nerdexam
EC-Council

312-50V9 · Question #591

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operat

The correct answer is C. Guess the sequence numbers. This question walks through the ordered steps of an active TCP session hijacking attack using sequence number prediction. After locating an active session, the attacker's next required step is to guess the correct sequence numbers.

Session Hijacking

Question

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next?

Options

  • ATake over the session
  • BReverse sequence prediction
  • CGuess the sequence numbers
  • DTake one of the parties offline

How the community answered

(29 responses)
  • A
    3% (1)
  • B
    14% (4)
  • C
    76% (22)
  • D
    7% (2)

Why each option

This question walks through the ordered steps of an active TCP session hijacking attack using sequence number prediction. After locating an active session, the attacker's next required step is to guess the correct sequence numbers.

ATake over the session

Taking over the session is the final stage of the attack and cannot occur until sequence numbers have been correctly guessed and a party has been taken offline.

BReverse sequence prediction

Reverse sequence prediction is not a recognized or defined step in the TCP session hijacking methodology.

CGuess the sequence numbersCorrect

In TCP session hijacking via sequence prediction, after identifying an active session, the attacker must guess or predict the correct TCP sequence numbers so that injected packets are accepted by the server as legitimate in-sequence data. Without valid sequence numbers, forged packets are discarded by the TCP stack. Only after this step can the attacker desynchronize a party and take over the session.

DTake one of the parties offline

Taking one party offline (desynchronization) is performed after sequence number prediction succeeds, not before, because the attacker needs valid sequence numbers to inject traffic first.

Concept tested: TCP session hijacking sequence prediction attack steps

Source: https://owasp.org/www-community/attacks/Session_hijacking_attack

Topics

#session hijacking#TCP sequence numbers#sequence prediction#active attack

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice