Wednesday, March 31, 2010

Programs that perform Session Hijacking

Posted on  by   with No comments:

Programs that perform Session Hijacking

  • There are several programs available that perform session hijacking. Following are a few that belongs to this category:

    • Juggernaut

    • Hunt

    • TTY Watcher

    • IP Watcher

    • T-Sight
There are few programs/source codes available for doing a TCP hijack.

  • Juggernaut

  • TTY Watcher

  • IP Watcher

  • T-Sight

  • Hunt
Hacking Tool: Juggernaut

  • Juggernaut is a network sniffer that can be used to hijack TCP sessions. It runs on Linux Operating systems.

  • Juggernaut can be set to watch for all network traffic or it can be given a keyword like password to look out for.

  • The main function of this program is to maintain information about various session connections that are occurring on the network.

  • The attacker can see all the
    Juggernaut is basically a network sniffer that can also be used to hijack TCP sessions. It runs on Linux and has a Trinux module as well. Juggernaut can be activated to watch all network traffic on the local network.
    For example, Juggernaut can be configured to wait for the login prompt, and then record the network traffic that follows (usually capturing the password). By doing so, this tool can be used to capture certain types of traffic by simply leaving the tool running for a few days, and then the attacker just has to pick up the log file that contains the recorded traffic. This is different than regular network sniffers that record all network traffic making the log files extremely huge (and thus easy to detect).
    However, the main feature of this program is its ability to maintain a connection database. This means an attacker can watch all the TCP based connection made on the local network, and possibly "hijack" the session. After the connection is made, the attacker can watch the entire session (for a telnet session, this means the attacker sees the "playback" of the entire session. This is like actually seeing the telnet window).
    When an active session is watched, the attacker can perform some actions on that connection, besides passively watching it. Juggernaut is capable of resetting the connection (which basically means terminating it), and also hijacking the connection, allowing the attacker to insert commands in the session or even to completely take the session into his hands (resetting connection on the legitimate client). sessions and he can pick a session he wants to hijack.

0 comments:

Post a Comment