Results 1 to 4 of 4

Thread: Blind TCP Hijacking

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Sep 2009
    Posts
    6

    Default Blind TCP Hijacking

    Hi all, I was reading this:
    www . phrack . com / issues.html?issue=64&id=13&mode=txt
    and it's a good way to learn in depth how TCP works, and although making a basic tool to discover sequences and port wouldn't be such a pain, there some problem shown in this article that may be solved by using more evolued algorithms, like being aware of user trafic by making stats to discover IP_ID ...
    I wonder if some of you knows some tools to hijack tcp sessions.

  2. #2
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default

    Quote Originally Posted by nekkro-kvlt View Post
    Hi all, I was reading this:
    www . phrack . com / issues.html?issue=64&id=13&mode=txt
    and it's a good way to learn in depth how TCP works, and although making a basic tool to discover sequences and port wouldn't be such a pain, there some problem shown in this article that may be solved by using more evolued algorithms, like being aware of user trafic by making stats to discover IP_ID ...
    I wonder if some of you knows some tools to hijack tcp sessions.
    well i wrote a small program which calculates the correct sequence number and build packets from the scratch and responds to request it is still in the priliminary stages and work on broadcast networks (wifi targeted) it can be downloaded from here rcx.sourceforge.net

    i know the program is pretty shitty at this moments and if anybody wants to help me improve it can join the project.

  3. #3
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by Cryptid View Post
    well i wrote a small program which calculates the correct sequence number and build packets from the scratch and responds to request
    Kevin famously did something exactly like this to mess with the dumbass who "caught" him - and TCP was modified to deal with the attack.

    Nowadays, predicting TCP sequence numbers blind is problematic at best, albeit it is possible to fake the entire handshake completely blind, and if you are in a position to do so, it is far easier to MiTM the connection, or introduce tcp-breaks (look into injecting commands into telnet streams).

    Datenterrorist has a good write up, TCP Hijacking tools in Perl or something like that, which is quite useful.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  4. #4
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default

    Quote Originally Posted by Gitsnik View Post
    Datenterrorist has a good write up, TCP Hijacking tools in Perl or something like that, which is quite useful.
    good call Gitsnik, I never seen that blog b4 (re: datenterrorist), they've got some good information there for sure... here is what I found, the link for the page you are talking about = Programming TCP Hijacking Tools in Perl « Datenterrorist

    also the P.A.T.H. project is referenced (probably a good place for more info on the subject) = P.A.T.H. -- Perl Advanced TCP Hijacking
    P.A.T.H is a collection of tools for inspecting and hijacking network connections.collection

    Programming languages: Perl and C
    Latest release: 0.8
    Current version: P.A.T.H. preSTABLE
    Supported operating systems: GNU Linux, FreeBSD

    The project consists of a packetgenerator (constructing TCP/IP, UDP/IP, ICMP and ARP packets), a RST daemon (to reset TCP connections), a sniffer (with special mail and telnet modes), an ICMP redirection tool (to implement man-in-the-middle attacks with icmp redirect messages), an ARP redirection tool, an IDS testing tool and an automatic hijacking daemon for plain protocols (like telnet).

    All tools feature both a Tk GUI and a terminal interface.

    Please note that this project is in BETA state!!!
    ...and it comes with absolutly no warranty...

    Don't forget to read the FAQ!
    best of luck... this is a topic that is quite interesting, especially since there is some good perl info out there ( I like perl alot )
    'see the fnords!'

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •