Time
23 hours 21 minutes
Difficulty
Intermediate
CEU/CPE
23

Video Transcription

00:02
Hi. Welcome back to the course. So we just wrapped up our module nine on session hijacking
00:07
in these labs. We're gonna go ahead and do a network level session hijack. So in this video, where does to a brief introduction?
00:14
So I've got a couple questions here on the pre assessment, Like usual. I just want you to take a look at those, and if you can answer him great. So I'm gonna read through them, and I'm gonna do a brief pause. So that way you can take a guess at it yourself,
00:25
and then we'll talk about the answer.
00:27
So let's go ahead and get started. So question number one R stands for what?
00:35
Okay, so if you guessed, answer B. You are correct. So address resolution protocol.
00:40
Obviously A is a pretty wrong answer, even though it's pretty cool, right? We always want to be ready to do a pin test on and then answer C is wrong because it has the word book in it. So it's not address book resolution protocol.
00:51
And then, of course, answer. Do you just made up his well application resolution protocol.
00:55
So address resolution protocol is the correct answer
00:58
So is to question number two. So the main purpose of art is to do what?
01:06
Okay, s. So if you guessed, answer A you are correct. It's to resolve I p addresses to the physical or Mac addresses. It doesn't provide any into malware. Service is it also is not the main purposes in To Do a man in the middle attack, however, are spoofing are poisoning can be used as a jumping off point for men in the middle attack.
01:26
And then it does not resolve i p addresses to a website that's going to more like Deena's
01:30
and the question number three, our visit Pro abroad crafts protocol Is that true or false?
01:38
And that's true. Art is a broadcast protocol. OK, eso hopefully got 100% on those. If not, go back to the module of our didactic and keep learning more about that.
01:51
So we mentioned here addressing resolution protocol are basically its intent is to resolve I p addresses to their actual physical address or the Mac address.
02:00
Now men in the middle of tax. That's where an attacker is essentially eavesdropping or secretly monitoring traffic between two machines
02:07
and those two machines were. Those two people just believe they are communicating with each other, and that's it.
02:12
So it's actually a good way to harvest log in credentials on. And then I've got a graphic here in just a second where it'll show another option. A man in the middle where I could, for example, intercept. You're coming back to the other person.
02:23
So let's take a look at that graphic and we'll talk about that.
02:24
So we've got Jack Jail. And then, of course, there are. Peter's our bad guy.
02:29
So Jack sent over you a cent of your key sensitive Jill. She sends her key back to Jack. And then so Jack sends his account number to Jill
02:38
for further wire the money to.
02:42
But the man in the middle, Peter, he actually changes the account number to his account.
02:46
He sends that Jill. So Jim thinks that Hey, this is Jack's account number.
02:50
Let me go ahead, send the money to it. And so then Jill actually ends up sending the money to that wrong account number
02:55
because Peter's our man in the middle.
03:00
So that's one of the types of things that could occur with the men in the middle attack. You know, I could be communicating, for example, with with my bank, right, I could be putting my log in credentials. Or I could be doing some kind of communication with sensitive information that is then intercepted and altered
03:15
to the recipient.
03:19
So in this video is just really a high level overview of session hijacking and the same with lap. It's really just kind of a high level overview of a network level of session hijack that we're going to do. So we're gonna start off by doing some are poisoning with a tool called her cap. And then we're also going to continue using our cap. We're gonna capture some log in credentials and part two of the lab.

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor