1.2 Session Hijacking Basics

Video Activity
Start your free 3-day trial and become one of the 3 million Cybersecurity professionals advancing their career goals
Sign up with
OR

Already have an account? Sign In »

Time
1 hour 18 minutes
Difficulty
Intermediate
CEU/CPE
2
Video Transcription
00:01
Hi, everyone. Welcome back to the course. So in the last video, we talked about a brief introduction to the course, some of course objectives, as well as an introduction to myself in days.
00:10
In this video, we're just gonna go over what session? Hijacking actually is.
00:15
So learning objectives for this word, as I mentioned, find out what session hijacking is and also different ways that it can be performed.
00:22
Now. Quick pre assessment question. Many of the middle attacks cannot be used for session hijacking attacks. Is that true or false?
00:30
Are so the answer there is false. Actually, that's one of the most common forms of performing a session Hijacking. Tak is a man in the middle attack.
00:38
So session hijacking a seven different ways. We could do it kind of. The primary things are either sniffing to get the session I d or just sniffing the traffic or fully assuming the user's rule. So, for example, if we take over the session now, we're gonna pretend that I'm you perhaps with your banking website or something like that.
00:57
Several different methods to do so. Brute force and stealing the session i d. And also calculating the session I d on guy might actually happen to a little demo real quick. And to show you that kind of draw out with my beautiful drawing skill of inability, I'm gonna draw out an example of what That actually looks like. We're talking about the different communication between
01:15
a host, any user.
01:19
All right, so let's get a quick visual of session hijacking again. This is gonna be a very simplistic demonstration here, but let's say we have our victim machine over here a minute. I mentioned I have beautiful our work skills. We're just gonna put Avi there for victim, and we'll put our host machine over here
01:34
and was put H for host.
01:38
All right, so we've got traditional TCP three way. Can she going out. Right. So the victim machine send a communication or a sin packet
01:46
saying, Hey, I want to talk to you.
01:48
Our host machine sent back worsened acknowledgement packet,
01:51
basically saying, you know, hey, I got your message. And of course I want to talk to you
01:56
and, uh, again, beautiful drawing skills there. And then our victim machine sent back an acknowledgment. Just saying yes. Let's go ahead. And you know, Let's talk here. Right.
02:04
So that's our TCP three way handshake and a very, very high level. Of course, we've got I d numbers and stuff like that we're not talking about.
02:09
Now, this establishes our session, right? And let's just say we have a session. I d of, uh, Let's put some random numbers here. 12345
02:20
All right, so that's our session. I d for this particular session right now. Now, what our attacker does is they'll come in here. So are evil little attacker. And let's draw our attacker here
02:29
with an evil little mouth and some sharp teeth.
02:31
Now, of course, all criminal hackers will just like that, right? They wear a hoodie. They were gloves, They were sunglasses. And they have sharp tooth teeth just like this. All right. Anyways,
02:42
what the attacker does is a couple different things to try to get this session ideas so they could either brute force it. So if they know you know, some kind of knowledge about the range. So, for example, if we if our range we normally used in the organisation for communication was 123452 let's just say 123
03:00
Um, what to say? 80. Right. So 123 80. So if the attacker knew this range here, they could basically brute force and try to see which session I d number in this range. It is and potentially get. And, of course, smaller. Our range, the easier it is for them to actually get that
03:15
they can also steal the idea. So they're able to sniff, You know, either victim or host or this communication stream it all. You know, let's say we're transmitting this in clear text. For some reason they intentionally sniff that session. I d and get that number.
03:30
They could also calculate this session I d s O, for example. They could figure out and see that. Okay, The existing one or the past one was, let's say, 44. It ended in 44 they could say, Well, I know the previous one, too. That was 43
03:46
and let's say before that was 42 So have a good idea that this company is just gonna buy one each time.
03:51
So this is probably my session. I d
03:53
they calculate that they guess it, and essentially they can take over the session
03:58
now. A couple of things they do when they take over the session. Like in either sniff. As I mentioned that, get a sniff, all this traffic
04:02
and, you know, capture it and see what's going on. Well, let's say that our victim was actually communicating with, like, a banking website. And, you know, the victim
04:12
was sending information. You log into her account, the attacker got that, took over the session and basically said, OK, let me go ahead and wire money to my account, you know, way over here someplace, right? So that's another avenue as well that that could transpire on it really kind of depends on the attacker, right? They've actually just do sniffing
04:29
to see what kind information they can get. And they also will
04:32
take over the session as well. Now, in are in the lab that I show you. Dave's got gotta cool that as well. But the love that I show you, we do a man in the middle attack, and then we rest. You're gonna be
04:43
essentially sniffing on a session and getting some user credentials. So that's one avenue that we can do.
04:47
All right. This gym back through into our lecture and wrap things up.
04:51
All right, so that was just a quick demo. Just to show you visually what a session hijacking attack might look like. And this well see communication stream and how an attacker might get.
05:00
Now we talk about the how aspect of it several of these items. These items here basically contribute to thehe bility for a successful session hijacking attacks. So, for example, if we don't have any lock out after an attacker's using invalid session ideas if we don't have any lockout So let's say after three or four times, we normally would love just like out
05:19
the attacker.
05:20
If we don't do that, that can easily just brute force it right in secure handling, using like a week algebra algorithm to generate the session I d
05:29
having an indefinite session expiration time. So again, no such an expiration time
05:33
using clear text transmission, which we should never, ever do or using like short session ideas or small section ideas that could be easily guessed.
05:43
So as I mentioned man in the middle attack, I kind of mentioned that Thea hands on with our poisoning
05:48
and then also a man of the browser attack so predominately, like a cross site scripting type of attack
05:55
and with cross site scripting, they could either do it stored or reflected on. And we talk about that a little more in the Los course that I have on the cyber, he say.
06:02
So how can we protect against a session hijacking attack? Well, number one way is encrypting traffic. We can also intervention or detection systems on in most organizations you're using. One appliance said, incorporates built those things. We can also use things like Kerberos and also using a defense in depth or multi layered approach
06:21
defence in depth. It's kind of that that term that most people are familiar with,
06:25
but basically layering our defenses to help mitigate against the stop of attack.
06:30
All right. A quick post assessment question here, James, looking to protect against session hijacking attacks. So she knows all the following our protection Saturday strategies against it. Except which one of these
06:43
all rights? If he answered, see clear text data. That is the correct answer there. Right again, we want to make sure we're encrypting our data. Of course, we want to use network monitoring appliances. That's part of the defense in depth, using things like intrusion prevention or detection systems.
06:56
Now, this video, what is covered? Session hijacking out of river high level to give you some foundational knowledge again, this course is a skill base course. So we're focused on hands on
07:04
in the next video, we're gonna jump into our lads. We're gonna start off, as I mentioned with a men in the middle attack using a tool called Enter Cap inside of Cali Lennox, and we're just gonna focus on trying to get some user credentials from the session.
Up Next
Session Hijacking

This course covers session hijacking, which is where an attacker takes over a legitimately established session between a user and host. This is normally seen between a user and a Web server, but it could occur with a Telnet session or other TCP-based connection.

Instructed By