312-50V9 · Question #591
Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operat
The correct answer is C. Guess the sequence numbers. This question walks through the ordered steps of an active TCP session hijacking attack using sequence number prediction. After locating an active session, the attacker's next required step is to guess the correct sequence numbers.
Question
Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next?
Options
- ATake over the session
- BReverse sequence prediction
- CGuess the sequence numbers
- DTake one of the parties offline
How the community answered
(29 responses)- A3% (1)
- B14% (4)
- C76% (22)
- D7% (2)
Why each option
This question walks through the ordered steps of an active TCP session hijacking attack using sequence number prediction. After locating an active session, the attacker's next required step is to guess the correct sequence numbers.
Taking over the session is the final stage of the attack and cannot occur until sequence numbers have been correctly guessed and a party has been taken offline.
Reverse sequence prediction is not a recognized or defined step in the TCP session hijacking methodology.
In TCP session hijacking via sequence prediction, after identifying an active session, the attacker must guess or predict the correct TCP sequence numbers so that injected packets are accepted by the server as legitimate in-sequence data. Without valid sequence numbers, forged packets are discarded by the TCP stack. Only after this step can the attacker desynchronize a party and take over the session.
Taking one party offline (desynchronization) is performed after sequence number prediction succeeds, not before, because the attacker needs valid sequence numbers to inject traffic first.
Concept tested: TCP session hijacking sequence prediction attack steps
Source: https://owasp.org/www-community/attacks/Session_hijacking_attack
Topics
Community Discussion
No community discussion yet for this question.