9.4 Session Hijacking Lab Instructions Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

19 hours 55 minutes
Video Transcription
I welcome back to the course. In the last video, we set up our lab as faras setting up our are poisoning with a tool called Enter Cat. Now, this feel we're gonna actually capture some user credentials from our target machines.
So let's go ahead and get started.
So if you're not already connected to the Cali desktop in half an hour cap along. So you should go ahead and do that now.
But we're gonna assume that you jumped into the slab right after the previous one. And so you're under cap. Should still be open following the last command. We did so what we did in the last video as we poisoned our victim. So now we're gonna move on from that.
So we're gonna start sniffing the network traffic. So now we're gonna start by cooking the start option at the top, left there and then we're gonna click start sniffing.
What? That's going to skew is start unified sniffing Now, you may or may not get a message that unify sniffing has already started, but we're gonna click, start and then start sniffing. We're gonna keep on here. So you see, here I have that message that unified sniffing has already started.
All right, so we don't need to worry about that. It's already started.
So now we're gonna click back on our Windows 10 machine. We're gonna open Internet Explorer, so just go ahead and click back on the Windows 10 desktop here,
and then we're gonna scroll down to Internet Explorer
and go ahead and launch that. It's gonna take a second or so Pull up for us
Now we're gonna type this in. The address bars were type Http Colon force last four slash 100 to 168014 slash DV w ay. So it's good and tight that in So, http colon for its last forward slash 1 92.168
0.0 dot one. And remember, that's our server address
forward slash DV w way for a *** vulnerable web application. So once we press enter, there is gonna take us to the log in screen for D V W. A.
All rights move on to the next step.
So step number 10 here. We're gonna type in the user name of admin and then a user password of the word password. So Let's go and do that.
We're in tight admin, all over case and then the word password all over case.
Okay. And then just click on that log in, but on what you've done. So it's got a slug in, and that's fine.
All right, so we've logged in. Now we're gonna go back to our inner cap tool, and we're gonna look at the bottom of the page,
and then we're gonna take a look at question number one and so Well, actually, look at this now. So
when we look at the bottom of the page and enter cap check to see if you notice any user credentials at all, So any log in credentials, let's go and do that. Now, let's click back on our Callie machine.
All right? So now we're gonna look down at the bottom of the box. So we see here. Hey, look,
we do see a user name, and we do see a password. So we do see admin free. Use your name, and then the word password.
All right, so we're learn any of the user log in credentials. Captured? Absolutely. So their user name
was admin.
And then our password was actually just the word password all over case.
So this is important. If you're doing a penetration test that you can see potentially, you can get a log in credentials for different users on the network, or even users that are accessing something like the Internet page
for the company.
So in this video, we just talked about basically a network level type of hijacking, and the next module, we're gonna go over Web servers and applications, and then we'll wrap up with some labs in that module as well.
Up Next
Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By