Learn Website Hacking / Penetration Testing From Scratch

Learn Website Hacking / Penetration Testing From Scratch
Learn Website Hacking / Penetration Testing From Scratch
English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 9h 06m | 1.35 GB

Learn website hacking and penetration testing from scratch

Welcome to this comprehensive course on website and web application hacking! In this course, you will start as a beginner with no previous knowledge about penetration testing or hacking. This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install the required software to practice penetration testing on your own machine. Then you will learn about websites, how they work, what they rely on, what is meant by a web server, a database, and how all of these components work together to give us functioning websites. Once you understand how websites work we will start talking about how can we exploit these components and this method of communication to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level. By the time you finish, you will be able to launch attacks and test the security of websites and web applications in exactly the same way that black hat hackers would do, fix these vulnerabilities, and secure websites from them. All the attacks in this course are practical attacks that work against any real websites. For each vulnerability you will learn the basic exploitation, then you will learn advanced methods that will give you more privileges or allow you to bypass security measurements.

Hands-on learning from scratch

What You Will Learn

  • Set up a lab environment to practice hacking; Install Kali Linux – a penetration testing operating system;install windows and vulnerable operating systems as virtual machines for testing
  • Learn Linux basics, commands and how to interact with the terminal;understand how websites and web applications work; understand how browsers communicate with websites
  • Gather sensitive information about websites; discover servers, technologies, and services used on target websites. discover emails and sensitive data associated with a specific website
  • Find all subdomains associated with a website; discover unpublished directories and files associated with a target website; find all websites hosted on the same server as the target website
  • Discover, exploit, and fix file upload vulnerabilities, and much more.
Table of Contents

1 Course Introduction
2 Lab Overview & Needed Software
3 Installing Kali 2018 as a Virtual Machine Using a Ready Image
4 Installing Metasploitable as a Virtual Machine
5 Installing Windows As a Virtual Machine
6 Basic Overview of Kali Linux
7 The Linux Terminal & Basic Linux Commands
8 Configuring Metasploitable & Lab Network Settings
9 What is a Website
10 How to Hack a Website
11 Gathering Information Using Whois Lookup
12 Discovering Technologies Used On the Website
13 Gathering Comprehensive DNS Information
14 Discovering Websites on the Same Server
15 Discovering Subdomains
16 Discovering Sensitive Files
17 Analysing Discovered Files
18 Maltego – Discovering Servers, Domains & Files
19 Maltego – Discovering Websites, Hosting Provider & Emails
20 What are they And How to Discover & Exploit Basic File Upload Vulnerabilities
21 HTTP Requests – GET & POST
22 Intercepting HTTP Requests
23 Exploiting Advanced File Upload Vulnerabilities
24 Exploiting More Advanced File Upload Vulnerabilities
25 [Security] Fixing File Upload Vulnerabilities
26 What are they & How to Discover & Exploit Basic Code Execution Vulnerabilities
27 Exploiting Advanced Code Execution Vulnerabilities
28 [Security] – Fixing Code Execution Vulnerabilities
29 What are they And How to Discover & Exploit Them
30 Gaining Shell Access from LFI Vulnerabilities – Method 1
31 Gaining Shell Access from LFI Vulnerabilities – Method 2
32 Remote File Inclusion Vulnerabilities – Configuring PHP Settings
33 Remote File Inclusion Vulnerabilities – Discovery & Exploitation
34 Exploiting Advanced Remote File Inclusion Vulnerabilities
35 [Security] Fixing File Inclusion Vulnerabilities
36 What is SQL
37 Dangers of SQL Injections
38 Discovering SQL Injections In POST
39 Bypassing Logins Using SQL Injection Vulnerability
40 Bypassing More Secure Logins Using SQL Injections
41 [Security] Preventing SQL Injections in Login Pages
42 Discovering SQL Injections in GET
43 Reading Database Information
44 Finding Database Tables
45 Extracting Sensitive Data Such As Passwords
46 Discovering & Exploiting Blind SQL Injections
47 Discovering a More Complicated SQL Injection
48 Extracting Data (passwords) By Exploiting a More Difficult SQL Injection
49 Bypassing Security & Accessing All Records
50 Bypassing Filters
51 [Security] Quick Fix to Prevent SQL Injections
52 Reading & Writing Files on The Server Using SQL Injection Vulnerability
53 Getting a Reverse Shell Access & Gaining Full Control Over The Target Web Server
54 Discovering SQL Injections & Extracting Data Using SQLmap
55 Getting a Direct SQL Shell using SQLmap
56 [Security] – The Right Way to Prevent SQL Injection
57 Introduction – What is XSS or Cross Site Scripting
58 Discovering Basic Reflected XSS
59 Discovering Advanced Reflected XSS
60 Discovering An Even More Advanced Reflected XSS
61 Discovering Stored XSS
62 Discovering Advanced Stored XSS
63 Discovering Dom Based XSS
64 Hooking Victims to BeEF Using Reflected XSS
65 Hooking Victims to BeEF Using Stored XSS
66 BeEF – Interacting With Hooked Victims
67 BeEF – Running Basic Commands On Victims
68 BeEF – Stealing Credentials Passwords Using A Fake Login Prompt
69 Bonus – Installing Veil 3
70 Bonus – Veil Overview & Payloads Basics
71 Bonus – Generating an Undetectable Backdoor Using Veil 3
72 Bonus – Listening For Incoming Connections
73 Bonus – Using a Basic Delivery Method to Test the Backdoor & Hack Windows 10
74 BeEF – Gaining Full Control over Windows Target
75 [Security] Fixing XSS Vulnerabilities
76 Logging In As Admin without a Password by Manipulating Cookies
77 Discovering Cross Site Request Forgery Vulnerabilities (CSRF)
78 Exploiting CSRF Vulnerabilities to Change Admin Password Using a HTML File
79 Exploiting CSRF Vulnerabilities To Change Admin Password Using Link
80 [Security] The Right Way to Prevent CSRF Vulnerabilities
81 What Are Brute Force & Dictionary Attacks
82 Creating a Wordlist
83 Launching a Wordlist Attack & Guessing Login Password Using Hydra
84 Scanning Target Website for Vulnerabilities
85 Analysing Scan Results
86 Post Exploitation Introduction
87 Interacting With the Reverse Shell Access Obtained In Previous Lectures
88 Escalating Reverse Shell Access to Weevely Shell
89 Weevely Basics – Accessing Other Websites, Running Shell Commands …etc
90 Bypassing Limited Privileges & Executing Shell Commands
91 Downloading Files from Target Webserver
92 Uploading Files to Target Webserver
93 Getting a Reverse Connection from Weevely
94 Accessing the Database