📝
Home
Pentesting
  • 📝Home
  • ⚒️PENTESTING
    • Foundational
      • Gaining Access
      • Session Hijacking
      • Buffer Overflows
        • Finding the Offset
        • Spiking
        • Fuzzing
      • Attack Basics
        • Brute Force Attacks
        • Credential Stuffing and Password Spraying
        • Netcat Shell Stabilization
        • Reverse Shells vs Bind Shells
        • Staged vs Non-Staged Payloads
      • Footprinting
    • Reconnaissance
      • Discovering Email Addresses
      • Hunting Subdomains
    • Scanning and Enumeration
      • Banner Grabbing
      • Enumerating HTTP and HTTPS
      • Enumerating SMB
      • Enumerating SSH
      • NetBIOS Enumeration
      • SNMP Enumeration
      • Sniffing
    • Privilege Escalation
      • 🐧Linux Privilege Escalation
      • 🪟Windows Privilege Escalation
        • Initial Enumeration
    • Defense Evasion
      • Hiding Files and Covering Tracks
      • Network Evasion
    • Attacking Services
      • Attacking Kerberos
      • Attacking VPNs
      • Denial of Service
      • Exploiting FTP
      • Exploiting NFS
      • Exploiting SMTP
      • Exploiting Telnet
    • Attacking Active Directory
      • Initial Attack Vectors
        • Gaining Shell Access
        • LLMNR Poisoning
        • SMB Relay
        • Passback Attacks
        • IPv6 Attacks
      • Post-Compromise Enumeration
        • Bloodhound
        • ldapdomaindump
        • PowerView
        • PlumHound
      • Post-Compromise Attacks
        • GPP Attacks
        • Print Nightmare
        • Token Impersonation using Incognito
        • URL File Attack
        • Pass Attacks
        • Kerberoasting
        • LNK File Attacks
        • Mimikatz
      • Post-Domain Compromise Attacks
        • Dumping the NTDS.dit
        • Golden Ticket Attacks
      • Post Exploitation
    • Toolkit
      • Burp Suite
        • Intruder
      • Hping
        • Crafting TCP and UDP Packets
      • Metasploit
        • Meterpreter
        • Shell Handler
        • Gather Information
        • Gaining Root
    • Web Application Hacking
      • Attack Methodology
      • Attacking Web Applications
      • Authentication Bypass
      • Cross-Site Scripting
      • Cross-Site Request Forgery
      • File Inclusion
      • Server-Side Request Forgery
      • Injection
        • Command Injection
        • LDAP Injection
        • SQL Injection
  • 👽MALWARE ANALYSIS
    • Malware Analysis Primer
    • Malware Types
      • Rootkits
      • Viruses
      • WannaCry
    • Analyzing Malicious Windows Programs
    • Static Analysis
      • Basic Static Techniques
      • Advanced Static Analysis
    • Reverse Engineering
      • Crash Course in x86 Disassembly
      • Recognizing Code in Assembly Language
    • Dynamic Analysis
    • Detecting Malware
      • Evasion Techniques
      • Detecting Mimikatz
      • Hunting Malware
      • Hunting Metasploit
      • Hunting Persistence
  • 🏹THREAT HUNTING
    • Foundational
      • ATT&CK Framework
      • CIA Triad
    • APTs
  • 🐍PROGRAMMING & SCRIPTING
    • Foundational
      • Computer Memory
    • C Programming
    • Assembly Language
      • Assembly File Structure
      • Debugging with gdb
    • Bash
    • Python
      • Foundational
        • Booleans and Operators
        • Comprehensions
        • Conditionals
        • Dictionaries
        • Exceptions and Error Handling
        • Functions
        • Lambdas
        • Lists
        • Loops
        • Modules
        • Numbers
        • Reading and Writing Files
        • Sets
        • Sockets
        • String Formatting
        • Tuples
        • User Input
        • Variables
      • Extending Python
        • Virtual Environments
        • Sys Module
        • Requests
        • pwntools
    • Regular Expressions
    • SQL
  • 🕵️DIGITAL FORENSICS
    • Anti-Forensic Techniques
    • 🪟Windows Security Internals
      • Windows Security Internals
        • Kernel
          • Security Reference Monitor (SRM)
          • Object Manager
            • System Calls
            • NTSTATUS Codes
            • Object Handles
            • Query and Set Information System Calls
          • The I/O Manager & The Process and Thread Manager
          • The Memory Manager
          • The Configuration Manager
  • 💼GRC (CISSP Notes)
    • Security Assessment and Testing
    • Security Governance Principles
    • Security Policies Standards and Procedures
    • Preventing and Responding to Incidents
    • Organizational Roles and Responsibilities
    • Organizational Processes
  • 📦Networking
    • Foundational
      • DHCP
      • DNS Basics
      • HTTP Protocol
      • IPSec
      • IPv6 Fundamentals
    • Wireless Technologies
      • 802.11
      • Bluetooth
      • Wireless Authentication
      • Wireless Encryption
Powered by GitBook
On this page
  • How it Works
  • Steps
  • Tools
  • Countermeasures
  1. PENTESTING
  2. Foundational

Session Hijacking

  • Attacker waits for a session to begin and once authentication gets done, jumps in to steal the session

  • Can be done via

    • brute force

    • calculation

    • stealing

    • send preconfigured session ID to the target, when target clicks to open it just wait for authentication and jump in

How it Works

  1. Hacker tracks the session, watching the sequence numbers and the flow of packet headers

  2. Hacker "desynchronizes" the connection by sending a TCP RST or FIN to the client, making it close its side of the session

  3. Hacker then starts sending packets with the guessed session ID, generated by an algorithm

Steps

  1. Sniff the traffic between the client and the server

  2. Monitor the traffic and predict the sequence numbering

  3. Desynchronize the session with the client

  4. Predict the session token and take over the session

  5. Inject packets to the target server

  • NOTE - Sequence numbers increment on acknowledgment

  • ACK number + Window size = Acceptable Sequence number

Tools

  • Ettercap

  • Hunt

  • T-sight

  • Zaproxy

  • Paros

  • Burp Suite

  • Juggernaut

  • Hamster

  • Ferret

Countermeasures

  • Using unpredictable session IDs

  • Limit incoming connections

  • Minimize remote access

  • Regenerate the session key after authentication is complete

  • Use encryption to protect the channel

  • IPSec

PreviousGaining AccessNextBuffer Overflows

Last updated 1 year ago

⚒️