Posts

Showing posts from January, 2024

10.2 - Session Hijacking

  10.2 - Session hijacking     Key Terms:   Session hijacking – Taking over an established connection between a host and a web server using a token.   Session ID – A combination of letters and numbers assigned to an open connection between a user and a server.     Session Hijacking Process   The first step to hijack an active session is to first sniff the traffic between the target machine and the server. Next, the hacker will monitor the traffic and try to predict the packet sequence numbers. Then they will desynchronise the current session to be able to predict the session ID. Fin ally, commands will be injected to target the server.     Session IDs   The key to session hijacking lies in session IDs. Once a client is authenticated, the server provides a short period of time that the client can maintain an open connection. The server assumes that information sent and received during this session is being done by the appropria...
Post a Comment
Read more

10.1 - Sniffing

  10.1 - Sniffing     Key Terms   Sniffing – The process of collecting information as it crosses the network.   Promiscuous mode – Turning on promiscuous mode gives the network interface permission to grab every frame that comes its way.   MAC spoofing – Changing the MAC address of the interface driver to impers onate another host on the network.   MAC flooding – Overloading a switch’s CAM table in hopes that it will respond by broadcasting all traffic.   ARP poisoning - Sending spoofed messages onto a network to associate your MAC address with another host's IP address.   Port mirroring – Creating a duplicate of all network traffic on a port and sending it to another device.     Vulnerable Protocols   Packets that are being sent with less secure protocols can be intercepted more easily. For example, SMTP, POP3, FTP, IMAP, HTTP, and T elnet are all examples of protocols without proper security setup. This is because these prot...
Post a Comment
Read more

Secure shell (SSH)

  Secure shell (SSH)     What is SSH?   SSH is a network connection protocol that enables two computers to communicate. It uses cryptography to authenticate and encrypt connections between devices. SSH also allows for tunnelling or port forwarding where data packets are allowed to cross over networks, they may not be able to cross over.    
Post a Comment
Read more