312-50V13 · Question #143
Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operat
The correct answer is C. Guess the sequence numbers. To perform an active session hijack against a Telnet session, after identifying an active session and performing sequence prediction, the attacker must next guess the correct TCP sequence numbers.
Question
Options
- ATake over the session
- BReverse sequence prediction
- CGuess the sequence numbers
- DTake one of the parties offline
How the community answered
(21 responses)- A10% (2)
- B5% (1)
- C81% (17)
- D5% (1)
Why each option
To perform an active session hijack against a Telnet session, after identifying an active session and performing sequence prediction, the attacker must next guess the correct TCP sequence numbers.
Taking over the session is the ultimate objective, but 'guessing the sequence numbers' is the technical step immediately prior to achieving that goal by injecting packets.
Reverse sequence prediction is not a standard step; the goal is to predict the *forward* sequence of numbers to correctly inject subsequent packets.
In an active session hijack against a TCP-based protocol like Telnet, after observing traffic and predicting sequence patterns, an attacker must correctly guess the next expected TCP sequence and acknowledgment numbers. This allows them to inject malicious packets into the stream that are accepted by the target, effectively taking over the session.
Taking one of the parties offline, typically via a denial-of-service attack, might be used to force the target to accept the attacker's spoofed packets, but the immediate step after prediction is to guess the numbers to inject into the existing session.
Concept tested: TCP session hijacking steps and sequence number prediction
Source: https://www.imperva.com/learn/application-security/session-hijacking/
Topics
Community Discussion
No community discussion yet for this question.