Replay Attack

Question 1

Replay Attack

Answer 1

Information transmitted over a network such as login information is copied/captured and used to grant the attacker access. This is not an on-path (man in the middle) attack because they can replay the information later. It does not require the original workstation or be on the network.

Question 2

Pass the hash

Answer 2

Attacker captures authentication info (user name/pass) Users can protect themselves by salting their authentication or using encryption.

Question 3

Cookies

Answer 3

Information stored on your computer by the browser. Used for tracking, personalization, session management. Not a security risk unless an attacker gets access to them. Session ID’s are often stored in cookies.

Question 4

Session Hijacking (Sidejacking)

Answer 4

When a client first connects to a server, it is granted a session ID. If the attacker gains access to the session ID, they can directly connect to the server without needing to authenticate via user name and password. Stay protected by using SSL or TLS.

Question 5

Header Manipulation

Answer 5

User information is gathered via Wireshark or Kismet programs (user ID/pass) from network, or exploits such as Cross-site scripting (session ID) from the server. Attacker modifies headers by third party utilities or modifying their own cookies to make them look like they originate from the compromised user.

Question 6

How do you prevent session hijacking?

Answer 6

Encryption - Attackers cant steal information they cant read/see. Use HTTPS or TLS. Firefox extensions force HTTPS or TLS. Many sites are HTTPS only. Personal VPN’s encrypt data to prevent information gathering.