nerdexam
GIAC

GCIH · Question #518

An attacker has gained the ability to sniff client traffic on a local subnet. Which technique would they use to cause clients to reauthenticate to internal applications in an attempt to capture user c

The correct answer is D. Inject crafted RESET packets with the clients' and servers' IP addresses. An attacker can use crafted RESET packets to drop a connection, forcing victims into setting up a connection again. When they set up a new connection, they will likely reauthenticate, giving the attacker a chance to grab authentication information.

Web Application Attacks & Post-Exploitation

Question

An attacker has gained the ability to sniff client traffic on a local subnet. Which technique would they use to cause clients to reauthenticate to internal applications in an attempt to capture user credentials?

Options

  • ADecrement the TTL values of client requests to application servers
  • BSpoof client DNS queries for application server lookups
  • CReplay captured DHCP client requests and server responses on the network
  • DInject crafted RESET packets with the clients' and servers' IP addresses

How the community answered

(32 responses)
  • A
    22% (7)
  • B
    6% (2)
  • C
    9% (3)
  • D
    63% (20)

Explanation

An attacker can use crafted RESET packets to drop a connection, forcing victims into setting up a connection again. When they set up a new connection, they will likely reauthenticate, giving the attacker a chance to grab authentication information.

Topics

#TCP RST injection#credential capture#session disruption#network sniffing

Community Discussion

No community discussion yet for this question.

Full GCIH Practice