312-50v12 Exam QuestionsBrowse all questions from this exam
Go to Exam

312-50v12 Exam - Question 36

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney’s account.

What is the attack performed by Boney in the above scenario?

Show Answer
Correct Answer: CD

In the described scenario, Boney performs an attack where he first obtains a valid session ID by logging into a service and later feeds this same session ID to the target employee. This session ID links the target employee to Boney’s account page, and when the target employee clicks on the link and enters sensitive payment details, those details are linked to Boney’s account. This matches the definition of a Session Donation Attack, where the attacker 'donates' their own session ID to the target. The session fixation attack, on the other hand, involves fixing a session ID for the user, not necessarily donating an already established session to them as in this scenario.

Discussion

12 comments
Sign in to comment
jeremy13Option: C
Apr 10, 2023

C. Session donation attack see 312-50v11 topic 1 question 188 Module 11 P1552 CEH BOOK V12 In a session donation attack, the attacker donates their own session ID to the target user. In this attack, the attacker first obtains a valid session ID by logging into a service and later feeds the same session ID to the target user. This session ID links a target user to the attacker’s account page without disclosing any information to the victim. When the target user clicks on the link and enters the details (username, password, payment details, etc.) in a form, the entered details are linked to the attacker’s account. To initiate this attack, the attacker can send their session ID using techniques such as cross-site cooking, an MITM attack, and session fixation.

eli117Option: D
Apr 4, 2023

In a session fixation attack, the attacker fixes a valid session ID for a user, which allows the attacker to hijack the user's session after they authenticate to the targeted application.

Nst6310Option: D
Jul 21, 2023

D. Session fixation attack In a session fixation attack, the attacker (Boney) tricks a user (the target employee) into using a session ID that the attacker already knows and has control over. The attacker may obtain a valid session ID by logging into the service himself and then trick the target employee into using that same session ID.

Rocko1Option: C
May 26, 2023

Here is a great article for Session Donation : https://media.defcon.org/DEF%20CON%2017/DEF%20CON%2017%20presentations/DEF%20CON%2017%20-%20alek_amrani-session_donation.pdf

SailOnOption: C
Sep 3, 2023

Both C and D involves giving the victim a valid session ID, but the defining difference is the source of the session ID. In fixation, it can be any source, but in a donation attack, it must be a session ID belonging to the attacker. So, C

sausagemanOption: C
Apr 16, 2023

C. Session donation attack Jeremy13 explanation is correct

sTaTiKOption: C
May 1, 2023

Anser is C in this case.

kunnuOption: C
Sep 18, 2023

Answer is C: CEH v12 Module 11 - Page 1552/2113.

victorfsOption: C
May 21, 2023

The correct option is C

naija4lifeOption: D
Jul 1, 2023

D. Session fixation attack

insaniuntOption: C
Dec 10, 2023

From CEH BOOK v 12 - Module 11 Page 1552: A session donation attack involves the following steps: 1 The attacker logs into a service, establishes a legitimate connection with the target web server, and deletes the stored information. 2 The target web server (e.g., http://citibank.com/) issues a session ID, say 0D6441FEA4496C2, to the attacker. 3 The attacker then donates their session ID, say http://citibank.com/?SID=0D6441FEA4496C2, to the victim and lures the victim to click on it to access the website. 4 The victim clicks on the link, believing it to be a legitimate link sent by the bank. This opens the server’s page in the victim’s browser with SID=0D6441FEA4496C2. Finally, the victim enters their information in the page and saves it. ▪ The attacker can now login as themselves and acquire the victim’s information

Karthikeyan017Option: C
Jun 28, 2024

Ans: C