nerdexam
GIAC

GPEN · Question #76

GPEN Question #76: Real Exam Question with Answer & Explanation

The correct answer is C. Guess the sequence numbers.. In active TCP session hijacking against Telnet, once an active session is identified the attacker must predict sequence numbers to inject forged packets into that session.

Question

You want to perform an active session hijack against Secure Inc. You have found a target that allows Telnet session. You have also searched an active session due to the high level of traffic on the network. What should you do next?

Options

  • AUse a sniffer to listen network traffic.
  • BUse macoff to change MAC address.
  • CGuess the sequence numbers.
  • DUse brutus to crack telnet password.

Explanation

In active TCP session hijacking against Telnet, once an active session is identified the attacker must predict sequence numbers to inject forged packets into that session.

Common mistakes.

  • A. Sniffing is a reconnaissance step used to discover and monitor active sessions, but the question states an active session has already been found, so sniffing is no longer the next required action.
  • B. Changing a MAC address with macof or macchanger is relevant to ARP-based attacks and MAC filtering bypass, not to TCP sequence-based session hijacking of an existing Telnet connection.
  • D. Brutus is a password-cracking tool used for credential attacks against login prompts; cracking a Telnet password is a separate attack that does not apply when the goal is hijacking an already-established active session.

Concept tested. TCP sequence number prediction for active session hijacking

Reference. https://owasp.org/www-community/attacks/Session_hijacking_attack

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice