Ethical Hacking Essentials Practice Test

What is the name of the attack where an attacker takes control of an existing TCP connection?

• A. Session fixation
• B. Session hijacking
• C. Session desynchronization
• D. TCP spoofing

The correct answer is: Session hijacking

Session hijacking is the process by which an attacker takes control of an existing TCP connection between two parties. This is accomplished by intercepting and manipulating the session token, which allows the attacker to access and control the communication without the knowledge of either legitimate party. In a typical session hijacking attack, the attacker can achieve unauthorized access to a user’s session by exploiting vulnerabilities in the network or the target application’s session management. This can lead to various harmful consequences such as impersonating the user, stealing sensitive information, or executing transactions on behalf of the user. The term “session hijacking” is often used specifically in the context of web applications, where attackers might steal cookies or session tokens, but its essence is rooted in the control over an ongoing TCP connection. Other options like session fixation involve the attacker tricking the user into using a session ID known to the attacker before the user logs in, while TCP spoofing relates more to the creation of fake TCP packets pretending to be from a trusted source, rather than taking control of an existing connection. Session desynchronization generally refers to a condition arising from the mismatch of states on both ends of a connection but does not describe the direct takeover of a session as hijacking does.