TCP/IP Hijacking is when a licensed user gains access to a real network connection of another user. it’s wiped-out order to bypass the password authentication which is generally the beginning of a session.

In theory, a TCP/IP connection is established as shown below −

To hijack this connection, there are two possibilities −

Find the seq which may be a number that increases by 1, but there’s no chance to predict it.
The second possibility is to use the Man-in-the-Middle attack which, in simple words, may be a sort of network sniffing. For sniffing, we use tools like Wireshark or Ethercap.

Example

An attacker monitors the info transmission over a network and discovers the IP’s of two devices that participate during a connection.

When the hacker discovers the IP of 1 of the users, he can put down the connection of the opposite user by DoS attack then resume communication by spoofing the IP of the disconnected user.

Shijack

In practice, one among the simplest TCP/IP hijack tools is Shijack. it’s developed using Python language and you’ll download it from the subsequent link − https://packetstormsecurity.com/sniffers/shijack.tgz

Here is an example of a Shijack command −

root:/home/root/hijack# ./shijack eth0 192.168.0.100 53517 192.168.0.200 23

Here, we try to hijack a Telnet connection between the 2 hosts.

Hunt

Hunt is another popular tool that you simply can use to hijack a TCP/IP connection. It are often downloaded from − https://packetstormsecurity.com/sniffers/hunt/

Quick Tip

All unencrypted sessions are susceptible to TCP/IP session hijacking, so you ought to be using encrypted protocols the maximum amount as possible. Or, you ought to use double authentication techniques to stay the session secured.

Ethical Hacking – Trojan Attacks

Trojans are non-replication programs; they don’t reproduce their own codes by attaching themselves to other executable codes. They operate without the permissions or knowledge of the pc users.

Trojans hide themselves in healthy processes. However we should always underline that Trojans infect outside machines only with the help of a person , like clicking a file that comes attached with email from an unknown person, plugging USB without scanning, opening unsafe URLs.

Trojans have several malicious functions −

They create backdoors to a system. Hackers can use these backdoors to access a victim system and its files. A hacker can use Trojans to edit and delete the files present on a victim system, or to watch the activities of the victim.
Trojans can steal all of your financial data like bank accounts, transaction details, PayPal related information, etc. These are called Trojan-Banker.
Trojans can use the victim computer to attack other systems using Denial of Services.
Trojans can encrypt all of your files and therefore the hacker may thereafter demand money to decrypt them. These are Ransomware Trojans.
They can use your phones to send SMS to 3rd parties. These are called SMS Trojans.

Trojan Information

If you’ve got found an epidemic and need to research further regarding its function, then we’ll recommend that you simply have a glance at the subsequent virus databases, which are offered generally by antivirus vendors.

Kaspersky Virus database − https://www.kaspersky.com
F-secure − https://www.f-secure.com
Symantec – Virus Encyclopedia − https://www.symantec.com

Quick Tips

Install an honest antivirus and keep it updated.
Don’t open email attachments coming from unknown sources.
Don’t accept invitation from unknown people in social media.
Don’t open URLs sent by unknown people or URLs that are in weird form.

So, this brings us to the end of blog. This Tecklearn ‘Concept of TCP IP Hijacking and Trojan Attacks’ blog helps you with commonly asked questions if you are looking out for a job in Cyber Security. If you wish to learn Ethical Hacking and build a career in Cyber Security domain, then check out our interactive, Certified Ethical Hacker Training, that comes with 24*7 support to guide you throughout your learning period. Please find the link for course details:

https://www.tecklearn.com/course/certified-ethical-hacker-training/

Certified Ethical Hacker Training

About the Course

Tecklearn’s CEH certification training course provides you the hands-on training required to master the techniques hackers use to penetrate network systems and fortify your system against it. In this training, you will master how to identify security vulnerabilities by inspecting network infrastructures and defend the malicious hacker with essential tools and techniques, advanced network packet analysis and system penetration testing techniques to build your network security skill-set and prevent hackers. We will train you on the advanced step-by-step methodologies that hackers actually use such as writing virus codes and reverse engineering so you can better protect corporate infrastructure from data breaches.

Why Should you take Certified Ethical Hacker Training?

The average salary for a Cybersecurity Specialist is $110,881 per year in the United States and INR 900,000 per year in India – Indeed.com
Global Cybersecurity industry is estimated to cross US$ 220 billion by 2021.
Today cyber security is one of the most important aspects for any organization. In today’s digitally-driven world every organization needs professionals who can keep the hackers at bay. Hence the salaries for certified ethical hackers are among the best in the industry.

What you will Learn in this Course?

Introduction to Ethical hacking

Scope of ethical hacking
Enterprise information security architecture
Introduction and PCI Data Security Standard Overview
Role of Security and Penetration Testers
Vulnerability assessment
Various cyber security laws
Penetration testing

Various aspects of Information Security

Information security attacks
OS attacks
Application level attacks
Phases and Concepts of Hacking
Information Security Law and Standards

System Hacking

What is System Hacking
Goals of System Hacking
Understanding the certified ethical hacker methodology
About Kali Linux
Hands On

Technology Standards

Introduction to F5 Technology and Terms
POS (Point of Sale ) , mPoS
What is GLBA Compliance
OWASP
Site monitoring Tools
Introduction to PCI DSS Standard

Semantics and Introduction to Footprinting

What is Semantics
Fuzzy Logic
Footprinting

Threats

Types of Threats
Threats against the Application
Threat modelling
Hands on

Threat modelling

Threat modelling with STRIDE model
Ways to Find Security Issues
Penetration Testing Tools
Modelling Models – Whiteboard Diagrams, Brainstorming, Structured Diagrams etc.
Trust Boundaries
Threat Trees
DREAD Model

Example of Attack

Vulnerability Scanning Tools

OpenVAS
Wapiti
Burp Suite Community
Metasploit

Threat Modelling with Different models

Various Threat Models
PASTA Model in Depth

Advanced concepts like network packet analysis

Network scanning
How to scan the network, overview of scanning
WireShark
Sniffing attacks
File Signature

Got a question for us? Please mention it in the comments section and we will get back to you.

510