Install and set up Cain as a man-in-the-middle.
- [Voiceover] Cain and Abel is designed…to be used to collect credentials and crack passwords.…And includes session hijacking…a man-in-the-middle throughout poisoning.…It runs natively on Windows platforms.…It's been around for a while,…and it is one of the more capable windows testing tools.…Cain is available for download…from the oxid.it website shown here.…I've already downloaded and installed the software,…so let's take a look at it.…The main screen has a menu at the top,…a set of icons for common actions, and a set of tabs.…
I won't review all of these right now,…but I will use Cain to do a man-in-the-middle attack.…I'll do this throughout poisoning,…which we described earlier in the course using subterfuge…as a demonstration of it's use.…I'll select the sniffer tab…and then click on the second icon from the left…to activate the sniffer and start capturing traffic.…I'll also press the plus icon…which brings up a scan dialogue box,…and I'll ask Cain to scan the subnet.…
Immediately we see the list of devices…
This course teaches you what session hijacking is, and how black-hat hackers use it to attack an organization. Learn how TCP, web, and wireless protocols work and how hackers exploit them. Find out how to use built-in Windows and Linux tools, as well as specialized third-party solutions such as Zed Attack Proxy (ZAP) and Cain, to detect and shore up vulnerabilities. Author and cybersecurity expert Malcolm Shore also discusses remote hijacking, which allows hackers to take control of drones or even vehicles.
Note: This course maps to the Session Hijacking domain of the Certified Ethical Hacking exam. Review the exam objectives at the EC-Council's website.
- Hijacking a network session, such as a Telnet session
- Understand web sessions
- Intercepting sessions via man-in-the-middle or man-in-the-browser attacks
- Downgrading a session by stripping SSL
- Using ARP poisoning through Subterfuge
- Hijacking an HTTP session through cookies
- Using hijacking defense tools: Zed Attack Proxy and Cain
- Service hijacking (DNS and SSH)
- Hijacking in the physical world: cars and drones