Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Learn Website Hacking / Penetration Testing From Scratch
Training Overview
Description of Training
Video Overview (2:40)
Section 0.
Course Introduction (2:13)
Section 1. Preparation - Creating a Penetration Testing Lab
Lab Overview & Needed Software (5:54)
Initial Preparation (9:12)
Installing Kali Linux as a VM on Windows (9:16)
Installing Kali Linux as a VM on Apple Mac OS (9:24)
Installing Kali Linux as a VM on Linux (10:41)
Installing Metasploitable As a Virtual Machine (4:33)
Section 2. Preparation - Linux Basics
Basic Overview Of Kali Linux (5:22)
The Linux Terminal & Basic Linux Commands (13:06)
Configuring Metasploitable & Lab Network Settings (3:45)
Section 3. Website Basics
What is a Website? (5:16)
How To Hack a Website ? (5:31)
Section 4. Information Gathering
Gathering Information Using Whois Lookup (4:41)
Discovering Technologies Used On The Website (6:03)
Gathering Comprehensive DNS Information (10:23)
Discovering Websites On The Same Server (3:43)
Discovering Subdomains (7:18)
Discovering Sensitive Files (7:25)
Analysing Discovered Files (4:17)
Maltego - Discovering Servers, Domains & Files (7:42)
Maltego - Discovering Websites, Hosting Provider & Emails (4:49)
Section 5. File Upload Vulnerabilities
How To Discover & Exploit Basic File Upload Vulnerabilities to Hack Websites (6:43)
GET & POST Requests (5:20)
Intercepting Requests (8:02)
Exploiting Advanced File Upload Vulnerabilities To Hack Websites (5:09)
Exploiting More Advanced File Upload Vulnerabilities (6:33)
[Security] Fixing File Upload Vulnerabilities (6:22)
Section 6. Code Execution Vulnerabilities
How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites (7:25)
Exploiting Advanced Code Execution Vulnerabilities (6:06)
[Security] - Fixing Code Execution Vulnerabilities (5:47)
Section 7. Local File Inclusion Vulnerabilities (LFI)
What are they? And How To Discover & Exploit Them (5:49)
Gaining Shell Access From LFI Vulnerabilities - Method 1 (6:46)
Section 8. Remote File Inclusion Vulnerabilities (RFI)
Remote File Inclusion Vulnerabilities - Configuring PHP Settings (3:46)
Remote File Inclusion Vulnerabilities - Discovery & Exploitation (5:44)
Exploiting Advanced Remote File Inclusion Vulnerabilities To Hack Websites (2:49)
[Security] Fixing File Inclusion Vulnerabilities (5:54)
Section 9. SQL Injection Vulnerabilities
What is SQL (5:48)
Dangers of SQL Injections (2:53)
Section 10. SQL Injection Vulnerabilities - SQLi In Login Pages
Discovering SQL Injections In POST (7:56)
Bypassing Logins Using SQL Injection Vulnerability (4:48)
Bypassing More Secure Logins Using SQL Injections (6:24)
[Security] Preventing SQL Injections In Login Pages (7:43)
Section 11. SQL injection Vulnerabilities - Extracting Data From The Database
Discovering SQL Injections in GET (7:02)
Reading Database Information (5:26)
Finding Database Tables (3:33)
Extracting Sensitive Data Such As Passwords (4:29)
Section 12. SQL injection Vulnerabilities - Advanced Exploitation
Discovering & Exploiting Blind SQL Injections (5:53)
Discovering Complex SQL Injection Vulnerabilities (7:21)
Exploiting an Advanced SQL Injection Vulnerability to Extract Passwords (4:47)
Bypassing Filters (4:48)
Bypassing Security & Accessing All Records (8:36)
[Security] Quick Fix To Prevent SQL Injections (6:43)
Reading & Writing Files On The Server Using SQL Injections (5:57)
Getting A Shell & Controlling The Target Server Using an SQL Injection (8:26)
Discovering SQL Injections & Extracting Data Using SQLmap (6:47)
Getting a Direct SQL Shell using SQLmap (2:57)
[Security] - The Right Way To Prevent SQL Injection Vulnerabilities (4:58)
Section 13. XSS Vulnerabilities
Introduction - What is XSS or Cross Site Scripting? (3:09)
Discovering Basic Reflected XSS (3:46)
Discovering Advanced Reflected XSS (4:34)
Discovering An Even More Advanced Reflected XSS (7:04)
Discovering Stored XSS (2:56)
Discovering Advanced Stored XSS (3:36)
Section 14. XSS Vulnerabilities - Exploitation
Installing Windows As a Virtual Machine (5:44)
Installing Windows as a Virtual Machine on Apple Silicon Computers (4:53)
Hooking Victims To BeEF Using Reflected XSS (5:41)
Hooking Victims To BeEF Using Stored XSS (4:09)
Interacting With Hooked Victims (3:56)
Running Basic Commands On Victims (4:24)
Stealing Credentials/Passwords Using A Fake Login Prompt (2:17)
Bonus - Backdoors and Payloads Basics (11:52)
Bonus - Creating Your Own Backdoor (8:14)
Bonus - Listening for Backdoor Connections (4:15)
Bonus - Hacking Windows 11 Using Your Own Backdoor (6:27)
Bonus - How to Bypass Anti-Virus Programs (6:02)
BeEF - Gaining Full Control Over Windows Target (3:39)
[Security] Fixing XSS Vulnerabilities (7:17)
Section 15. Insecure Session Management
Logging In As Admin Without a Password By Manipulating Cookies (6:05)
Discovering Cross Site Request Forgery Vulnerabilities (CSRF) (6:46)
Exploiting CSRF Vulnerabilities To Change Admin Password Using a HTML File (7:00)
Exploiting CSRF Vulnerabilities To Change Admin Password Using Link (5:40)
[Security] The Right Way To Prevent CSRF Vulnerabilities (9:19)
Section 16. Brute Force & Dictionary Attacks
Introduction to Brute Force & Dictionary Attacks? (3:44)
Creating a Wordlist (6:35)
Guessing Login Password Using a Wordlist Attack With Hydra (13:32)
Section 17. Discovering Vulnerabilities Automatically Using Owasp ZAP
Scanning Target Website For Vulnerabilities (4:19)
Analysing Scan Results (4:11)
Section 18. Post Exploitation
Post Exploitation Introduction (3:58)
Executing System Commands On Hacked Web Servers (6:59)
Escalating Reverse Shell Access To Weevely Shell (7:52)
Weevely Basics - Accessing Other Websites, Running Shell Commands ...etc (6:32)
Bypassing Limited Privileges & Executing Shell Commands (4:53)
Downloading Files From Target Webserver (4:39)
Uploading Files To Target Webserver (7:53)
Getting a Reverse Connection From Weevely (7:46)
Accessing The Database (8:53)
Conclusion (5:20)
Writing a Pentest Report (13:48)
4 Ways to Secure Websites & Apps (9:23)
Audio Version of Training
Audio Download
Running Basic Commands On Victims
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock