EC-Council
312-50V10 · Question #89
312-50V10 Question #89: Real Exam Question with Answer & Explanation
The correct answer is C: Guess the sequence numbers. In active session hijacking, after finding an active session via traffic analysis, the attacker must guess the current TCP sequence numbers before attempting a takeover.
Question
Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next?
Options
- ATake over the session
- BReverse sequence prediction
- CGuess the sequence numbers
- DTake one of the parties offline
Explanation
In active session hijacking, after finding an active session via traffic analysis, the attacker must guess the current TCP sequence numbers before attempting a takeover.
Common mistakes.
- A. Taking over the session is the final goal, but it cannot happen until the attacker has determined the correct sequence numbers to forge valid packets.
- B. Reverse sequence prediction is not a standard step in the session hijacking process; the attacker moves forward by guessing numbers, not reversing them.
- D. Taking a party offline (desynchronization) may be done after guessing sequence numbers if the attacker needs to prevent the legitimate client from interfering, not before.
Concept tested. TCP session hijacking sequence number prediction steps
Reference. https://owasp.org/www-community/attacks/Session_hijacking_attack
Community Discussion
No community discussion yet for this question.