1. Website Hacking : Become a bug bounty hunter! Hack websites & web applications like black hat hackers and secure them like experts.
What you’ll learn
Website Hacking / Penetration Testing & Bug Bounty Hunting Course Site
- 90+ Videos to take you from a beginner to advanced in website hacking.
- Create a hacking lab & needed software (on Windows, OS X, and Linux).
- Become a bug bounty hunters & discover bug bounty bugs!
- Discover, exploit and mitigate several dangerous web vulnerabilities.
- Exploit these vulnerabilities to hack into web servers.
- Bypass security & advanced exploitation of these vulnerabilities.
- Advanced post-exploitation – hack other websites on the same server, dump the database, privilege escalation….etc
- Bypass security & filters.
- Intercept requests using a proxy.
- Adopt SQL queries to discover and exploit SQL injections in secure pages.
- Gain full control over the target server using SQL injections.
- Discover & exploit blind SQL injections.
- Install Kali Linux – a penetration testing operating system.
- Learn Linux commands and how to interact with the terminal.
- Learn Linux basics.
- Understand how websites & web applications work.
- Understand how browsers communicate with websites.
- Gather sensitive information about websites.
- Discover servers, technologies & services used on the target website.
- Discover emails & sensitive data associated with a specific website.
- Find all subdomains associated with a website.
- Discover unpublished directories & files associated with a target website.
- Find all websites hosted on the same server as the target website.
- Discover, exploit and fix file upload vulnerabilities.
- Exploit advanced file upload vulnerabilities & gain full control over the target website.
- Discover, exploit and fix code execution vulnerabilities.
- Exploit advanced code execution vulnerabilities & gain full control over the target website.
- Discover, exploit & fix local file inclusion vulnerabilities.
- Exploit local file inclusion vulnerabilities to get a shell.
- Advanced local file inclusion vulnerabilities & gain full control over the target website.
- Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website.
- Discover, fix, and exploit SQL injection vulnerabilities.
- Bypass login forms and login as admin using SQL injections.
- Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections
- Bypass filtering, and log in as admin without password using SQL injections.
- Bypass filtering and security measurements.
- Read / Write files to the server using SQL injections.
- Patch SQL injections quickly.
- Learn the right way to write SQL queries to prevent SQL injections.
- Discover basic & advanced reflected XSS vulnerabilities.
- Discover basic & advanced stored XSS vulnerabilities.
- How to use the BeEF framework.
- Hook users to BeEF using reflected & XSS vulnerabilities.
- Steal credentials from hooked targets.
- Create an undetectable backdoor.
- Hack computers using XSS vulnerabilities.
- Fix XSS vulnerabilities & protect yourself from them as a user.
- What do we mean by brute force & wordlist attacks?
- Create a wordlist or a dictionary.
- Launch a wordlist attack and guess the admin’s password.
- Discover all of the above vulnerabilities automatically using a web proxy.
- Run system commands on the target webserver.
- Access the file system (navigate between directories, read/write files).
- Download, upload files.
- Bypass security measurements.
- Access all websites on the same web server.
- Connect to the database and execute SQL queries or download the whole database to the local machine.
- Discover, exploit and mitigate CSRF vulnerabilities.
- Basic IT Skills.
- No Linux, programming or hacking knowledge required.
- Computer with a minimum of 4GB ram/memory.
- Operating System: Windows / OS X / Linux.
dives much deeper in this topic covering more techniques, more vulnerabilities, advanced exploitation, advanced post-exploitation, bypassing security and more!
Welcome to this comprehensive course on Website penetration testing. In this course, you’ll learn website/web applications hacking & Bug Bounty hunting! This course assumes you have NO prior knowledge in hacking, and by the end of it, you’ll be at a high level, being able to hack & discover bugs in websites like black-hat hackers and secure them like security experts!
This course is highly practical but it won’t neglect the theory, first, you’ll learn how to install the needed software (on Windows, Linux, and Mac OS X) and then we’ll start with websites basics, the different components that make a website, the technologies used, and then we’ll dive into website hacking straight away. From here onwards you’ll learn everything by example, by discovering vulnerabilities and exploiting them to hack into websites, so we’ll never have any dry boring theoretical lectures.
All of the vulnerabilities covered here are very common in bug bounty programs, and most of them are part of the OWASP top 10.
You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid causing them.
Here’s a more detailed breakdown of the course content:
1. Information Gathering – In this section, you’ll learn how to gather information about a target website, you’ll learn how to discover its DNS information, the services used, subdomains, un-published directories, sensitive files, user emails, websites on the same server and even the hosting provider. This information is crucial as it increases the chances of being able to successfully gain access to the target website.
2. Discovery, Exploitation & Mitigation – In this section you will learn how to discover, exploit and mitigate a large number of vulnerabilities, this section is divided into several sub-sections, each covering a specific vulnerability, firstly you will learn what is that vulnerability and what does it allow us to do, then you will learn how to exploit this vulnerability and bypass security, and finally we will analyze the code causing this vulnerability and
see how to fix it, the following vulnerabilities are covered in the course:
- File upload – This vulnerability allows attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website.
- Code Execution – This vulnerability allows users to execute system code on the target web server, this can be used to execute malicious code and get reverse shell access which gives the attacker full control over the target web server.
- Insecure Session Management– In this section you will learn how to exploit insecure session management in web applications and login to other user accounts without knowing their password, you’ll also learn how to discover and exploit CSRF (Cross-Site Request Forgery) vulnerabilities to force users to change their password, or submit any request you want.
- Brute Force & Dictionary Attacks– In this section, you will learn what are these attacks, the difference between them and how to launch them, in successful cases, you will be able to guess the password for a target user.
3. Post Exploitation – In this section, you will learn what can you do with the access you gained by exploiting the above vulnerabilities, you will learn how to convert reverse shell access to Weevely access and vice versa, you will learn how to execute system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the whole database to your local machine. You will also learn how to bypass security and do all of that even if you did not have enough permissions!
With this course, you get 24/7 support, so if you have any questions you can post them in the Q&A section and we’ll respond to you within 15 hours.
- This course is a product of Zaid Sabih & security, no other organization is associated with it or a certification exam.
Who this course is for:
- Anybody interested in learning website & web application hacking/penetration testing.
- Anybody interested in becoming a bug bounty hunter.
- Web developers, so they can create secure web applications & secure their existing ones.
- Anybody interested in website hacking.
- Anybody interested in learning how to secure websites & web applications from the hacker.
- Web admins, so they can secure their websites.
- YouTube Masterclass – Your Complete Guide to YouTube
- Last updated 3/2020
Content From: https://www.udemy.com/course/learn-website-hacking-penetration-testing-from-scratch/