[ Certified Ethical Hacker v10 ] :: [ Module 9 ] :: Session Hijacking

This entry is part 11 of 21 in the series [ Certified Ethical Hacker Training ]

Module 9: Session Hijacking

Brute-forcing a Session ID

Stealing a Session ID

Calculating an ID

Spoofing vs. Hijacking

Be sure to recognize the difference between just lying about your IP address, and actually taking over a running user session.

Cross-site scripting

MitM

SMB Relay attack:
https://pen-testing.sans.org/blog/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python

Tools

Ettercap

Cain & Abel

Series Navigation<< [ Certified Ethical Hacker v10 ] :: [ Module 8 ] :: Denial of Service[ Certified Ethical Hacker v10 ] :: [ Module 10 ] :: Web Servers and Applications >>

Leave a Reply