Website Hacking Penetration Testing

Hack websites & web applications like black hat hackers and secure them like experts.
Website Hacking Penetration Testing
File Size :
5.17 GB
Total length :
10h 15m



Zaid Sabih


Last update

Last updated 10/2022



Website Hacking Penetration Testing

What you’ll learn

90+ Videos to take you from a beginner to advanced in website hacking.
Create a hacking lab & needed software (on Windows, OS X and Linux).
Become a bug bounty hunters & discover bug bounty bugs!
Discover, exploit and mitigate a number of dangerous web vulnerabilities.
Exploit these vulnerabilities to hack into web servers.
Bypass security & advanced exploitation of these vulnerabilities.
Advanced post exploitation – hack other websites on the same server, dump the database, privilege escalation….etc
Bypass security & filters.
Intercept requests using a proxy.
Adopt SQL queries to discover and exploit SQL injections in secure pages.
Gain full control over target server using SQL injections.
Discover & exploit blind SQL injections.
Install Kali Linux – a penetration testing operating system.
Learn linux commands and how to interact with the terminal.
Learn linux basics.
Understand how websites & web applications work.
Understand how browsers communicate with websites.
Gather sensitive information about websites.
Discover servers, technologies & services used on target website.
Discover emails & sensitive data associated with a specific website.
Find all subdomains associated with a website.
Discover unpublished directories & files associated with a target website.
Find all websites hosted on the same server as the target website.
Discover, exploit and fix file upload vulnerabilities.
Exploit advanced file upload vulnerabilities & gain full control over the target website.
Discover, exploit and fix code execution vulnerabilities.
Exploit advanced code execution vulnerabilities & gain full control over the target website.
Discover, exploit & fix local file inclusion vulnerabilities.
Exploit local file inclusion vulnerabilities to to get a shell.
Exploit advanced local file inclusion vulnerabilities & gain full control over the target website.
Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website.
Discover, fix, and exploit SQL injection vulnerabilities.
Bypass login forms and login as admin using SQL injections.
Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections
Bypass filtering, and login as admin without password using SQL injections.
Bypass filtering and security measurements.
Read / Write files to the server using SQL injections.
Patch SQL injections quickly.
Learn the right way to write SQL queries to prevent SQL injections.
Discover basic & advanced reflected XSS vulnerabilities.
Discover basic & advanced stored XSS vulnerabilities.
How to use BeEF framwork.
Hook users to BeEF using reflected & XSS vulnerabilities.
Steal credentials from hooked targets.
Run javascript code on hooked targets.
Create undetectable backdoors.
Hack computers using XSS vulnerabilities.
Fix XSS vulnerabilities & protect yourself from them as a user.
What do we mean by brute force & wordlist attacks.
Create a wordlist or a dictionary.
Launch a wordlist attack and guess admin’s password.
Discover all of the above vulnerabilities automatically using a web proxy.
Run system commands on the target webserver.
Access the file system (navigate between directories, read/write files).
Download, upload files.
Bypass security measurements.
Access all websites on the same webserver.
Connect to the database and execute SQL queries or download the whole database to the local machine.
Discover, exploit and mitigate CSRF vulnerabilities.

Website Hacking Penetration Testing


Basic IT Skills.
No Linux, programming or hacking knowledge required.
Computer with a minimum of 4GB ram/memory.
Operating System: Windows / OS X / Linux.


Note: The contents of this course are not covered in any of my other courses except for some basics. Although website hacking is covered in one of my other courses, that course only covers the basics where this course dives much deeper in this topic covering more techniques, more vulnerabilities, advanced exploitation, advanced post exploitation, bypassing security and more!Welcome to my this comprehensive course on Website penetration testing. In this course you’ll learn website / web applications hacking! This course assumes you have NO prior knowledge in hacking, and by the end of it you’ll be at a high level, being able to hack & discover bugs in websites like black-hat hackers and secure them like security experts! This course is highly practical but it won’t neglect the theory, first you’ll learn how to install the needed software (on Windows, Linux and Mac OS X) and then we’ll start with websites basics, the different components that make a website, the technologies used, and then we’ll dive into website hacking straight away. From here onwards you’ll learn everything by example, by discovering vulnerabilities and exploiting them to hack into websites, so we’ll never have any dry boring theoretical lectures.Before jumping into hacking, you’ll first learn how to gather comprehensive information about the target website, then the course is divided into a number of sections, each section covers how to discover, exploit and mitigate a common web application vulnerability, for each vulnerability you will first learn the basic exploitation, then you will learn advanced techniques to bypass security, escalate your privileges, access the database, and even use the hacked websites to hack into other websites on the same server.All of the vulnerabilities covered here are very common in bug bounty programs, and most of them are part of the OWASP top 10.You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid causing them.Here’s a more detailed breakdown of the course content:1. Information Gathering – In this section you’ll learn how to gather information about a target website, you’ll learn how to discover its DNS information, the services used, subdomains, un-published directories, sensitive files, user emails, websites on the same server and even the hosting provider. This information is crucial as it increases the chances of being able to successfully gain access to the target website.2. Discovery, Exploitation & Mitigation – In this section you will learn how to discover, exploit and mitigate a large number of vulnerabilities, this section is divided into a number of sub-sections, each covering a specific vulnerability, firstly you will learn what is that vulnerability and what does it allow us to do, then you will learn how to exploit this vulnerability and bypass security, and finally we will analyse the code causing this vulnerability and see how to fix it, the following vulnerabilities are covered in the course:File upload –  This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website.Code Execution – This vulnerability allow users to execute system code on the target web server, this can be used to execute malicious code and get a reverse shell access which gives the attacker full control over the target web server.Local File Inclusion – This vulnerability can be used to read any file on the target server, so it can be exploited to read sensitive files, we will not stop at that though, you will learn two methods to exploit this vulnerability to get a reverse shell connection which gives you full control over the target web server.Remote File Inclusion – This vulnerability can be used to load remote files, exploiting this vulnerability properly gives you full control over the target web server.SQL Injection –  This is one of the most dangerous vulnerabilities, it is everywhere and can be exploited to do all of the things the above vulnerabilities allow us to do and more, so it allows you to login as admin without knowing the password, access the database and get all data stored there such as usernames, passwords, credit cards ….etc, read/write files and even get a reverse shell access which gives you full control over the target server!Cross Site Scripting (XSS) – This vulnerability can be used to inject javascript code in vulnerable pages, we won’t stop at that, you will learn how to steal credentials from users (such as facebook or youtube passwords) and even gain full access to their computer.Insecure Session Management – In this section you will learn how to exploit insecure session management in web applications and login to other user accounts without knowing their password, you’ll also learn how to discover and exploit CSRF (Cross Site Request Forgery) vulnerabilities to force users to change their password, or submit any request you want.Brute Force & Dictionary Attacks – In this section you will learn what are these attacks, the difference between them and how to launch them, in successful cases you will be able to guess the password for a target user.3. Post Exploitation – In this section you will learn what can you do with the access you gained by exploiting the above vulnerabilities, you will learn how to convert reverse shell access to a Weevely access and vice versa, you will learn how to execute system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the whole database to your local machine. You will also learn how to bypass security and do all of that even if you did not have enough permissions! With this course you get 24/7 support, so if you have any questions you can post them in the Q&A section and we’ll respond to you within 15 hours.Notes: This course is created for educational purposes only and all the attacks are launched in my own lab or against systems that I have permission to test.This course is totally a product of Zaid Sabih & zSecurity, no other organization is associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANIZATION IS INVOLVED.


Lecture 1 Course Introduction

Section 1: Preparation – Creating a Penetration Testing Lab

Lecture 2 Lab Overview & Needed Software

Lecture 3 Initial Preparation

Lecture 4 Installing Kali Linux as a VM on Windows

Lecture 5 Installing Kali Linux as a VM on Apple Mac OS

Lecture 6 Installing Kali Linux as a VM on Linux

Lecture 7 Installing Metasploitable As a Virtual Machine

Section 2: Preparation – Linux Basics

Lecture 8 Basic Overview Of Kali Linux

Lecture 9 The Linux Terminal & Basic Linux Commands

Lecture 10 Configuring Metasploitable & Lab Network Settings

Section 3: Website Basics

Lecture 11 What is a Website?

Lecture 12 How To Hack a Website ?

Section 4: Information Gathering

Lecture 13 Gathering Information Using Whois Lookup

Lecture 14 Discovering Technologies Used On The Website

Lecture 15 Gathering Comprehensive DNS Information

Lecture 16 Discovering Websites On The Same Server

Lecture 17 Discovering Subdomains

Lecture 18 Discovering Sensitive Files

Lecture 19 Analysing Discovered Files

Lecture 20 Maltego – Discovering Servers, Domains & Files

Lecture 21 Maltego – Discovering Websites, Hosting Provider & Emails

Section 5: File Upload Vulnerabilities

Lecture 22 How To Discover & Exploit Basic File Upload Vulnerabilities to Hack Websites

Lecture 23 GET & POST Requests

Lecture 24 Intercepting Requests

Lecture 25 Exploiting Advanced File Upload Vulnerabilities To Hack Websites

Lecture 26 Exploiting More Advanced File Upload Vulnerabilities

Lecture 27 [Security] Fixing File Upload Vulnerabilities

Section 6: Code Execution Vulnerabilities

Lecture 28 How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites

Lecture 29 Exploiting Advanced Code Execution Vulnerabilities

Lecture 30 [Security] – Fixing Code Execution Vulnerabilities

Section 7: Local File Inclusion Vulnerabilities (LFI)

Lecture 31 What are they? And How To Discover & Exploit Them

Lecture 32 Gaining Shell Access From LFI Vulnerabilities – Method 1

Lecture 33 Gaining Shell Access From LFI Vulnerabilities – Method 2

Section 8: Remote File Inclusion Vulnerabilities (RFI)

Lecture 34 Remote File Inclusion Vulnerabilities – Configuring PHP Settings

Lecture 35 Remote File Inclusion Vulnerabilities – Discovery & Exploitation

Lecture 36 Exploiting Advanced Remote File Inclusion Vulnerabilities To Hack Websites

Lecture 37 [Security] Fixing File Inclusion Vulnerabilities

Section 9: SQL Injection Vulnerabilities

Lecture 38 What is SQL?

Lecture 39 Dangers of SQL Injections

Section 10: SQL Injection Vulnerabilities – SQLi In Login Pages

Lecture 40 Discovering SQL Injections In POST

Lecture 41 Bypassing Logins Using SQL Injection Vulnerability

Lecture 42 Bypassing More Secure Logins Using SQL Injections

Lecture 43 [Security] Preventing SQL Injections In Login Pages

Section 11: SQL injection Vulnerabilities – Extracting Data From The Database

Lecture 44 Discovering SQL Injections in GET

Lecture 45 Reading Database Information

Lecture 46 Finding Database Tables

Lecture 47 Extracting Sensitive Data Such As Passwords

Section 12: SQL injection Vulnerabilities – Advanced Exploitation

Lecture 48 Discovering & Exploiting Blind SQL Injections

Lecture 49 Discovering Complex SQL Injection Vulnerabilities

Lecture 50 Exploiting an advanced SQL Injection Vulnerability to Extract Passwords

Lecture 51 Bypassing Filters

Lecture 52 Bypassing Security & Accessing All Records

Lecture 53 [Security] Quick Fix To Prevent SQL Injections

Lecture 54 Reading & Writing Files On The Server Using SQL Injections

Lecture 55 Getting A Shell & Controlling The Target Server Using an SQL Injection

Lecture 56 Discovering SQL Injections & Extracting Data Using SQLmap

Lecture 57 Getting a Direct SQL Shell using SQLmap

Lecture 58 [Security] – The Right Way To Prevent SQL Injection Vulnerabilites

Section 13: XSS Vulnerabilities

Lecture 59 Introduction – What is XSS or Cross Site Scripting?

Lecture 60 Discovering Basic Reflected XSS

Lecture 61 Discovering Advanced Reflected XSS

Lecture 62 Discovering An Even More Advanced Reflected XSS

Lecture 63 Discovering Stored XSS

Lecture 64 Discovering Advanced Stored XSS

Section 14: XSS Vulnerabilities – Exploitation

Lecture 65 Installing Windows As a Virtual Machine

Lecture 66 Hooking Victims To BeEF Using Reflected XSS

Lecture 67 Hooking Victims To BeEF Using Stored XSS

Lecture 68 Interacting With Hooked Targets

Lecture 69 Running Basic Commands On Victims

Lecture 70 Stealing Credentials/Passwords Using A Fake Login Prompt

Lecture 71 Bonus – Installing Veil Framework

Lecture 72 Bonus – Veil Overview & Payloads Basics

Lecture 73 Bonus – Generating An Undetectable Backdoor Using Veil 3

Lecture 74 Bonus – Listening For Incoming Connections

Lecture 75 Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10

Lecture 76 Gaining Full Control Over Windows Target

Lecture 77 [Security] Fixing XSS Vulnerabilities

Section 15: Insecure Session Management

Lecture 78 Logging In As Admin Without a Password By Manipulating Cookies

Lecture 79 Discovering Cross Site Request Forgery Vulnerabilities (CSRF)

Lecture 80 Exploiting CSRF To Change Admin Password Using a HTML File

Lecture 81 Exploiting CSRF Vulnerabilities To Change Admin Password Using Link

Lecture 82 [Security] The Right Way To Prevent CSRF Vulnerabilities

Section 16: Brute Force & Dictionary Attacks

Lecture 83 Introduction to Brute Force & Dictionary Attacks?

Lecture 84 Creating a Wordlist

Lecture 85 Guessing Login Password Using a Wordlist Attack With Hydra

Section 17: Discovering Vulnerabilities Automatically Using Owasp ZAP

Lecture 86 Scanning Target Website For Vulnerabilities

Lecture 87 Analysing Scan Results

Section 18: Post Exploitation

Lecture 88 Post Exploitation Introduction

Lecture 89 Executing System Commands On Hacked Web Servers

Lecture 90 Escalating Reverse Shell Access To Weevely Shell

Lecture 91 Weevely Basics – Accessing Other Websites, Running Shell Commands …etc

Lecture 92 Bypassing Limited Privileges & Executing Shell Commands

Lecture 93 Downloading Files From Target Webserver

Lecture 94 Uploading Files To Target Webserver

Lecture 95 Getting a Reverse Connection From Weevely

Lecture 96 Accessing The Database

Lecture 97 Conclusion

Lecture 98 Writing a Pentest Report

Lecture 99 4 Ways to Secure Websites & Apps

Section 19: Bonus Section

Lecture 100 Bonus Lecture – Discounts

Anybody interested in learning website & web application hacking / penetration testing.,Anybody interested in becoming a bug bounty hunter.,Anybody interested website hacking.,Anybody interested in learning how to secure websites & web applications from hacker.,Web developers so they can create secure web application & secure their existing ones.,Web admins so they can secure their websites.

Course Information:

Udemy | English | 10h 15m | 5.17 GB
Created by: Zaid Sabih

You Can See More Courses in the IT & Software >> Greetings from

New Courses

Scroll to Top