Download appDownload App

Learn Website Hacking/ Penetration Testing From Scratch

If you want to protect your computer, the best way is to learn how to hack it in the first place! So, security specialists are most commonly the best hackers in the world. So, if you want to become a...

  • All levels
  • English

Course Description

If you want to protect your computer, the best way is to learn how to hack it in the first place! So, security specialists are most commonly the best hackers in the world. So, if you want to become a world-class security specialist, then becoming a world-class hacker would be the best way to get started.

If you want to protect your computer, the best way is to learn how to hack it in the first place! So, security specialists are most commonly the best hackers in the world. So, if you want to become a world-class security specialist, then becoming a world-class hacker would be the best way to get started.

What you’ll learn
  • Information Gathering Gather information and learn about target website Discover about important concepts Go over DNS server, sub-domains, directories, sensitive files, user emails, etc.
  • Discovering, Exploiting & Fixing Learn how to discover large vulnerabilities Learn how to exploit them Understand the code causing the vulnerability Learn how to fix them Go over vulnerabilities such as File Upload, File Location Inclusion, Remote File Inclusion, XSS, Insecure Session Management & Brute Force and Dictionary Attacks.
  • Post Exploitation What can you do with the access gained from the vulnerabilities Convert reverse shell access to a Weevely access and vice versa How to run system commands on the target server Navigate between directories Access other websites on the same server Upload/download files Access the database Download the whole database to your local machine You will learn how to bypass security
  • Discovering, Exploiting & Fixing Learn how to discover large vulnerabilities Learn how to exploit them Understand the code causing the vulnerability Learn how to fix them Go over vulnerabilities such as File Upload, File Location Inclusion, Remote File Inclusion, XSS, Insecure Session Management & Brute Force and Dictionary Attacks.

Covering Topics

1
Section 1 : Course Introduction
2
Section 2 : Preparation - Creating a Penetration Testing Lab
3
Section 3 : Preparation - Linux Basics
4
Section 4 : Website Basics
5
Section 5 : Information Gathering
6
Section 6 : Code Execution Vulnerabilities
7
Section 7 : Local File Inclusion Vulnerabilities (LFI)
8
Section 8 : Remote File Inclusion Vulnerabilities (RFI)
9
Section 9 : SQL Injection Vulnerabilities
10
Section 10 : SQL Injection Vulnerabilities - SQLi In Login Pages
11
Section 11 : SQL injection Vulnerabilities - Extracting Data From The Database
12
Section 12 : SQL injection Vulnerabilities - Advanced Exploitation
13
Section 13 : XSS Vulnerabilities
14
Section 14 : XSS Vulnerabilities - Exploitation
15
Section 15 : Insecure Session Management
16
Section 16 : Brute Force & Dictionary Attacks
17
Section 17 : Discovering Vulnerabilities Automatically Using Owasp ZAP
18
Section 18 : Post Exploitation

Curriculum

      Section 1 : Course Introduction
1
Course Introduction
      Section 2 : Preparation - Creating a Penetration Testing Lab
2
Lab Overview & Needed Software
3
Installing Kali 2017 As a Virtual Machine Using a Ready Image Preview
4
Installing Metasploitable As a Virtual Machine
5
Installing Windows As a Virtual Machine
      Section 3 : Preparation - Linux Basics
6
Basic Overview Of Kali Linux
7
The Linux Terminal & Basic Linux Commands Preview
8
Configuring Metasploitable & Lab Network Settings
      Section 4 : Website Basics
9
What is a Website?
10
How To Hack a Website ?
      Section 5 : Information Gathering
11
Gathering Information Using Whois Lookup
12
Discovering Technologies Used On The Website
13
Gathering Comprehensive DNS Information
14
Discovering Websites On The Same Server
15
Discovering Subdomains
16
Discovering Sensitive Files
17
Analysing Discovered Files
18
Maltego - Discovering Servers Domains & Files
19
Maltego - Discovering Websites Hosting Provider & Emails
      Section 6 : Code Execution Vulnerabilities
20
What are they? & How To Discover & Exploit Basic Code Execution Vulnerabilities
21
Exploiting Advanced Code Execution Vulnerabilities
22
[Security] - Fixing Code Execution Vulnerabilities
      Section 7 : Local File Inclusion Vulnerabilities (LFI)
23
What are they? And How To Discover & Exploit Them
24
Gaining Shell Access From LFI Vulnerabilities - Method 1
25
Gaining Shell Access From LFI Vulnerabilities - Method 2
      Section 8 : Remote File Inclusion Vulnerabilities (RFI)
26
Remote File Inclusion Vulnerabilities - Configuring PHP Settings
27
Remote File Inclusion Vulnerabilities - Discovery & Exploitation
28
Exploiting Advanced Remote File Inclusion Vulnerabilities
29
[Security] Fixing File Inclusion Vulnerabilities
      Section 9 : SQL Injection Vulnerabilities
30
What is SQL
31
Dangers of SQL Injections
      Section 10 : SQL Injection Vulnerabilities - SQLi In Login Pages
32
Discovering SQL Injections In POST
33
Bypassing Logins Using SQL Injection Vulnerability
34
Bypassing More Secure Logins Using SQL Injections
35
[Security] Preventing SQL Injections In Login Pages
      Section 11 : SQL injection Vulnerabilities - Extracting Data From The Database
36
Discovering SQL Injections in GET
37
Reading Database Information
38
Finding Database Tables
39
Extracting Sensitive Data Such As Passwords
      Section 12 : SQL injection Vulnerabilities - Advanced Exploitation
40
Discovering & Exploiting Blind SQL Injections
41
Discovering a More Complicated SQL Injection
42
Extracting Data (passwords) By Exploiting a More Difficult SQL Injection
43
Bypassing Security & Accessing All Records
44
Bypassing Filters
45
[Security] Quick Fix To Prevent SQL Injections
46
Reading & Writing Files On The Server Using SQL Injection Vulnerability
47
Getting A Reverse Shell Access & Gaining Full Control Over The Target Web Server
48
Discovering SQL Injections & Extracting Data Using SQLmap
49
Getting a Direct SQL Shell using SQLmap
50
[Security] - The Right Way To Prevent SQL Injection
      Section 13 : XSS Vulnerabilities
51
Introduction - What is XSS or Cross Site Scripting?
52
Discovering Basic Reflected XSS
53
Discovering Advanced Reflected XSS
54
Discovering An Even More Advanced Reflected XSS
55
Discovering Stored XSS
56
Discovering Advanced Stored XSS
57
Discovering Dom Based XSS
      Section 14 : XSS Vulnerabilities - Exploitation
58
Hooking Victims To BeEF Using Reflected XSS
59
Hooking Victims To BeEF Using Stored XSS
60
BeEF - Interacting With Hooked Victims
61
BeEF - Running Basic Commands On Victims
62
BeEF - Stealing Credentials/Passwords Using A Fake Login Prompt
63
Installing Veil 3
64
Bonus - Veil Overview & Payloads Basics
65
Bonus - Generating An Undetectable Backdoor Using Veil 3
66
Bonus - Listening For Incoming Connections
67
Bonus - Using A Basic Deliver Method To Test The Backdoor & Hack Windows 10
68
BeEF - Gaining Full Control Over Windows Target
69
[Security] Fixing XSS Vulnerabilities
      Section 15 : Insecure Session Management
70
Logging In As Admin Without a Password By Manipulating Cookies
71
Discovering Cross Site Request Forgery Vulnerabilities (CSRF)
72
Exploiting CSRF Vulnerabilities To Change Admin Password Using a HTML File
73
Exploiting CSRF Vulnerabilities To Change Admin Password Using Link
74
[Security] The Right Way To Prevent CSRF Vulnerabilities
      Section 16 : Brute Force & Dictionary Attacks
75
What Are Brute Force & Dictionary Attacks?
76
Creating a Wordlist
77
Launching a Wordlist Attack & Guessing Login Password Using Hydra
      Section 17 : Discovering Vulnerabilities Automatically Using Owasp ZAP
78
Scanning Target Website For Vulnerabilities
79
Analysing Scan Results
      Section 18 : Post Exploitation
80
Post Exploitation Introduction
81
Interacting With The Reverse Shell Access Obtained In Previous Lectures
82
Escalating Reverse Shell Access To Weevely Shell
83
Weevely Basics - Accessing Other Websites Running Shell Commands ...etc
84
Bypassing Limited Privileges & Executing Shell Commands
85
Downloading Files From Target Webserver
86
Uploading Files To Target Webserver
87
Getting a Reverse Connection From Weevely
88
Accessing The Database

Frequently Asked Questions

It is an online tutorial that covers a specific part of a topic in several sections. An Expert teaches the students with theoretical knowledge as well as with practical examples which makes it easy for students to understand.

A Course helps the user understand a specific part of a concept. While a path and E-Degrees are broader aspects and help the user understand more than just a small area of the concept.

A Course will help you understand any particular topic. For instance, if you are a beginner and want to learn about the basics of any topic in a fluent manner within a short period of time, a Course would be best for you to choose

We have an inbuilt question-answer system to help you with your queries. Our support staff will be answering all your questions regarding the content of the Course.