Posted on by Glenn

[ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Session Hijacking

This entry is part 21 of 30 in the series [ Certified Ethical Hacker Training ]

[ Certified Ethical Hacker Training ]

Chapter 10 cont’d: Session Hijacking

First, read this Infosec Institute Session Hijacking Cheat Sheet:

https://resources.infosecinstitute.com/session-hijacking-cheat-sheet/

Note session hijacking, session sidejacking and session fixation.

 Spoofing vs. Hijacking

Be sure to recognize the difference between just lying about your IP address, and actually taking over a running user session.

How do you get a session ID?

Brute-forcing a Session ID

Stealing a Session ID

Calculating/Cracking an ID

Cracking a Session ID

OWASP’s Discussion of Session Hijacking:

https://owasp.org/www-community/attacks/Session_hijacking_attack

See my page [ Auditing With OWASP ] :: [ Vulnerability A7: Cross-Site Scripting XSS ]:

https://schoolforhackers.com/auditing-with-owasp-vulnerability-a7-cross-site-scripting-xss/

Windows sessions are subject to an SMB Relay attack:

https://pen-testing.sans.org/blog/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python

Tools

Ettercap

Cain & Abel

Series Navigation<< [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Buffer Overflow[ Certified Ethical Hacker v10 ] :: [ Chapter 11 ] :: Cryptography >>