1_3_5 Section 1 – Attacks, Threats, and Vulnerabilities - 1.3 – Application Attacks - Replay Attacks

Questions and Answers

What protocol should be used to prevent attackers from gathering session IDs off network flows?

• POP3
• SSL (correct)
• HTTP
• FTP

How might an attacker gather session information directly from the network?

• Using Wireshark or Kismet (correct)
• Sending phishing emails
• Accessing the server physically
• Analyzing server logs

What action could an attacker with access to a vulnerable server take to obtain session IDs?

• Encrypt the server data
• Change network settings
• Redirect session IDs to themselves (correct)
• Update antivirus software

How can replay and session attacks be prevented?

Ensure all communication is encrypted (A)

What additional overhead does turning on encryption on a web server introduce?

Increased processing requirements (C)

What can users do if a service doesn't support HTTPS for communication?

Use an encrypted tunnel (A)

What is a common piece of information that a crafty hacker might extract from network flows?

Session ID (A)

How might a hacker gather network information if they have physical access to the network?

Install a network tap (A)

What is a method a hacker might use if they lack physical access to the network?

ARP poisoning (D)

What type of attack involves capturing and replaying information across the network as if it originated from the victim?

Replay attack (C)

What can hackers do with gathered session IDs or credentials from network traffic?

Use them across the network later on (D)

Is physical access to the network always required for a replay attack to be successful?

No, it can be done without being physically present on the network path (B)

What type of attack involves an attacker gaining access to the hash value associated with a password?

Replay attack (A)

How can developers prevent a 'pass the hash' attack?

Encrypting communication channels like SSL or TLS (D)

What technique involves adding a unique identifier to a hash to prevent a replay attack?

Hash salting (B)

Why is it important for developers to ensure that cookies are secure?

To prevent replay attacks (D)

How does an attacker gain access to a session ID in a session hijacking attack?

By sniffing network traffic (A)

What makes SSL and TLS effective in preventing certain types of attacks?

They encrypt communication channels (B)

Which of the following is NOT a reason why an attacker might target browser cookies?

Accessing browser history (C)

What is the main risk of an attacker successfully performing a 'pass the hash' attack?

Unauthorized access to user accounts (A)

How can developers make session IDs more secure against hijacking?

'Rotating' them frequently (D)

'Pass the hash' attacks are mitigated by:

'Salting' the hash values (C)

What does a crafty hacker aim to gather from network flows for an advantage during an attack?

Session IDs (B)

How might an attacker gather network information if they lack physical access to the network?

Injecting malicious code onto the victim's computer (A)

What type of attack involves capturing information across the network and replaying it to seem as if it originated from the victim?

Replay attack (A)

What method might an attacker use to redirect network information logically?

ARP poisoning (C)

In a replay attack, what can be captured by the attacker and later used across the network?

Session IDs or credentials (A)

What can an attacker do if they capture information that can be replayed across the network?

Conduct a replay attack (C)

How can replay and session attacks be prevented?

Enabling encryption on all network traffic (C)

What action could an attacker with access to a vulnerable server take to obtain session IDs?

Use a third-party utility to modify server headers (C)

What technique could prevent attackers from capturing session IDs from network flows?

Implementing encrypted communication (B)

Why is it important for websites to operate over HTTPS or TLS?

To protect data during transmission (A)

If a service does not support HTTPS, what alternative could be used to secure part of the communication flow?

Creating an encrypted tunnel (C)

What could an attacker do in real time to modify headers being sent to a server?

Employ a third-party utility for header modification (B)

How can developers prevent a 'pass the hash' attack as described in the text?

Using strong encryption for communication between client and server (D)

What technique could developers use to make session IDs more secure against hijacking?

Encrypting the session ID during transmission (B)

Why is salting the hash with a session ID helpful in preventing replay attacks?

It creates unique hashed values even if the original data is the same (A)

What is a key benefit of using SSL or TLS for communication between client and server?

Securing data transmission against unauthorized access (C)

How does an attacker potentially gain access to a user's account on a server in a 'pass the hash' attack?

By replaying the captured password hash to the server (C)

What makes cookies stored in web browsers vulnerable to replay attacks as mentioned in the text?

They may include sensitive session information (B)

Why are session IDs important in communication between a client and a service as outlined in the text?

To avoid using usernames and passwords for every request (C)

'Pass the hash' attacks involve replaying what type of information back to the server?

Hash value associated with a password (A)

What role do cookies play in facilitating session hijacking attacks as discussed in the text?

Storing sensitive information including session IDs (A)

How does salting the hash with a session ID protect against replay attacks, according to the information provided?

By making each password hash unique even for identical passwords (A)