Install the McAfee security testing website—the Hacme Casino.
- [Instructor] When learning how to do web testing,…it's useful to have a target website to use.…While Metaspoitable does provide a website,…it doesn't always have the functionality required.…A better solution is to use a Hacme Casino website,…which McAfee has provided as a testing platform.…This is available for download from the website shown…and it runs as a standard Windows application.…I've downloaded and installed the application…and have it pinned to my taskbar.…So let's get started.…
This starts up, and we can see in the command window…that the web server is operating on port 3000.…Let's connect using my local system IP address of 127.0.0.1.…OK, so here's the main screen…shown in true Vegas casino fashion.…Hacme Casino has a number of deliberate security flaws,…and we'll use this further in the web testing course,…however for this course,…we're just interested in using a standard website.…
The Casino has a number of pre-registered users,…and the ace is Bobby Blackjack,…and we can register new users as we go.…
This course teaches you what session hijacking is, and how black-hat hackers use it to attack an organization. Learn how TCP, web, and wireless protocols work and how hackers exploit them. Find out how to use built-in Windows and Linux tools, as well as specialized third-party solutions such as Zed Attack Proxy (ZAP) and Cain, to detect and shore up vulnerabilities. Author and cybersecurity expert Malcolm Shore also discusses remote hijacking, which allows hackers to take control of drones or even vehicles.
Note: This course maps to the Session Hijacking domain of the Certified Ethical Hacking exam. Review the exam objectives at the EC-Council's website.
- Hijacking a network session, such as a Telnet session
- Understand web sessions
- Intercepting sessions via man-in-the-middle or man-in-the-browser attacks
- Downgrading a session by stripping SSL
- Using ARP poisoning through Subterfuge
- Hijacking an HTTP session through cookies
- Using hijacking defense tools: Zed Attack Proxy and Cain
- Service hijacking (DNS and SSH)
- Hijacking in the physical world: cars and drones