Network Level Session Hijacking

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:01
everyone welcome back to the course. So in this video, we're gonna talk about network level session hijacking, so we'll talk about
00:07
different types of network level session hijacking attacks.
00:10
So what is network level session hijacking? First, though, this is basically where the attacker is attacking or hijacking a transport or Internet protocol, which which are what's used by Web applications in the application layer. And so, by doing that, they're able to gather critical information which can then be used to actually attack the application layer
00:30
level application level there,
00:32
which we talked about in the previous video. So there's many types of attacks that they could do. They could do blind attacks. They could do RST attacks. So blind hijacking RST hijacking. They could do TCP I p hijacking UDP hijacking. They could do things like man in the middle attacks, sniffing attacks
00:49
as well as things like i p spoofing attacks as well.
00:53
So we have T c p I p hijacking. And this is essentially the attacker spoofing packets to help take over that connection between the client and the server. And so essentially, the goal with this is to try to get that clients session toe hang up.
01:07
And that way the attacker could then directly be communicating with that server.
01:12
Now for this toe. Work the devices so the attacker need to be on the same network as that client. But the target
01:22
could be anywhere, right? So that the server machine could be anywhere but the the actual client machine needs to be on the same network as the attacker.
01:30
So what the attacker does is essentially they sniff the clients
01:34
connection, then they use that clients i p address to send a spoofed packet
01:41
to the to the server with that predicted sequence number. So they're gonna wait and try to predict what the token is, right? What the next I d is gonna be, and then send that on to the server and establish that communication.
01:55
What happens is the server will then send the acknowledgement packet back. Right. So they're sending this in packet, but the acknowledgment pack, it's gonna come back to the victim. Right? So the client machine
02:05
and it's gonna hang them hang their session because they're continuously getting these packets back because the Attackers sending the spoofed packets with the I P address of the victim for the response.
02:15
So with the i p spoofing a source brought of packets basically trusted host
02:22
I p address is gonna be spoofed. And so the server then is assuming that Hey, this is from the trusted host on what the attacker does inject forge packets before the host can actually respond to the server. So before that client can respond to the server, they're injecting forge packets.
02:38
And so the original package from that host machine, that client machine
02:42
is gonna be lost. And the only thing that server gets is the packet from the attacker
02:47
RST hijacking eyes. Basically, where the the attacker injects authentic looking reset packet or are CPAC, it's using a spoofed source i p address.
03:00
And also, they're going to need to do predict the acknowledgement number
03:05
for that communication.
03:07
And so if the attacker is successful, they could basically reset our client system or are victims session? Uh, system. They could reset that connection. Uh, and the client believes that the server sent that require RST packer. Right? So it believes that this is coming from
03:25
the server itself. And so that's why the client system is gonna perform that reset
03:31
and we can use tools for the RC hijacking like cola soft packet builder as well as TCP dumb.
03:38
So then we have our blind hijacking. This is where the attacker injects malicious data or commands into the communications that they sniff. Right? So that intercepted TCP session, even if you've got source routing disabled and so
03:53
the attacker can send these commands, but they're not gonna actually be able to see the response to those commands.
04:00
We have our man in the middle attack and so similar to what we have seen with the application level theater. Acker's gonna basically sniff that communication stream and then inject forge packets So this might be Ford's ICMP messaging. This might be also forge. AARP replies,
04:17
and then we have UDP hijacking. So this is basically where the attacker sends afford server reply to the client to the clients UDP request before the server before our Web server can actually reply to it.
04:31
And then this is used in conjunction with the man in the middle attacks. So essentially, the attacker is intercepting that response from the server. So the client never sees that on. They just see the fake reply from the attacker.
04:46
So just a quick, quick question here for you and this type of network level session hijacking attack. The attacker must be on the same network as a victim. But the target server, the target can be on a separate network.
04:57
Is that gonna be TCP I p? Is that gonna be blind? Is that gonna be i p spoofing the source right of packets, or is it gonna be the RST hijacking?
05:06
Right. So if you guess the TCP i p you are correct again, that one requires you as the attacker and the client to be on the same network.
05:15
So in this video, we just talked about network level session hijacking as well as some of the different attack types.
Up Next
Penetration Testing and Ethical Hacking

The Penetration Testing and Ethical Hacking course prepares students for certifications, like CEH. This course walks students through the process of gaining intelligence, scanning and enumerating and hacking the target.

Instructed By