Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Tham khảo tài liệu 'ethical hacking and countermeasures - phần 15', công nghệ thông tin, an ninh - bảo mật phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả | Ethical Hacking and Countermeasures Version 6 Module XV Session Hijacking IM c E H News Certified Ethical Hacker Holes in Embedded Devices IP-based session management 29 01 2008 1 0 39 22 Posted byGNUCITIZEN Devices that implement IP address-based session management follow the algorithm described by the pseudocode shown below if submitted username and submitted password credentials on device config then do white-list user s source IP address The implications are obvious devices located in environments in which different users share the same proxy are vulnerable to administrative session hijacking attacks. Please note that this session hijacking attack has nothing to do with the classic TCP hijacking attack in which sequence numbers are predicted by the attacker. Therefore attacking a device susceptible to a IP address-based session management vulnerability does not require the attacker to interceptfsniff the traffic between the victim admin user and the target device. Rather this attack performs session hijacking at the HTTP application layer by providing the piece of information that is used by the target device to know who has access to authenticated resources on the web console a trusted source IP address in this case. As an example let s consider a corporate environment in which hundreds of users share the same proxy while browsing the web. Now let s imagine that the administrator of the vulnerable device never checked the bypass proxy serverfor local addresses option on his her web browser. In other words the administrator usually configures the vulnerable device via a proxy which is used by everyone else in the network. The result is that any malicious user using the same proxy as the administrator of the target device can gain full administrative access via the web console by simply adding the device s IP address on the browser s address bar. Of course this attack would be more realistic by automating the process of hijacking the admin session on the web bt