TCP Session Hijacking

TCP Session Hijacking Attack

The objective of the TCP Session Hijacking attack is to hijack an existing TCP connection $($session$)$

between two victims by injecting malicious contents into this session. If this connection is a telnet

session, attackers can inject malicious commands $($e$.$g$.$ deleting an important file$)$ into this session,

causing the victims to execute the malicious commands. The TCP session Hijacking attack figure above

depicts how the attack works. In this task, you need to demonstrate how you can hijack a telnet session

between two computers. Your goal is to get the the telnet server to run a malicious command from you.

For the simplicity of the task, we assume that the attacker and the victim are on the same LAN.

Using Netwox. The corresponding Netwox tool for this task is numbered $40.$ Here is part of the manual

for this tool. You can also type "netwox $40--$help" to get the full help information. You may also need

to use Wireshark to find out the correct parameters for building the spoofed TCP packet.

Listing $3$: Part usage of netwox tool $40$

You can use Wireshark to figure out what value you should put into each field of the spoofed TCP

packets. It should be noted in the TCP session hijacking section of the SEED book, the command listed

there does not set all the fields of the TCP and IP headers.

In the netwox command above, the tcp$-$data part only takes hex data. If we want to inject a command string,

which is typically represented as a human$-$readable ASCII string, we need to convert it into a hex string.

There are many ways to do that, but we will just use a very simple command in Python. In the following, we

convert an ASCII string "Hello World" to a hex string $($the quotation marks are not included$).$

Using Scapy. Please also use Scapy to conduct the TCP Session Hijacking attack. A skeleton code is

provided in the following $($you need to replace each @@@@ with an actual value$)$: