2.2 Man in the Middle Hijack Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

1 hour 18 minutes
Video Transcription
everyone Welcome back to the core. So in the last video, we went ahead and launch our other *** tools. We lost our lab environment and then our capitalist. And then we went ahead and did a scan for a different host. And we were able to find that the worst three host and those huts were automatically added tore Host list.
We then looked up. Our host list used to take a look at the I P addresses that were associated with our targets.
So now we're at step number 24 in the lab, step by step guide. So you were just mentioning here that the host list shows the host that we've added that were added to enter Cap. So now we're gonna go ahead and select the target host. So we're basically gonna be adding in Target one and Target, too. And that's gonna be these I p addresses that we had found.
So you see, I've got a annotated there. You could just follow along with that
and you'll notice. Also, I have mentioned that the Windows 10 machine it ends in the 100.4 and then our server machine ends in the 0.1
All right, so let's go ahead and get started here. We're gonna start off, actually, on the 2nd 1 here that 10.4 and were to select this ad to target one button right there
and you see down here all the only change we see once we do that, as we see down here says the host has been added to target one, so it gives us an I. P. Address tells us that's now target one
are. You wouldn't do the exact same thing with the other i p addresses with 1 92.168 dot zero, not one. But we're gonna change it and say this one's gonna be target number two.
So just go and click on that I P address and then just labeled as target number two by clicking on that button,
you'll see again. It just mentions that down at the bottom. Here it says the host I p address there is added to target two.
All right, let's keep going in her lab document here.
So now we're gonna go ahead and click on man in the middle of the top. So it's in the middle here. The M I t m option. And there were to select the art poisoning option.
Let's go and do that not to click on an M I t m and then are poisoning the very top option there
that's gonna pull up this menu for us right here.
Now, we want to go ahead and select the sniff remote connections option. We want to make sure that check boxes checked. So let's go and do that. Now,
just click that one there, and then we're just gonna select the okay button
are. So now it's poisoning the victims for us.
All right, that's gonna allow us to actually see the traffic between the devices now. So now we're actually able to sniff the traffic.
So what we're gonna do next is
we're gonna be on the Kelly machine, so we should still be connected to that.
And now we're gonna actually start the sniffing. So all we have to do to start sniffing
as we're just gonna be basically clicking the start menu here and then selecting start sniffing. It's very pretty. Excuse me. It's very easy to do.
So quick start and then start sniffing here. The top option
that's going to start sniffing the traffic for us.
That's gonna give us a message that unified sniffing has already started. We kind of expected that because we had made sure that was turned on earlier.
All right, so now what we're gonna do is we're gonna basically send it traffic now, so we're gonna send it. Ah, log in That we're gonna do off the Windows 10 machine. We're basically be capturing the log in that we do. So it's gonna capture the user name and password. Of course. As you see in the lab document here, I've got the user name and password. You already know what that information is.
But if we were doing this as an attacker, we could see this information. We could potentially get this type of information,
and that's why we do this type of attack.
All right, so let's go ahead and click back on our Windows 10 machine now. So the way we do that since we're already on our Windows 10 machine, technically, just go ahead and minimize
You're Kelly machine there.
And now we're back on the desktop here. Just go ahead and launch Internet Explorer now from the taskbar
and you're gonna go ahead and type in this. You are a ll right here. So, http colon Ford size ford slash 102.168 dot 0.14 slash DV w ay, for the *** vulnerable web applications. Let's go and do that now,
So H t t p colon forward slash forward slash
for 92.168 dot 0.14 slash DV w ay So all that lower case
and then this press enter to keyboard is gonna take us to the log in page here, and we're gonna go ahead and enter in a user name of admin, all of her case, and then the password is actually just the word password. All lower case. So no special characters or anything. Just password. A lower case O p a S s w zero e w o r d.
And then just go ahead and click the log on button
and all that doesn't just log and love us in here. Now we want to do is click back on our enter cap window and Callie. So let's go ahead. Just click back on RV. NC viewer icon down here. Click back, take a second or so, but it should launch our Callie machine force again. And
we're gonna answer this question, So take a look at the bottom of theater cap tool. Question number one here. In our only question for this lab, Were there any user credentials captured? So if yes, go ahead. Just, you know, Jack goes down in a note document or whatever, or on a piece of paper. Were there any user name and once your username and password to log in credentials capture.
All right. The answer is yes. Right. We're able to see here. If we look down here, we have admin for user name, and we see that the password is password.
Not in real life. It's not necessarily this simple to get the information, you know, if someone's got different things in place. But for this lab, it was just over for you to show you, like how an attacker could
do are poisoning in in a man in the middle attack and then capture user credentials. And then, from there, you know, uses credentials to log into something, especially if it's admit credentials log into, you know, the server and cause chaos. So this is just an example of one attack procession hijacking that we could do.
And the purpose behind that again was to capture user credentials.
All right, so in the next video, where to go ahead and take a look at some other examples, and then we'll move into our last module of the course with a wrap up on everything we've covered.
Up Next
Session Hijacking

This course covers session hijacking, which is where an attacker takes over a legitimately established session between a user and host. This is normally seen between a user and a Web server, but it could occur with a Telnet session or other TCP-based connection.

Instructed By