Time
1 hour 18 minutes
Difficulty
Intermediate
CEU/CPE
2

Video Transcription

00:01
everyone Welcome back to the core. So in the last video, we went ahead and launch our other *** tools. We lost our lab environment and then our capitalist. And then we went ahead and did a scan for a different host. And we were able to find that the worst three host and those huts were automatically added tore Host list.
00:16
We then looked up. Our host list used to take a look at the I P addresses that were associated with our targets.
00:22
So now we're at step number 24 in the lab, step by step guide. So you were just mentioning here that the host list shows the host that we've added that were added to enter Cap. So now we're gonna go ahead and select the target host. So we're basically gonna be adding in Target one and Target, too. And that's gonna be these I p addresses that we had found.
00:40
So you see, I've got a annotated there. You could just follow along with that
00:43
and you'll notice. Also, I have mentioned that the Windows 10 machine it ends in the 100.4 and then our server machine ends in the 0.1
00:52
All right, so let's go ahead and get started here. We're gonna start off, actually, on the 2nd 1 here that 10.4 and were to select this ad to target one button right there
01:02
and you see down here all the only change we see once we do that, as we see down here says the host has been added to target one, so it gives us an I. P. Address tells us that's now target one
01:11
are. You wouldn't do the exact same thing with the other i p addresses with 1 92.168 dot zero, not one. But we're gonna change it and say this one's gonna be target number two.
01:21
So just go and click on that I P address and then just labeled as target number two by clicking on that button,
01:26
you'll see again. It just mentions that down at the bottom. Here it says the host I p address there is added to target two.
01:33
All right, let's keep going in her lab document here.
01:34
So now we're gonna go ahead and click on man in the middle of the top. So it's in the middle here. The M I t m option. And there were to select the art poisoning option.
01:44
Let's go and do that not to click on an M I t m and then are poisoning the very top option there
01:49
that's gonna pull up this menu for us right here.
01:53
Now, we want to go ahead and select the sniff remote connections option. We want to make sure that check boxes checked. So let's go and do that. Now,
02:00
just click that one there, and then we're just gonna select the okay button
02:07
are. So now it's poisoning the victims for us.
02:10
All right, that's gonna allow us to actually see the traffic between the devices now. So now we're actually able to sniff the traffic.
02:15
So what we're gonna do next is
02:19
we're gonna be on the Kelly machine, so we should still be connected to that.
02:22
And now we're gonna actually start the sniffing. So all we have to do to start sniffing
02:25
as we're just gonna be basically clicking the start menu here and then selecting start sniffing. It's very pretty. Excuse me. It's very easy to do.
02:35
So quick start and then start sniffing here. The top option
02:38
that's going to start sniffing the traffic for us.
02:40
That's gonna give us a message that unified sniffing has already started. We kind of expected that because we had made sure that was turned on earlier.
02:47
All right, so now what we're gonna do is we're gonna basically send it traffic now, so we're gonna send it. Ah, log in That we're gonna do off the Windows 10 machine. We're basically be capturing the log in that we do. So it's gonna capture the user name and password. Of course. As you see in the lab document here, I've got the user name and password. You already know what that information is.
03:05
But if we were doing this as an attacker, we could see this information. We could potentially get this type of information,
03:09
and that's why we do this type of attack.
03:12
All right, so let's go ahead and click back on our Windows 10 machine now. So the way we do that since we're already on our Windows 10 machine, technically, just go ahead and minimize
03:20
You're Kelly machine there.
03:23
And now we're back on the desktop here. Just go ahead and launch Internet Explorer now from the taskbar
03:28
and you're gonna go ahead and type in this. You are a ll right here. So, http colon Ford size ford slash 102.168 dot 0.14 slash DV w ay, for the *** vulnerable web applications. Let's go and do that now,
03:40
So H t t p colon forward slash forward slash
03:45
for 92.168 dot 0.14 slash DV w ay So all that lower case
03:52
and then this press enter to keyboard is gonna take us to the log in page here, and we're gonna go ahead and enter in a user name of admin, all of her case, and then the password is actually just the word password. All lower case. So no special characters or anything. Just password. A lower case O p a S s w zero e w o r d.
04:11
And then just go ahead and click the log on button
04:14
and all that doesn't just log and love us in here. Now we want to do is click back on our enter cap window and Callie. So let's go ahead. Just click back on RV. NC viewer icon down here. Click back, take a second or so, but it should launch our Callie machine force again. And
04:30
we're gonna answer this question, So take a look at the bottom of theater cap tool. Question number one here. In our only question for this lab, Were there any user credentials captured? So if yes, go ahead. Just, you know, Jack goes down in a note document or whatever, or on a piece of paper. Were there any user name and once your username and password to log in credentials capture.
04:48
All right. The answer is yes. Right. We're able to see here. If we look down here, we have admin for user name, and we see that the password is password.
04:58
Not in real life. It's not necessarily this simple to get the information, you know, if someone's got different things in place. But for this lab, it was just over for you to show you, like how an attacker could
05:11
do are poisoning in in a man in the middle attack and then capture user credentials. And then, from there, you know, uses credentials to log into something, especially if it's admit credentials log into, you know, the server and cause chaos. So this is just an example of one attack procession hijacking that we could do.
05:28
And the purpose behind that again was to capture user credentials.
05:31
All right, so in the next video, where to go ahead and take a look at some other examples, and then we'll move into our last module of the course with a wrap up on everything we've covered.

Up Next

Session Hijacking

This course covers session hijacking, which is where an attacker takes over a legitimately established session between a user and host. This is normally seen between a user and a Web server, but it could occur with a Telnet session or other TCP-based connection.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor
Instructor Profile Image
Dave Kupratis
Instructor