Time
23 hours 21 minutes
Difficulty
Intermediate
CEU/CPE
14

Video Transcription

00:01
Hi. Welcome back to the course. In the last module, we talked about denial of service and distributed denial of service attacks
00:08
in this module. We're gonna talk about session hijacking from a very high level.
00:14
So in session, hijacking the attacker essentially is tryingto take over the active session between our client and our server. So in this example, here we have a victim computer and then our web server. So the victim establishes a TCP through a handshake with the web server. So they send that sin packet saying, Hey, I want to talk to you.
00:31
The Web server sends back a sand in Acknowledgments in
00:34
You know, I got your message, and I want to talk to you as well. Do you want to talk to me? And then the victim, compere sends an acknowledgment back saying, Hey, yeah, I do want to talk to you. Let's go ahead and talk, and that establishes that session
00:45
what the attacker does as they go ahead and sniff on that session. And so the goal is to try to guess the sequence number of the next number of sequence number so they can take advantage of that session. I D and then start sending traffic to the Web server themselves.
00:58
And one also occurs in that process is the attacker will then flood the victim machine with packets to tryto basically give them a denial of service and prevented prevent them from communicating with the Web server again.
01:11
So spoofing versus hijacking spoofing is essentially just going to be an intent of sniffing the traffic, whereas hijacking is gonna have the intent to take over the entire session.
01:25
So some steps for a session hijacking, at least according to D C Council we would sniff, So we would want to sniff that connection to see what we can find out monitor. We would also do de synchronization so we could do that. Basically, that's just knocking out the other the, uh, the victim computer
01:42
because we want to communicate with server, right? So we're knocking out that client aspect, and we could do it with several different things, like we could send a bunch of TCP reset packets through them or also a fin flag of Finnish flag. We could send that to the victim computer as well,
01:57
and then, of course, predicted inject
02:00
so sniffing again. That's what we're going to sniff the traffic between the client and the server. So our victim computer and that original example and the server
02:10
monitors we're gonna monitor the traffic that were sniffing and Roscoe to try to particularly sequence. That was as well
02:17
de synchronize again. I mentioned the weekend. Did you synchronize a client session by sending TCP reset flags or the finish or Finn flags?
02:27
And really again? All we're trying to do is a denial of service on the victim machines so they can't connect back to the server.
02:36
Predict So we can potentially predict with this test session token use. And that's gonna allow us to take over that session
02:42
and then in Jack, that allows us to inject packets into this target target server. So we can actually pretend with that, were the client
02:50
so just a graphic here to show us what if we're sniffing, you know, for the attacker were sniffing What's that kind of look like, right, So the host day is going to the big banking website and say, Hey, you know, I wanna wanna log in my account or whatever and then the hackers sniffing with data and, uh, they basically figure out the algorithm that we're using for our communication here.
03:12
So once you figure out that algorithm, then they could just go ahead and essentially take over our positioning. Right? So in this example here, the hostess flooded by much of garbage data. So that still is TCP free sets the Finnish flag's et cetera, et cetera.
03:27
So the goal here is just actually take them offline, right? We want to take off that victim computer.
03:31
So then we, as the attacker, could just touch base with the the Banki Server, Whatever server ourselves.
03:39
So enter cap is a tool that can be used for session hijacking of It's mostly used for packet sniffing from the people that I'm aware of that workers pen testers. But it is a great tool on a lot of pen. Testers do use this for various parts of their penetration. Test
03:54
fair. It's another one that we can use for a session. Hi, Jackie.
04:00
And then also the birth sweetest. Well, it's got some features that we can use for the session. Hi, Jackie.
04:09
Are so high Would prevent session. Hi, Jackie. Well, some common sense things. Right? So we make our session ideas unpredictable. So hacker criminal hacker can get in there and try to guess it. We could also limit the incoming connections, Right? Supports we don't need. We just shut those off.
04:24
You know, we can also put systems in place to reduce remote access. So if someone's got a, you know, a Met were affected home computer or something, then that could be jumping off point as well, right?
04:36
So we don't wanna allow too much remote access so we could reduce that, and that will reduce our risk of session hijacks.
04:45
We could regenerate a session keys after the authentication is complete. So you know, every single time it's generating a new key. Now that that does type of stuff. Nowadays, it does get kind of expensive trying to keep keeping up with that. But as technology progresses, that might be a little easier to do so in the future.
05:00
And then I p sec, that's a, uh,
05:04
item we're gonna touch on and actually the next light here. But I p *** is basically a way we can encrypt our Communication street.
05:13
So I p sec, we've got two different modes here. We've got transfer mode in tunnel mode. The main difference being in transport mode, The I P header is not encrypted, and it can also be used with Nat or network address translation eso for your surfing ethical hacker examination. Just keep that in mind that transport mode
05:31
has an I. P header that's not encrypted and that whereas tunnel mode
05:35
encrypts the entire packet, but that one does not work with net.
05:43
All right, so parts of I p sec. So we've got the authentication header. So that's the protocol that actually guarantees your integrity and authentication of the I p. Packet sender.
05:53
We've got E S P r encapsulating security payload. So that's another protocol that provides integrity, authenticity and confidentiality onto the entire packet. Throughout the tunnel mode,
06:03
we got, like, Esso Internet key exchanges, a protocol that produces different keys for the increase in process.
06:13
And then we have Oakley on there again, another protocol agency that uses defeat health and to create a master in session keys.
06:23
All right, so question number one here on our post assessment again, it's just a quick, quick one s o Is this true or false? That can be used in I P sec tunnel mode.
06:31
So I think that one over.
06:38
So the answer is false. That cannot be used in i p sec total mode. It's actually in transport mode that it can if you remember that the header is not encrypted in transport moves, but in total motive is is that we cannot use in that in that.
06:51
So in this video, we just went over a high level overview of session hijacking and the next video we're gonna jump into our labs and we're gonna do a network level session high yet.

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor