Home / Course catalog / Advanced Web Hacking & Penetration Testing Course ...

Advanced Web Hacking & Penetration Testing Course - Scratch to Advance

Web hacking


Description

This course assumes you have NO prior knowledge in hacking and by the end of it you'll be at a high level, being able to hack websites like black-hat hackers and secure them like security experts!

This course is highly practical but it won't neglect the theory, first you'll learn how to install the needed software (works on Windows, Linux and Mac OS X) and then we'll start with basics about how websites work, the different components that make a website, the technologies used, and then we'll dive into website hacking straight away. From here onwards you'll learn everything by example, by discovering vulnerabilities and exploiting them to hack into websites, so we'll never have any dry boring theoretical lectures.

Before jumping into hacking, you'll first learn how to gather comprehensive information about your target website, then the course is divided into a number of sections, each section covers how to discover, exploit and mitigate a common web application vulnerability, for each vulnerability you will first learn the basic exploitation, then you will learn advanced techniques to bypass security, escalate your privileges, access the database, and even use the hacked websites to hack into other websites on the same server.

Here's a more detailed breakdown of the course content:

1. Information Gathering - In this section, you'll learn how to gather information about a target website, you'll learn how to discover the DNS server used, the services, subdomains, un-published directories, sensitive files, user emails, websites on the same server and even the web hosting, provider. This information is crucial as it increases the chances of being able to successfully gain access to the target website.

2. Discovering, Exploiting & Mitigation - In this section you will learn how to discover, exploit and mitigate a large number of vulnerabilities, this section is divided into a number of sub-sections, each covering a specific vulnerability, firstly you will learn what is that vulnerability and what does it allow us to do, then you will learn how to exploit this vulnerability and bypass security measurements, and finally we will analyze the code causing this vulnerability and see how to fix it, the following vulnerabilities are covered in the course:

File upload: This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website.

Code Execution - This vulnerability allows users to run system code on the target web server, this can be used to execute malicious code and get a reverse shell access which gives the attacker full control over the target web server.

Local File inclusion - This vulnerability can be used to read any file on the target server, so it can be exploited to read sensitive files, we will not stop at that though, you will learn two methods to escalate this vulnerability and get a reverse shell connection which gives you full control over the target web server.

Remote File inclusion - This vulnerability can be load remote files on the target web server, exploiting this vulnerability properly gives you full control over the target web server.

SQL Injection- This is one of the most dangerous vulnerabilities, it is found everywhere and can be exploited to do all of the things the above vulnerabilities allow us to do and more, so it allows you to log in as admin without knowing the password, access the database and get all data stored there such as usernames, passwords, credit cards ....etc, read/write files and even get a reverse shell access which gives you full control over the target server!

Cross Site Scripting (XSS) - This vulnerability can be used to run javascript code on users who access the vulnerable page, we won't stop at that, you will learn how to steal credentials from users (such as Facebook or youtube passwords) and even gain full access to their computer. You will learn all three types (reflected, stored and DOM-based).
3. Post Exploitation - In this section you will learn what can you do with the access you gained from exploiting the above vulnerabilities, you will learn how to convert reverse shell access to a Weevely access and vice versa, you will also learn how to execute system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the whole database to your local machine. You will also learn how to bypass security and do all of that even if you did not have enough permissions!

Continue To Order: https://ethicalhackersacademy.com/collec...

Content
  • Introduction sample
  • Setup Penetration Testing lab
  • Lab Overview & Software's Needed
  • Installing Kali 2018 On A Virtual Machine
  • Installing Metasploitable As a Virtual Machine
  • Installing Windows As a Virtual Machine
  • Linux Basics
  • Basic Overview Of Kali Linux
  • The Linux Terminal & Basic Linux Commands
  • Configuring Metasploitable & Lab Network Settings
  • Website Basics
  • What is a Website?
  • How To Hack a Website ?
  • Information Gathering
  • Gathering Information Using Whois Lookup
  • Discovering Technologies Used On The Website
  • Gathering Comprehensive DNS Information
  • Discovering Websites On The Same Server
  • Discovering Subdomains
  • Discovering Sensitive Files
  • Analysing Discovered Files
  • Maltego - Discovering Servers, Domains & Files
  • Maltego - Discovering Websites, Hosting Provider & Emails
  • File Upload Vulnerabilities
  • What are they? And How To Discover & Exploit Basic File Upload Vulnerabilities
  • HTTP Requests - GET & POST
  • Intercepting HTTP Requests
  • Exploiting Advanced File Upload Vulnerabilities
  • Exploiting More Advanced File Upload Vulnerabilities
  • [Security] Fixing File Upload Vulnerabilities
  • Code Execution Vulnerabilities
  • What are they? & How To Discover & Exploit Code Execution Vulnerabilities
  • Exploiting Advanced Code Execution Vulnerabilities
  • Fixing Code Execution Vulnerabilities
  • Local File Inclusion Vulnerabilities
  • What are they? And How To Discover & Exploit Them
  • Gaining Shell Access From LFI Vulnerabilities - Method 1
  • Gaining Shell Access From LFI Vulnerabilities - Method 2
  • Remote File Inclusion Vulnerabilities
  • Remote File Inclusion Vulnerabilities - Configuring PHP Settings
  • Remote File Inclusion Vulnerabilities - Discovery & Exploitation
  • Exploiting Advanced Remote File Inclusion Vulnerabilities
  • Fixing File Inclusion Vulnerabilities
  • SQL Injection Vulnerabilities
  • What is SQL
  • Dangers of SQL Injections
  • SQL Injection Vulnerabilities - SQLi In Login Pages
  • Discovering SQL Injections In POST
  • Bypassing Logins Using SQL Injection Vulnerability
  • Bypassing More Secure Logins Using SQL Injections
  • Preventing SQL Injections In Login Pages
  • SQL INJEction Vulnerabilities - Extracting Data from the database
  • Discovering SQL Injections in GET
  • Reading Database Information
  • Finding Database Tables
  • Extracting Sensitive Data Such As Passwords
  • SQL Injection Vulnerabilities - Advanced Exploitation
  • Discovering & Exploiting Blind SQL Injections  sample
  • Discovering a More Complicated SQL Injection
  • Extracting Data (passwords) By Exploiting a More Difficult SQL Injection
  • Bypassing Filters
  • Quick Fix To Prevent SQL Injections
  • Reading & Writing Files On The Server Using SQL Injection Vulnerability
  • Reverse Shell Access & Gaining Full Control Over The Target Web Server
  • Discovering SQL Injections & Extracting Data Using SQLmap
  • Getting a Direct SQL Shell using SQLmap
  • The Right Way To Prevent SQL Injection
  • XSS Vulnerabilities
  • Introduction - What is XSS or Cross Site Scripting?
  • Discovering Basic Reflected XSS
  • Discovering Advanced Reflected XSS
  • Discovering An Even More Advanced Reflected XSS
  • Discovering Stored XSS
  • Discovering Advanced Stored XSS
  • XSS Vulnerabilities - Exploitation
  • Hooking Victims To BeEF Using Reflected XSS
  • Hooking Victims To BeEF Using Stored XSS
  • BeEF - Interacting With Hooked Victims
  • BeEF - Running Basic Commands On Victims
  • BeEF - Stealing Credentials/Passwords Using A Fake Login Prompt
  • Bonus - Installing Veil 3.1
  • Bonus - Veil Overview & Payloads Basics
  • Bonus - Generating An Undetectable Backdoor Using Veil 3
  • Bonus - Listening For Incoming Connections
  • Bonus - Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10
  • BeEF - Gaining Full Control Over Windows Target
  • Fixing XSS Vulnerabilities
  • Insecure Session Management
  • Logging In As Admin Without a Password By Manipulating Cookies
  • Discovering Cross Site Request Forgery Vulnerabilities (CSRF)
  • Exploiting CSRF Vulnerabilities To Change Admin Password Using a HTML File
  • Exploiting CSRF Vulnerabilities To Change Admin Password Using Link
  • The Right Way To Prevent CSRF Vulnerabilities
  • Brute Force & Dictionary Attacks
  • What Are Brute Force & Dictionary Attacks?
  • Creating a Wordlist
  • Launching a Wordlist Attack & Guessing Login Password Using Hydra
  • Discovering Vulnerabilities Using ZAP
  • Scanning Target Website For Vulnerabilities
  • Analysing Scan Results
  • Post Exploitation
  • Post Exploitation Introduction
  • Interacting With The Reverse Shell Access Obtained In Previous Lectures
  • Escalating Reverse Shell Access To Weevely Shell
  • Weevely Basics - Accessing Other Websites, Running Shell Commands
  • Bypassing Limited Privileges & Executing Shell Commands
  • Downloading Files From Target Webserver
  • Uploading Files To Target Webserver
  • Getting a Reverse Connection From Weevely
  • Accessing The Database
  • Bonus Section
Completion rules
  • All units must be completed
  • Leads to a certification with a duration: Forever