Ethicalhackersacademy

Content

Introduction sample
Setup Penetration Testing lab
Lab Overview & Software's Needed
The-Lab.pdf
Download VirtualBox VirtualBox 5.2
Installing Kali 2018 On A Virtual Machine
Kali Linux Downloads – Virtual Images
How To Fix Nat Network Issue
How to fix Blank Screen When Starting Kali
Installing Kali Using ISO Image
Installing Metasploitable As a Virtual Machine
Metasploitable - Virtual Machine to Test Metasploit
Installing Windows As a Virtual Machine
virtual machines
Linux Basics
Basic Overview Of Kali Linux
The Linux Terminal & Basic Linux Commands
Linux Commands
Configuring Metasploitable & Lab Network Settings
How To Fix Nat Network Issue 1
Website Basics
What is a Website?
Intro-what-is-a-website.pdf
How To Hack a Website ?
Information Gathering
Gathering Information Using Whois Lookup
Discovering Technologies Used On The Website
Gathering Comprehensive DNS Information
Discovering Websites On The Same Server
Discovering Subdomains
Discovering Sensitive Files
Analysing Discovered Files
Maltego - Discovering Servers, Domains & Files
Maltego - Discovering Websites, Hosting Provider & Emails
File Upload Vulnerabilities
What are they? And How To Discover & Exploit Basic File Upload Vulnerabilities
HTTP Requests - GET & POST sample
Intercepting HTTP Requests
Exploiting Advanced File Upload Vulnerabilities
Exploiting More Advanced File Upload Vulnerabilities
[Security] Fixing File Upload Vulnerabilities
Code Execution Vulnerabilities
What are they? & How To Discover & Exploit Code Execution Vulnerabilities
Exploiting Advanced Code Execution Vulnerabilities
Fixing Code Execution Vulnerabilities
Local File Inclusion Vulnerabilities
What are they? And How To Discover & Exploit Them
Gaining Shell Access From LFI Vulnerabilities - Method 1
Gaining Shell Access From LFI Vulnerabilities - Method 2
Remote File Inclusion Vulnerabilities
Remote File Inclusion Vulnerabilities - Configuring PHP Settings
Remote File Inclusion Vulnerabilities - Discovery & Exploitation
Exploiting Advanced Remote File Inclusion Vulnerabilities
Fixing File Inclusion Vulnerabilities
SQL Injection Vulnerabilities
What is SQL
Dangers of SQL Injections
SQL Injection Vulnerabilities - SQLi In Login Pages
Discovering SQL Injections In POST
Bypassing Logins Using SQL Injection Vulnerability
Bypassing More Secure Logins Using SQL Injections
Preventing SQL Injections In Login Pages
SQL INJEction Vulnerabilities - Extracting Data from th...
Discovering SQL Injections in GET
Reading Database Information
Finding Database Tables
Extracting Sensitive Data Such As Passwords
SQL Injection Vulnerabilities - Advanced Exploitation
Discovering & Exploiting Blind SQL Injections sample
Discovering a More Complicated SQL Injection
Extracting Data (passwords) By Exploiting a More Difficult SQL Injection
Bypassing Filters
Quick Fix To Prevent SQL Injections
Reading & Writing Files On The Server Using SQL Injection Vulnerability
Reverse Shell Access & Gaining Full Control Over The Target Web Server
Discovering SQL Injections & Extracting Data Using SQLmap
Getting a Direct SQL Shell using SQLmap
The Right Way To Prevent SQL Injection
XSS Vulnerabilities
Introduction - What is XSS or Cross Site Scripting?
Discovering Advanced Reflected XSS
Discovering An Even More Advanced Reflected XSS
Discovering Stored XSS
Discovering Advanced Stored XSS
XSS Vulnerabilities - Exploitation
Hooking Victims To BeEF Using Reflected XSS
Hooking Victims To BeEF Using Stored XSS
BeEF - Interacting With Hooked Victims
BeEF - Running Basic Commands On Victims
BeEF - Stealing Credentials/Passwords Using A Fake Login Prompt
Bonus - Installing Veil 3.1
Bonus - Veil Overview & Payloads Basics
Bonus - Generating An Undetectable Backdoor Using Veil 3
Bonus - Listening For Incoming Connections
Bonus - Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10
BeEF - Gaining Full Control Over Windows Target
Fixing XSS Vulnerabilities
Insecure Session Management
Logging In As Admin Without a Password By Manipulating Cookies
Discovering Cross Site Request Forgery Vulnerabilities (CSRF) sample
Exploiting CSRF Vulnerabilities To Change Admin Password Using a HTML File
Exploiting CSRF Vulnerabilities To Change Admin Password Using Link
The Right Way To Prevent CSRF Vulnerabilities
Brute Force & Dictionary Attacks
What Are Brute Force & Dictionary Attacks?
Creating a Wordlist
Launching a Wordlist Attack & Guessing Login Password Using Hydra
Discovering Vulnerabilities Using ZAP
Scanning Target Website For Vulnerabilities
Analysing Scan Results
Post Exploitation
Post Exploitation Introduction
Interacting With The Reverse Shell Access Obtained In Previous Lectures
Escalating Reverse Shell Access To Weevely Shell sample
Weevely Basics - Accessing Other Websites, Running Shell Commands
Bypassing Limited Privileges & Executing Shell Commands
Downloading Files From Target Webserver
Uploading Files To Target Webserver
Getting a Reverse Connection From Weevely
Accessing The Database
Discovering Basic Reflected XSS

Completion rules

All units must be completed
Leads to a certification with a duration: Forever

Course info

Advanced Web Hacking & Penetration Testing Course - Scratch to Advance

Congratulations!

Course completed!

Notice

Notice

Notice