Website Hacking Penetration Testing
What you’ll learn
90+ Videos to take you from a beginner to advanced in website hacking.
Create a hacking lab & needed software (on Windows, OS X and Linux).
Become a bug bounty hunters & discover bug bounty bugs!
Discover, exploit and mitigate a number of dangerous web vulnerabilities.
Exploit these vulnerabilities to hack into web servers.
Bypass security & advanced exploitation of these vulnerabilities.
Advanced post exploitation – hack other websites on the same server, dump the database, privilege escalation….etc
Bypass security & filters.
Intercept requests using a proxy.
Adopt SQL queries to discover and exploit SQL injections in secure pages.
Gain full control over target server using SQL injections.
Discover & exploit blind SQL injections.
Install Kali Linux – a penetration testing operating system.
Learn linux commands and how to interact with the terminal.
Learn linux basics.
Understand how websites & web applications work.
Understand how browsers communicate with websites.
Gather sensitive information about websites.
Discover servers, technologies & services used on target website.
Discover emails & sensitive data associated with a specific website.
Find all subdomains associated with a website.
Discover unpublished directories & files associated with a target website.
Find all websites hosted on the same server as the target website.
Discover, exploit and fix file upload vulnerabilities.
Exploit advanced file upload vulnerabilities & gain full control over the target website.
Discover, exploit and fix code execution vulnerabilities.
Exploit advanced code execution vulnerabilities & gain full control over the target website.
Discover, exploit & fix local file inclusion vulnerabilities.
Exploit local file inclusion vulnerabilities to to get a shell.
Exploit advanced local file inclusion vulnerabilities & gain full control over the target website.
Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website.
Discover, fix, and exploit SQL injection vulnerabilities.
Bypass login forms and login as admin using SQL injections.
Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections
Bypass filtering, and login as admin without password using SQL injections.
Bypass filtering and security measurements.
Read / Write files to the server using SQL injections.
Patch SQL injections quickly.
Learn the right way to write SQL queries to prevent SQL injections.
Discover basic & advanced reflected XSS vulnerabilities.
Discover basic & advanced stored XSS vulnerabilities.
How to use BeEF framwork.
Hook users to BeEF using reflected & XSS vulnerabilities.
Steal credentials from hooked targets.
Create undetectable backdoors.
Hack computers using XSS vulnerabilities.
Fix XSS vulnerabilities & protect yourself from them as a user.
What do we mean by brute force & wordlist attacks.
Create a wordlist or a dictionary.
Launch a wordlist attack and guess admin’s password.
Discover all of the above vulnerabilities automatically using a web proxy.
Run system commands on the target webserver.
Access the file system (navigate between directories, read/write files).
Download, upload files.
Bypass security measurements.
Access all websites on the same webserver.
Connect to the database and execute SQL queries or download the whole database to the local machine.
Discover, exploit and mitigate CSRF vulnerabilities.
Basic IT Skills.
No Linux, programming or hacking knowledge required.
Computer with a minimum of 4GB ram/memory.
Operating System: Windows / OS X / Linux.
Lecture 1 Course Introduction
Section 1: Preparation – Creating a Penetration Testing Lab
Lecture 2 Lab Overview & Needed Software
Lecture 3 Initial Preparation
Lecture 4 Installing Kali Linux as a VM on Windows
Lecture 5 Installing Kali Linux as a VM on Apple Mac OS
Lecture 6 Installing Kali Linux as a VM on Linux
Lecture 7 Installing Metasploitable As a Virtual Machine
Section 2: Preparation – Linux Basics
Lecture 8 Basic Overview Of Kali Linux
Lecture 9 The Linux Terminal & Basic Linux Commands
Lecture 10 Configuring Metasploitable & Lab Network Settings
Section 3: Website Basics
Lecture 11 What is a Website?
Lecture 12 How To Hack a Website ?
Section 4: Information Gathering
Lecture 13 Gathering Information Using Whois Lookup
Lecture 14 Discovering Technologies Used On The Website
Lecture 15 Gathering Comprehensive DNS Information
Lecture 16 Discovering Websites On The Same Server
Lecture 17 Discovering Subdomains
Lecture 18 Discovering Sensitive Files
Lecture 19 Analysing Discovered Files
Lecture 20 Maltego – Discovering Servers, Domains & Files
Lecture 21 Maltego – Discovering Websites, Hosting Provider & Emails
Section 5: File Upload Vulnerabilities
Lecture 22 How To Discover & Exploit Basic File Upload Vulnerabilities to Hack Websites
Lecture 23 GET & POST Requests
Lecture 24 Intercepting Requests
Lecture 25 Exploiting Advanced File Upload Vulnerabilities To Hack Websites
Lecture 26 Exploiting More Advanced File Upload Vulnerabilities
Lecture 27 [Security] Fixing File Upload Vulnerabilities
Section 6: Code Execution Vulnerabilities
Lecture 28 How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites
Lecture 29 Exploiting Advanced Code Execution Vulnerabilities
Lecture 30 [Security] – Fixing Code Execution Vulnerabilities
Section 7: Local File Inclusion Vulnerabilities (LFI)
Lecture 31 What are they? And How To Discover & Exploit Them
Lecture 32 Gaining Shell Access From LFI Vulnerabilities – Method 1
Lecture 33 Gaining Shell Access From LFI Vulnerabilities – Method 2
Section 8: Remote File Inclusion Vulnerabilities (RFI)
Lecture 34 Remote File Inclusion Vulnerabilities – Configuring PHP Settings
Lecture 35 Remote File Inclusion Vulnerabilities – Discovery & Exploitation
Lecture 36 Exploiting Advanced Remote File Inclusion Vulnerabilities To Hack Websites
Lecture 37 [Security] Fixing File Inclusion Vulnerabilities
Section 9: SQL Injection Vulnerabilities
Lecture 38 What is SQL?
Lecture 39 Dangers of SQL Injections
Section 10: SQL Injection Vulnerabilities – SQLi In Login Pages
Lecture 40 Discovering SQL Injections In POST
Lecture 41 Bypassing Logins Using SQL Injection Vulnerability
Lecture 42 Bypassing More Secure Logins Using SQL Injections
Lecture 43 [Security] Preventing SQL Injections In Login Pages
Section 11: SQL injection Vulnerabilities – Extracting Data From The Database
Lecture 44 Discovering SQL Injections in GET
Lecture 45 Reading Database Information
Lecture 46 Finding Database Tables
Lecture 47 Extracting Sensitive Data Such As Passwords
Section 12: SQL injection Vulnerabilities – Advanced Exploitation
Lecture 48 Discovering & Exploiting Blind SQL Injections
Lecture 49 Discovering Complex SQL Injection Vulnerabilities
Lecture 50 Exploiting an advanced SQL Injection Vulnerability to Extract Passwords
Lecture 51 Bypassing Filters
Lecture 52 Bypassing Security & Accessing All Records
Lecture 53 [Security] Quick Fix To Prevent SQL Injections
Lecture 54 Reading & Writing Files On The Server Using SQL Injections
Lecture 55 Getting A Shell & Controlling The Target Server Using an SQL Injection
Lecture 56 Discovering SQL Injections & Extracting Data Using SQLmap
Lecture 57 Getting a Direct SQL Shell using SQLmap
Lecture 58 [Security] – The Right Way To Prevent SQL Injection Vulnerabilites
Section 13: XSS Vulnerabilities
Lecture 59 Introduction – What is XSS or Cross Site Scripting?
Lecture 60 Discovering Basic Reflected XSS
Lecture 61 Discovering Advanced Reflected XSS
Lecture 62 Discovering An Even More Advanced Reflected XSS
Lecture 63 Discovering Stored XSS
Lecture 64 Discovering Advanced Stored XSS
Section 14: XSS Vulnerabilities – Exploitation
Lecture 65 Installing Windows As a Virtual Machine
Lecture 66 Hooking Victims To BeEF Using Reflected XSS
Lecture 67 Hooking Victims To BeEF Using Stored XSS
Lecture 68 Interacting With Hooked Targets
Lecture 69 Running Basic Commands On Victims
Lecture 70 Stealing Credentials/Passwords Using A Fake Login Prompt
Lecture 71 Bonus – Installing Veil Framework
Lecture 72 Bonus – Veil Overview & Payloads Basics
Lecture 73 Bonus – Generating An Undetectable Backdoor Using Veil 3
Lecture 74 Bonus – Listening For Incoming Connections
Lecture 75 Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10
Lecture 76 Gaining Full Control Over Windows Target
Lecture 77 [Security] Fixing XSS Vulnerabilities
Section 15: Insecure Session Management
Lecture 78 Logging In As Admin Without a Password By Manipulating Cookies
Lecture 79 Discovering Cross Site Request Forgery Vulnerabilities (CSRF)
Lecture 80 Exploiting CSRF To Change Admin Password Using a HTML File
Lecture 81 Exploiting CSRF Vulnerabilities To Change Admin Password Using Link
Lecture 82 [Security] The Right Way To Prevent CSRF Vulnerabilities
Section 16: Brute Force & Dictionary Attacks
Lecture 83 Introduction to Brute Force & Dictionary Attacks?
Lecture 84 Creating a Wordlist
Lecture 85 Guessing Login Password Using a Wordlist Attack With Hydra
Section 17: Discovering Vulnerabilities Automatically Using Owasp ZAP
Lecture 86 Scanning Target Website For Vulnerabilities
Lecture 87 Analysing Scan Results
Section 18: Post Exploitation
Lecture 88 Post Exploitation Introduction
Lecture 89 Executing System Commands On Hacked Web Servers
Lecture 90 Escalating Reverse Shell Access To Weevely Shell
Lecture 91 Weevely Basics – Accessing Other Websites, Running Shell Commands …etc
Lecture 92 Bypassing Limited Privileges & Executing Shell Commands
Lecture 93 Downloading Files From Target Webserver
Lecture 94 Uploading Files To Target Webserver
Lecture 95 Getting a Reverse Connection From Weevely
Lecture 96 Accessing The Database
Lecture 97 Conclusion
Lecture 98 Writing a Pentest Report
Lecture 99 4 Ways to Secure Websites & Apps
Section 19: Bonus Section
Lecture 100 Bonus Lecture – Discounts
Anybody interested in learning website & web application hacking / penetration testing.,Anybody interested in becoming a bug bounty hunter.,Anybody interested website hacking.,Anybody interested in learning how to secure websites & web applications from hacker.,Web developers so they can create secure web application & secure their existing ones.,Web admins so they can secure their websites.
Udemy | English | 10h 15m | 5.17 GB
Created by: Zaid Sabih