Chapter 5. Session Hijacking

One of the difficult parts of compromising a system is to find a valid password that can be used to gain access. Especially if strong passwords such as one-time passwords are used, even if an attacker can sniff the password or capture it another way, it is useless, because it changes the next time the user logs on to the system. Trying to find out a user’s password is one way to gain access, but because it is not always successful, there is a better way. For example, let’s say an attacker waits for users to make a remote connection to a server via telnet. After the user successfully provides her password, the attacker ...

Get Hackers Beware now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.