TCP session hijacking based on hunt1.5

be based on hunt Of TCP Session hijacking

 	TCP Conversation hijacking attack , It is established by both sides of hijacking communication TCP Session connection , Fake one of them 
 For further communication with the other party . Through ARP cheating 、ICMP Route redirection attack, etc 
 Method to implement man in the middle attack , Sniff client and telnet Communication between servers . Usually some nets 
 Network services will be built on TCP After the session, the identity authentication of the application layer , The client is passing the authentication 
 after , You can go through TCP Session connection to server   Ask for resources . And there is no need to identify again 
 Prove . and TCP Session hijacking provides an attacker with a technical way to bypass application layer authentication .
	 After the session is hijacked by an attacker , The client still has a session with the server , Always send... To the server 
 Data packets , The server finds the... Of the received data ACK The confirmation number is incorrect , The server will do what it expects 
 Acknowledgement return ACK, Looking forward to reestablishing the synchronization information , The client receives a message from the server ACK package , Find out 
 It does not meet the conditions for receiving , So it returns another ACK, All the time  , formation ACK The storm , Attack 
 The attacker often sends to the client RST Reset client and Telent Server session .

Experimental environment

One 、 WinSCP Upload hunt To kali File operations :
You need to create a new site to log in for the first time , The default file protocol is SFTP, Host name filling Linux ip, Port number defaults to 22, Login with user name Linux User name of the system , The password for Linux Host password , Then click save , There is no need to fill in again after logging in , As shown in the figure below ：

Found an error

The solution is as follows ：

stay kali Command line on ssh service ：

service ssh restart ssh

It will not be turned on by default , The next time you start the machine, you need to operate it manually , Set the default startup command ：

update-rc.d ssh enable

2. Then click login , The login interface is as follows , Can be in Windows and Linux Drag files between ：

kali As an attacker ：

Ubuntu（Metasploitable） As a server ：

This machine windows client （TCP Conversation party ）：

Window telnet Client start operation 1. Open the control panel 2. Procedures and functions 3. Start or close Windows function Enable TelnetClient（Telnet client ） Wait a few minutes The details are as follows ：

Remote connection server ：
stay window cmd Command line ：telnet 192.168.3.128( Server's IP Address )
Enter the account and password of the server to log in , The operation is successful, as shown in the figure below ：

w

kali The attacker hijacks the client session

cd Enter into  hunt  ./hunt start-up hunt service  w Open the connection session in the LAN to ensure that the attacker （Kali） Can sniff the client and Telnet Contents of the server session , It should be noted that ： client 、 Server side 、 The attacker must be in a shared network, that is, the same network , To achieve all of the following operations ：

s

kali The attacker hijacks the server session

Add one operation at the end kali root Permission acquisition knowledge operation

 sudo passwd root

Set up root Permission password
su Switch to root Pattern

This article does not discuss the theory too much For operation only .