"Sunshine hijacking" (or "sunjacking" for short) is similar to a Session Hijacking attack but rather than hijacking a TCP connection you steal or hijack someone's limelight or moment of glory and redirect the conversation to some other unrelated topic leaving the victim stuck in mid sentence.
It is an attack that is difficult to pull off because you must send the correct "sunshine sequence numbers" to the victim. Then you must reset the original conversation before the victim has an opportunity to restart the conversation. Other alternatives to sunjacking are "sunpoisoning" where you poison the victim's conversation-to-moment-of-opportunity mappings or "sunshine flooding" where the victim is suddenly overwhelmed by millions of unrelated topics of conversation and totally forgets what he was about to say originally.
The "sunflooding" attack can take minutes or even hours to recover from while the victim tries to remember what the hell he was talking about in the first place.
See also: "Ninja sunshine bombs"
See also: "Ninja sunshine bombs"
1 comment:
Very interesting I would like to learn more of these attacks. I have been working on one of my own it comes to me be because I don't have many
friends, or well I can't get into a network (of friends). I have got the attack right a couple of times, of course there are other ways to do it but they take days.
But my method is faster. Perhaps you can help me improve the attack?
Basically the key to doing the attack in like under 10 minutes is this DISASSOC/DEAUTH, then it is all about that first part of the conversation.
I call it the FMS attack (Fred, Michael, Simon), it's a dedication, basically because these guys died when I first tried it on them.
It works like this, if two or more guys are in a conversation, it could be a client, boss, or a couple of peers, basically they are authenticated in a
network of friends (they can't ever be alone), creep in, get real close so you can hear them, then listen passively.. Then this bit you need to have
prepared in advance, it is kinda hard to perform with out knowing your stuff, you must have the right driver to do it, you know the beans that are baked.
If you have prepared then drop it.. .a dirty rancid wet one, a fart. If done correct of course the conversation stops immediately, it's reset. It is suppose to connect
again and this is my problem. You see sometimes both parties drop dead on the floor choking and gasping.. this is kinda like a couple of malformed
packets before both the client and AP shutdown for good. (RIP FMS!)
Anyways this is still kinda cool, but not helpful for getting the conversation talking again, the initial part of the reconnect is what you need..and you definitely
don't get into the network of friends when it is down. Although I should add at this point I am quite proud of finding this full DoS..
Anyways to replicate and improve the attack you should know the following.. it is crucial. It is imperative that one guy thinks it actually came from the other.
So I worked on the distance, if your to close to the source conversation it may not work, they basically overwhelm you, you know the "nerves" (they may turn and bash you)
so it stops you from sending your load.
But really if your the right distance away you can drop wet juicy one successfully and still hear. Here it is when played out when it works:-
P@trick and J0hn are yaking.. "yak yak yak", the dialogue is useless to you because your not auth, but you get near so you can passively hear the network of friends.
Then ya send it .. bzzzzzzzzzzzzzzzzzzzztt splut splut, squirt.. juiced, that's it you've had your beans. Sweet.
P@trick thinks it is j0hn, the conversation stops dead, well not like dead on the floor, but believe me if it works it will stop in an instance.
Then something happens that I am not sure about, I don't know the standard so well, but P@trick starts looking around for a bit, I think he is looking for broadcasting people, maybe to see who dropped the big one if you know what i mean :-p
Then usually if you spoofed it correctly and didn't do a total DoS he reassociates to the dude again.
Then after this is where you capture it...... make sure you are still passively listening to catch it.. . "P@trick you dirty fucking bastard!". You must capture the right offset to get the name.
But that's it.
You might have to do it a few times to capture all the unique names you need especially when there is coughing and splattering.
For example "P@t[cough] you [eeeerk---vomit---puk---puk] dirty bastard!" Take all the unique names and you can try to crack it by fudging it.
Like I would've fudged it "P@trick". It's all about the fudge factor ;-)
Then of course once you got that the key name you can enter the network of friends.
So like I enter the circle, and say "Hey P@trick", like I know him. Easy huh.
But in this case, which er was well a real recollection of one my hacks I said to P@trick after .. "nice wet one before dude" and I got funny looks and was ignored, detected, drop all.
But it's cool dude, I mean I know how to escape, I just dropped my guts and got right out of there. ;-)
Post a Comment