Time
1 hour 14 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
everyone Welcome back to the core. So in the last video, we went ahead and launched our lab. We went ahead and selected the penthouse plus bundle. We went to the exploiting the network vulnerabilities lab and in here we went ahead and started a virtual machines. Started up at her cap. Did are poisoning on our windows machine.
00:17
And then we just went ahead and used our user name and password in our goal again is to try to capture that
00:22
Use the name of password inside of Enter Cap.
00:25
So what we're going to do now is we're going to switch over to the Cali Lennox machine again. So the P lab K l I 01
00:33
and then let's go back to our lab guide here. We've got one question here. Were we able to capture the user name of password and the answer is yes. So we see that, Yes, we were able to capture the user name of B and the password of Bug
00:46
right now we're going to do is we're gonna try to log in from our county machine into that web page with those stolen credentials. So let's go ahead back to the same your l but we're going to be doing in the side of Cali Lennox here. So let's select fire Fox. It's this little icon here, the top left,
01:02
and then we're gonna type in that same i p address.
01:06
We're gonna type in, http
01:10
colon, ford slash ford slash and then 1 92.168
01:15
0.0 dot 10 ford slash lower case be capital W a p p for be wap.
01:22
All right, That should take us to our log in page, and then here we're gonna try those. Same that same years, the name of password. Right. So we're gonna try, be
01:29
and then bug.
01:34
All right. So question number two before we love in their question Number two in the lab guide here is Are you able to log in successfully? So we're gonna be able to answer that question right now, So let's try to log in here with the credentials and see if we're able to get into the website.
01:47
All right, So you see that? Yes, we were successful. They were able to log in with those stolen credentials.
01:53
All right, so in this video, we just wrapped up our lab again in this entire Libra justice. Simple session hijacking attack. We want him poison the art cash over Windows Machine. And then we went ahead and stole the user credentials by sniffing with her cap. And then we made sure that we can actually use those user credentials. They were valid
02:09
by logging into the web page, and we had seen that we were successful in doing so.
02:14
And the next buddy, we're just gonna go ahead and wrap up this course.

Up Next

Session Hijacking

This course covers session hijacking, where an attacker takes over a legitimately established session between a user and host. This is normally seen between a user and a Web server, but can occur with a Telnet session or other TCP-based connection.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor