Ethical Hacking - TCP IP Hijacking and examples

TCP/IP Hijacking

TCP/IP Hijacking is done when a genuine network connection of a another user can be accessed by an authorized user. To bypass the password authentication, TCP/IP Hijacking id usually done.

A TCP/IP connection is established as shown below −

TCP/IP Hijacking

Possibilities to do a TCP/IP Hijacking

To hijack TCP/IP connection, there are two possibilities −

  • Identify the seq which is a number that increases by 1, but there is no chance to predict it.
  • Use the Man-in-the-Middle attack which, in simple words, is a type of network sniffing. For sniffing, we use tools like Wireshark or Ethercap.

Example

To hijack TCP/IP connection, there are two possibilities −

  • The data transmission is monitored by an attacker over a network and the IPs of the two devices of a connection are identified.
  • When the hacker discovers the IP of one of the users, the connection of the other user can be put down by DoS attack and then resume communication by spoofing the IP of the disconnected user.
Possibilities of TCP/IP Hijacking

TCP/IP Hijacking Tools

1. Shijack :

Shijack is one of the best TCP/IP hijack tools. Python language is used to develop this tool.

An example of a Shijack command is −

root:/home/root/hijack# ./shijack eth0 192.168.0.100 53517 192.168.0.200 23

Shijack Here, we are trying to hijack a Telnet connection between the two hosts.

2. Hunt :

Hunt is another popular tool used to hijack a TCP/IP connection.

Quick Tip

All the sessions which are unencrypted are susceptible to TCPIP hijacking. Hence encrypted protocols need to be used or sessions to be kept secured by using double authentication techniques.