Session Hijacking

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
25 minutes
Difficulty
Intermediate
CEU/CPE
1
Video Transcription
00:00
>> Hey everyone. It's Ken Underhill,
00:00
master instructor at Cybrary.
00:00
In this video, we're going to talk
00:00
about attacks and persistence.
00:00
In this video, we're going to go ahead and do
00:00
our session hijacking labs,
00:00
so we'll be using the Cybrary lab environment.
00:00
For this particular lab, however,
00:00
I just want to make mention that we do have
00:00
a session hijack course on the side,
00:00
it's a mini-course to just walk you
00:00
through doing a session hijack,
00:00
and talks about some of the fundamentals behind it.
00:00
As always, I've got a step-by-step lab guide for you,
00:00
so make sure you download that and use
00:00
it in the resources section of the course.
00:00
As I mentioned, we're going to use the Cybrary
00:00
lab environment for this lab,
00:00
we're just going to go back and search for
00:00
the Certified Ethical Hacker or CEH labs,
00:00
again, that lab bundle that we normally do.
00:00
We're just going to type in CEH
00:00
and press ''Enter'' there.
00:00
It should be the third option down like it normally is.
00:00
We're just going to go ahead and click on that
00:00
and select the ''Launch'' button.
00:00
We also need to select the ''Launch
00:00
Item'' button on the next screen here,
00:00
and that's going to actually launch
00:00
the lab environment for us.
00:00
Once that pulls up,
00:00
we're going to be looking for
00:00
the implementing network level session hijacking lab.
00:00
Let's go ahead and scroll down here.
00:00
It's going to be down the page just a little bit here.
00:00
You see right here, it's this slab right here,
00:00
the implementing network level session hijacking,
00:00
just go ahead and click on that
00:00
and you'll see a start button,
00:00
and just go ahead and click the ''Start'' button there.
00:00
Now, what we want to do is we normally do is just go
00:00
ahead and start up our virtual machines there.
00:00
We're just going to go ahead and hover over top,
00:00
select ''Power On'' and do that for all of them.
00:00
Just takes a minute or so here.
00:00
I'm going to go ahead and pause
00:00
the video and let my machines boot up.
00:00
You can go ahead and pause the video and
00:00
let yours boot up as well.
00:00
As you see, my virtual machines are booted up.
00:00
Again, if yours is still booting up,
00:00
just go ahead and pause the video and
00:00
just wait for them to all turn on.
00:00
Like I said, it shouldn't take too long,
00:00
usually about 30 seconds to
00:00
a minute in this particular lab,
00:00
but sometimes it might take a little longer.
00:00
Our next step, we're going to go ahead
00:00
and enable Apache web services.
00:00
The way we do that, is we're going to select
00:00
this P lab, SC01 machine.
00:00
While that's booting up fully,
00:00
we're going to see a Server Management
00:00
window pop in the background there.
00:00
But we're down here at step number
00:00
4 in our step-by-step guide,
00:00
we've gone ahead and selected P lab.
00:00
SC01. We're going to go ahead and
00:00
close that Server Management window.
00:00
We're going to launch XAMPP icon from the bottom
00:00
here of our browser tab,
00:00
and then we're also going to, as I said,
00:00
that'll enable Apache Web Services,
00:00
and then we're going to move over to
00:00
our Windows 10 machine.
00:00
Let's go ahead and do all those steps there.
00:00
We'll just close our Server Management window,
00:00
select the XAMPP icon
00:00
down here at the bottom, that's going to launch.
00:00
It's just going to take a couple of seconds here,
00:00
and then it's going to enable Apache Web Services.
00:00
As I mentioned, I always like to just click
00:00
these ''Start'' buttons here
00:00
to go ahead and enable those as well.
00:00
Now, we can click over on our Windows 10 machine.
00:00
Let's go ahead and bring that one up for us as well.
00:00
Now, we're going to be doing a similar
00:00
to what we did in the last module's lab,
00:00
we're going to connect through our Windows 10 machine
00:00
to our Kali Linux box,
00:00
and that's where we'll go ahead and do this lab at.
00:00
We see we're still booting up the background there.
00:00
We get that little script running and that
00:00
should go away in just a second or so here.
00:00
Now, we're going to go ahead and select
00:00
the VNC viewer icon from
00:00
our desktop screen here. That's going to pop up.
00:00
It's going to display
00:00
the IP address of the Kali machine,
00:00
and then we're just going to type in
00:00
this password right here.
00:00
We see it's going to display the Kali Linux IP address.
00:00
We'll say, "Connect," and
00:00
then we're going to type in the password,
00:00
which is P, assw,
00:00
and then the number 0,
00:00
so that's not a O,
00:00
the number 0, rd,
00:00
and then we can just go ahead and say, Okay," there.
00:00
That's going to boot up our Kali machine for us.
00:00
We're going to get this error message
00:00
like we normally see.
00:00
We'll select ''Okay'' to that,
00:00
and then we're going to double-click on
00:00
the terminal icon right here.
00:00
While that's booting up there, we're just going to
00:00
go back to our step-by-step guides.
00:00
We've gone through several steps in there,
00:00
and now we're down here on step number 14.
00:00
We're going to go ahead and launch Ettercap.
00:00
We'll just type in Ettercap - G. Ettercap -G,
00:00
and that should launch the Ettercap tool for us.
00:00
You see it doesn't take too long to launch that for us.
00:00
Let's go back to our lab guide here.
00:00
Next thing we're going to do is select sniff at the top
00:00
and then unified sniffing. Let's go ahead and do that.
00:00
Here we're going to select,
00:00
sniff, and then, unified sniffing.
00:00
We just want to make sure that it's ETH0, so Ethernet 0.
00:00
Step 18 here, just making sure that it's ETH0,
00:00
and it should be in most cases,
00:00
we're just going to go ahead and say, ''Okay'' there.
00:00
Let's go back to our lab guide here.
00:00
Now, we're going to go ahead and scan for hosts.
00:00
We're just going to select, host and then
00:00
scan for host at the very top there.
00:00
At the top menu here,
00:00
host and then scan for host.
00:00
It's going to go ahead and perform the scan.
00:00
You'll see it moving into the background there.
00:00
It's going to add the identified host to the host list.
00:00
We're next going to click, host,
00:00
at the top and then select,
00:00
host list, so we can take a look at those.
00:00
You'll see here down at the bottom it shows
00:00
three host added to the host list.
00:00
We're just going to go to host
00:00
and then look at host list.
00:00
You'll see here that we've got our
00:00
different hosts listed there.
00:00
Next, we're going to select our target host.
00:00
Just a notation there.
00:00
The Windows 10 machine, that's the IP address for that.
00:00
Then we already actually know that
00:00
from the nMath lab that,
00:00
that server IP address there,
00:00
it looks like they're using the same one,
00:00
the one I do once they say dot 0, dot 1.
00:00
What we're going to do is we're going to
00:00
select this IP address first,
00:00
the 192.168.0.4, and
00:00
then we're going to select the ''Add to Target
00:00
1'' button at the bottom of the window.
00:00
Let's go ahead and do that now.
00:00
We're just going to click on that.
00:00
Then we're going to select this ''Add
00:00
to Target 1'' button
00:00
right here. Let's go ahead and do that.
00:00
Then we're going to click our next IP address with
00:00
which is the 192.168.01.
00:00
Let's go ahead and click on that.
00:00
Then we're going to select the ''Add to
00:00
Target 2'' button right there.
00:00
That was easy enough, right?
00:00
Let's go back to our lab guide.
00:00
Next, what we're going to do
00:00
is select menu in the middle,
00:00
at the top menu there,
00:00
and then we're going to select ARP poisoning as a option.
00:00
Go ahead and select menu in the middle,
00:00
and then ARP poisoning.
00:00
It gives us a pop-up box right here.
00:00
We're going to go ahead and select,
00:00
sniff remote connections,
00:00
so just check that box right there,
00:00
and then we're just going to select, ''Okay.''
00:00
What that's going to do is just basically
00:00
poison the ARP cast for us.
00:00
You see down here it'll show us ARP poisoning victims,
00:00
and it will show us which IP
00:00
addresses it's poisoning right now,
00:00
which victim machines it is poisoning.
00:00
Now, let's go ahead and start sniffing.
00:00
We're going to go ahead and go to the,
00:00
start option here at the top
00:00
and select the start sniffing option right there.
00:00
While that's doing that,
00:00
we'll just go back to our lab guide here.
00:00
We're here at the start sniffing in step 33.
00:00
Unified sniffing will begin,
00:00
we may get a message at the bottom
00:00
there that unified sniffing is already running,
00:00
so we see unified sniffing has already
00:00
started showing us that right there.
00:00
That's perfectly fine, perfectly expected.
00:00
Now, what we're going to do is we're going to click
00:00
back on the Windows 10 desktop here.
00:00
We're going to essentially
00:00
minimize our Kali Linux here. Let's go ahead and do that.
00:00
What we're going to do is, we're going to
00:00
type in Internet Explorer.
00:00
We're going to go ahead and launch that,
00:00
and we're going to type in this web URL right here,
00:00
the HTTPS:// then our IP address,
00:00
and then forward/DVDA,
00:00
which stands for damn vulnerable web application,
00:00
which is a deliberately vulnerable web application.
00:00
Then from there, we're going to go to the login page,
00:00
do our admin and password,
00:00
and then we'll go back to Ettercap and see if
00:00
we've captured any type of information.
00:00
Let's go ahead and do that.
00:00
We're just going to select Internet
00:00
Explorer at the bottom here.
00:00
We're going to type in that URL.
00:00
I'm a little lazy,
00:00
I'm just going to go ahead and delete out everything,
00:00
but the HTTP://,
00:00
and now I'm just going to type in the 192.168.0.1/dvwa,
00:00
and then just press ''Enter'' and that should take us to
00:00
the login page for DVWA.
00:00
Then, like I said from there,
00:00
we're going to go ahead and just enter
00:00
in basically a default username and password,
00:00
is just going to be username
00:00
of admin and then the password
00:00
is the password of password, all lowercase.
00:00
Sometimes it takes a moment or so to connect to that.
00:00
We'll just give that a second or so to do so.
00:00
Then what we're going to do once we've done that,
00:00
we're going to select the login option.
00:00
Then again, we're really just trying
00:00
to see if we've captured any of
00:00
that information in the Ettercap tool at all.
00:00
It's taking a moment, so here I'm
00:00
going to pause the video briefly,
00:00
let it catch up on my end.
00:00
Like I said, it may take some time
00:00
to go ahead and pull up the site.
00:00
I actually noticed what the issue
00:00
was on my end, why it was taking forever.
00:00
I fat fingered the IP address again.
00:00
One thing I recommend is don't
00:00
talk through or don't talk a lot
00:00
and go off on tangents as
00:00
you're trying to type in
00:00
IP addresses to go to the correct spot.
00:00
If I was typing in the 192.168.0.0,
00:00
so that's why I wasn't getting anywhere.
00:00
But it's the 192.168.0.1.
00:00
I mentioned what the correct one was,
00:00
but I wasn't typing it in on my end.
00:00
Sometimes you just have to troubleshoot
00:00
the user error aspect of things.
00:00
Here we are at the login page.
00:00
This is where we wanted to be.
00:00
Let's go ahead now and type in
00:00
our username of admin, all lowercase,
00:00
and our password of password,
00:00
all lowercase, and then just go ahead and login
00:00
, it's just going to log us in.
00:00
We don't care what it's saying once it logs us in there.
00:00
But the whole goal here is to try to
00:00
capture that username and password.
00:00
Now that we've gone ahead and done that,
00:00
let's click back on our VNC viewer
00:00
to go back to our Kali machine.
00:00
What we want to see is,
00:00
did we capture any information from
00:00
those login credentials in our Ettercap tool.
00:00
If we go here, question number 1 here.
00:00
Were there any login credentials captured and if so,
00:00
just jot them down there or you can just jot them on
00:00
a piece of paper or just scream them at the computer.
00:00
That's perfectly fine as well.
00:00
If we look down here, we do see admin is the username,
00:00
and we do see that the password is password.
00:00
Now, in real life,
00:00
[LAUGHTER] it's not normally that easy,
00:00
but for our purposes it was,
00:00
so we see that, yes,
00:00
we do have the credentials of admin and password.