Telnet Session Jacking

In this exercise you’ll hijack a telnet session. You’ll use the Scapy library to send send a TCP packet with a payload of your choice.

Setting up a virtual Machine.

Download Virtual Box and create a virtual machine of your choice. I recommend Ubuntu server, it really easy to setup. You’ll need to run two of these machines.

Once your done your setup should look like this:

Setting up Receiver.

One of your ubuntu servers will be sender and the other will be the receiver. Since both Ubuntu servers are Identical you can choose either one to be your sender. Start the terminal on the sending machine and run the following command.

nc -lvp 7070

This command start TCP socket listening on 7070. This is socket that you’ll connect to from the other machine. The nc is short of Netcat, which a program will several Netcat utilities built in. Here we uses the utility that creates TCP socket. Get the IP address of the Ubuntu Machine.

ip -a

Setting up the Sender.

Start the terminal on other Ubuntu Machine. Run the following command to connect to Netcat server.

nc <IP-Ubuntu> – p 7070

Once you’ve connected to the server type a message and check see that shows up on the receiver. For example try typing:

welcome wahoo.

TCP highjacking.

Now that you setup your TCP connection. Write a script that injects message

Dancing with Wolfs and Butterflies.