Blind TCP Hijacking

[nekkro-kvlt]

Hi all, I was reading this:
www . phrack . com / issues.html?issue=64&id=13&mode=txt
and it's a good way to learn in depth how TCP works, and although making a basic tool to discover sequences and port wouldn't be such a pain, there some problem shown in this article that may be solved by using more evolued algorithms, like being aware of user trafic by making stats to discover IP_ID ...
I wonder if some of you knows some tools to hijack tcp sessions.

[Cryptid]

Quote:

Originally Posted by nekkro-kvlt

Hi all, I was reading this:
www . phrack . com / issues.html?issue=64&id=13&mode=txt
and it's a good way to learn in depth how TCP works, and although making a basic tool to discover sequences and port wouldn't be such a pain, there some problem shown in this article that may be solved by using more evolued algorithms, like being aware of user trafic by making stats to discover IP_ID ...
I wonder if some of you knows some tools to hijack tcp sessions.

well i wrote a small program which calculates the correct sequence number and build packets from the scratch and responds to request it is still in the priliminary stages and work on broadcast networks (wifi targeted) it can be downloaded from here rcx.sourceforge.net

i know the program is pretty shitty at this moments and if anybody wants to help me improve it can join the project.

[Gitsnik]

Quote:

Originally Posted by Cryptid

well i wrote a small program which calculates the correct sequence number and build packets from the scratch and responds to request

Kevin famously did something exactly like this to mess with the dumbass who "caught" him - and TCP was modified to deal with the attack.

Nowadays, predicting TCP sequence numbers blind is problematic at best, albeit it is possible to fake the entire handshake completely blind, and if you are in a position to do so, it is far easier to MiTM the connection, or introduce tcp-breaks (look into injecting commands into telnet streams).

Datenterrorist has a good write up, TCP Hijacking tools in Perl or something like that, which is quite useful.

[fnord0]

Quote:

Originally Posted by Gitsnik

Datenterrorist has a good write up, TCP Hijacking tools in Perl or something like that, which is quite useful.

good call Gitsnik, I never seen that blog b4 (re: datenterrorist), they've got some good information there for sure... here is what I found, the link for the page you are talking about = Programming TCP Hijacking Tools in Perl « Datenterrorist

also the P.A.T.H. project is referenced (probably a good place for more info on the subject) = P.A.T.H. -- Perl Advanced TCP Hijacking

Quote:

P.A.T.H is a collection of tools for inspecting and hijacking network connections.collection

Programming languages: Perl and C
Latest release: 0.8
Current version: P.A.T.H. preSTABLE
Supported operating systems: GNU Linux, FreeBSD

The project consists of a packetgenerator (constructing TCP/IP, UDP/IP, ICMP and ARP packets), a RST daemon (to reset TCP connections), a sniffer (with special mail and telnet modes), an ICMP redirection tool (to implement man-in-the-middle attacks with icmp redirect messages), an ARP redirection tool, an IDS testing tool and an automatic hijacking daemon for plain protocols (like telnet).

All tools feature both a Tk GUI and a terminal interface.

Please note that this project is in BETA state!!!
...and it comes with absolutly no warranty...

Don't forget to read the FAQ!

best of luck... this is a topic that is quite interesting, especially since there is some good perl info out there ( I like perl alot )