free sms,2,Freebeacon,1,friendship day,2,friendship day image,2,friendship image,1,Future Computer,2,future of hacking,1,Gadgets,1,good clean fun,1,google,3,Google Ads,1,google adsense account,1,Google hacking,3,google hacks,1,google search,1,hack,2,hack the world,2,HACK WEBSITES USING SQL INJECTION,2,hacker,1,hacker uni,1,hacker/LPT/etc,1,hackers,2,Hackerz info,1,hacking,4,hacking games,1,hacking matterial,1,HACKING OFER,1,hacking softwares,1,hacking tools,2,Hacking with Mobile phones,1,HackingTeacher Security Solutions,1,hacks,1,hijack,1,history of hacking,1,How to,8,How to Hack,37,how to play,1,How to sniff,1,html,1,HTTPS/SSL secured sites,1,I LOVE YOU VIRUS,1,i-phone hacking,1,ICITAM 2012,1,iCloud Era,1,In Flow,1,indian cyber cell,4,information security,1,interesting,1,inurl:fcklinkgallery.as,1,IP hacks,1,iphone,1,IT Act,1,IT Decision Maker,1,IT Implem_App/LOB Spec,1,IT Implem_Desktop/EndUser Spec,1,IT Implem_Infrastructure Spec,1,IT Implem_IT Generalist and IT Manager.,1,it security,1,java,1,jobs for ethical hacker,3,jobs in hacking,5,Joe job,1,Just for education purpose only,1,Kaspersky,1,kaspersky crack 2013,1,keyboard hacking,1,keyloggers,1,keywords,1,Laptop Tracking,1,Laws of computer crime,1,Learn Cracking,1,Learn Website Hacking,7,Linkbucks Bot,1,Macromedia Flash,1,make some rules...|||_|||,1,malicious code,1,Malware,1,malware analysis,1,man in the middle attack (LAN),1,master,1,master list,1,metasploit,3,Microsoft scams,1,mobile,1,mobile recharge,1,moblie phone hacking,1,munging,1,network hack,1,Network Sniffers,1,new command set,1,new projects,1,nmap,1,No Survey,1,not infrequent,1,online scanners,1,paisa live hack,1,panetration for educational purpose only,1,Parental Controls,1,password hacking,4,Password sniffing with arp poisoning,1,PC TIPS,1,PE_PARITE (Trend Micro),1,penetration testing,1,pharming,1,phishing,1,phone hacking charged,1,PHP,1,pin ball,1,Play WMV Files,1,Press Trust of India / New Delhi Aug 15,1,Prime minister,1,prince bhalani,1,princebhalani,1,Professional job in FBI,1,Professional Penetration Testing,1,Programming,1,Programming of virus,2,protect my pc against hackin,1,proxy list by http,1,Proxy SOCKS Port,1,R-Admin With Key,1,Radmin,1,RAW Jobs,1,Real Hackers vs fake ethical hackers. ..:),1,Register of Known Spam Operations (ROKSO),1,repair corrupt hard disk,1,RFT,1,Robbery,1,Rupert Murdoch,1,SAMPLE,1,Sample dynamic flash template from TM website,1,Scams,2,Scanned Vulnerabilities,1,SEA,2,search engine hacking,1,Search Operators,1,Security,2,Security breach,1,security code brack,1,SEM,4,SEO,112,SEO Mistakes,1,SEO TOOLS,1,SEO Tricks,3,SERM,1,SERP,1,Session Hijacking,4,SET,1,shell commands...,1,shell list with download,1,SITES,1,Smart Home,1,Smartphones,1,SMM,1,SMO,2,sms spoofing,1,SMTP Servers,1,Sniffing passwords,1,Sothink SWF Decompiler,1,spam cocktail (or anti-spam cocktail),1,spam trap,1,spear phishing,2,SQL hacking,2,SQL Injection Attacks by Example,2,SSL,1,SSL Analysis,1,starting of help,1,System Information,1,System Restore,1,Tablet in 1000,1,Tablets,1,Temporary Email Service,1,time need,1,timer,1,tracing,1,Traffic,3,tricks,5,Tricks and Tips,1,Trojan,1,Trojan tools,1,Trojans and Backdoors,2,trojon,7,Turbo C++,1,UK phone hacking,1,UK phone hacking arrest,1,USA JOBS,4,Virus,2,virus writing,2,VPN,1,vulnerabilities,1,vulnerability assessment,1,W32/Pate (McAfee),1,W32/Pinfi (Symantec),1,Washington,2,web hacking,6,web security,1,Website Development,1,Website Hacking,3,White House,1,wifi hacking,3,Win32 : parite (Avast),1,Win32.Parite (Kaspersky),1,Win32/Parite,1,windows,2,Windows 8 event for IT Professionals,1,wirless hack,1,WordPress,1,WordPress hacking,1,working with Virus and worm,9,XP Hacking,1,xp hacking-1,1,XP part 3,1,xss hacking,1,
ltr
item
Group Of Oceninfo: Session Hijacking Tools-04
Session Hijacking Tools-04
Group Of Oceninfo
https://oceninfo.blogspot.com/2012/06/session-hijacking-tools-04.html
https://oceninfo.blogspot.com/
https://oceninfo.blogspot.com/
https://oceninfo.blogspot.com/2012/06/session-hijacking-tools-04.html
true
6415817773321450103
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy