nerdexam
EC-Council

312-50V13 · Question #143

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operat

The correct answer is C. Guess the sequence numbers. To perform an active session hijack against a Telnet session, after identifying an active session and performing sequence prediction, the attacker must next guess the correct TCP sequence numbers.

Submitted by ravi_2018· Mar 6, 2026Session Hijacking

Question

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next?

Options

  • ATake over the session
  • BReverse sequence prediction
  • CGuess the sequence numbers
  • DTake one of the parties offline

How the community answered

(21 responses)
  • A
    10% (2)
  • B
    5% (1)
  • C
    81% (17)
  • D
    5% (1)

Why each option

To perform an active session hijack against a Telnet session, after identifying an active session and performing sequence prediction, the attacker must next guess the correct TCP sequence numbers.

ATake over the session

Taking over the session is the ultimate objective, but 'guessing the sequence numbers' is the technical step immediately prior to achieving that goal by injecting packets.

BReverse sequence prediction

Reverse sequence prediction is not a standard step; the goal is to predict the *forward* sequence of numbers to correctly inject subsequent packets.

CGuess the sequence numbersCorrect

In an active session hijack against a TCP-based protocol like Telnet, after observing traffic and predicting sequence patterns, an attacker must correctly guess the next expected TCP sequence and acknowledgment numbers. This allows them to inject malicious packets into the stream that are accepted by the target, effectively taking over the session.

DTake one of the parties offline

Taking one of the parties offline, typically via a denial-of-service attack, might be used to force the target to accept the attacker's spoofed packets, but the immediate step after prediction is to guess the numbers to inject into the existing session.

Concept tested: TCP session hijacking steps and sequence number prediction

Source: https://www.imperva.com/learn/application-security/session-hijacking/

Topics

#session hijacking#TCP sequence prediction#active attack

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice