Learn how to hack websites and web applications like black hat hackers, and how to secure them like security experts.
What you’ll learn
• Install hacking lab & needed software (works on Windows, OS X and Linux).
• Discover, exploit and mitigate a number of dangerous vulnerabilities.
• Use advanced techniques to discover and exploit these vulnerabilities.
• Bypass security measurements and escalate privileges.
• Intercept requests employing a proxy.
• Hack all websites on same server.
• Bypass filters and client-side security
• Adopt SQL queries to get and exploit SQL injections in secure pages
• Gain full control over target server using SQL injections
• Discover & exploit blind SQL injections
• Install Kali Linux – a penetration testing OS
• Install windows & vulnerable operating systems as virtual machines for testing
• Learn linux commands and the way to interact with the terminal
• Learn linux basics
• Understand how websites & web applications work
• Understand how browsers communicate with websites
• Gather sensitive information about websites
• Discover servers, technologies and services used on track website
• Discover emails and sensitive data related to a selected website
• Find all subdomains related to an internet site
• Discover unpublished directories and files related to a target website
• Find all websites hosted on an equivalent server because the target website
• Discover, exploit and fix file upload vulnerabilities
• Exploit advanced file upload vulnerabilities & gain full control over the target website
• Discover, exploit and fix code execution vulnerabilities
• Exploit advanced code execution vulnerabilities & gain full control over the target website
• Discover, exploit & fix local file inclusion vulnerabilities
• Exploit advanced local file inclusion vulnerabilities & gain full control over the target website
• Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website
• Discover, fix, and exploit SQL injection vulnerabilities
• Bypass login forms and login as admin using SQL injections
• Writing SQL queries to seek out databases, tables and sensitive data like usernames ad passwords using SQL injections
• Bypass filtering, and login as admin without password using SQL injections
• Bypass filtering and security measurements
• Read / Write files to the server using SQL injections
• Patch SQL injections quickly
• Learn the proper thanks to write SQL queries to stop SQL injections
• Discover basic & advanced reflected XSS vulnerabilities
• Discover basic & advanced stored XSS vulnerabilities
• Discover DOM-based XSS vulnerabilities
• How to use BeEF framwork
• Hook victims to BeEF using reflected, stored and DOM based XSS vulnerabilities
• Steal credentials from hooked victims
• Run javascript code on hooked victims
• Create an undetectable backdoor
• Hack into hooked computers and gain full control over them
• Fix XSS vulnerabilities & protect yourself from them as a user
• What can we mean by brute force & wordlist attacks
• Create a wordlist or a dictionary
• Launch a wordlist attack and guess admin’s password
• Discover all of the above vulnerabilities automatically employing a web proxy
• Run system commands on the target webserver
• Access the filing system (navigate between directories, read/write files)
• Download, upload files
• Bypass security measurements
• Access all websites on an equivalent webserver
• Connect to the database and execute SQL queries or download the entire database to the local machine
Requirements
Basic IT Skills
No Linux, programming or hacking knowledge required.
Computer with a minimum of 4GB ram/memory
Operating System: Windows / OS X / Linux
Description
Welcome to my comprehensive course on Website & Web applications Hacking! This course assumes you’ve got NO prior knowledge in hacking and by the top of it you’ll be at a high level, having the ability to hack websites like black-hat hackers and secure them like security experts! Note: Although some titles during this course might sound almost like one among my other courses, that course only covers the fundamentals of website hacking where this one dives much deeper during this subject covering more advanced techniques and topics, these courses are designed to co-exist. This course is very practical but it won’t neglect the idea , first you’ll find out how to put in the needed software (works on Windows, Linux and Mac OS X) then we’ll start with basics about how websites work, the various components that make an internet site , the technologies used, then we’ll dive into website hacking immediately . From here onwards you’ll learn everything by example, by discovering vulnerabilities and exploiting them to hack into websites, so we’ll never have any dry boring theoretical lectures. Before jumping into hacking, you’ll first find out how to collect comprehensive information about your target website, then the course is split into variety of sections, each section covers the way to discover, exploit and mitigate a standard web application vulnerability, for every vulnerability you’ll first learn the essential exploitation, then you’ll learn advanced techniques to bypass security, escalate your privileges, access the database, and even use the hacked websites to hack into other websites on an equivalent server. you’ll find out how and why these vulnerabilities are exploitable, the way to fix them and what are the proper practices to avoid causing them. Here’s a more detailed breakdown of the course content: 1. operation – during this section you’ll find out how to collect information a few target website, you’ll find out how to get the DNS server used, the services, subdomains, un-published directories, sensitive files, user emails, websites on an equivalent server and even the online hosting provider. This information is crucial because it increases the probabilities of having the ability to successfully gain access to the target website. 2. Discovering, Exploiting & Mitigation – during this section you’ll find out how to get , exploit and mitigate an outsized number of vulnerabilities, this section is split into variety of sub-sections, each covering a selected vulnerability, firstly you’ll learn what’s that vulnerability and what does it allow us to try to to , then you’ll find out how to take advantage of this vulnerability and bypass security measurements, and eventually we’ll analyse the code causing this vulnerability and see the way to fix it, the subsequent vulnerabilities are covered within the course:
File upload : This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website.
Code Execution – This vulnerability allow users to run system code on the target web server, this will be wont to execute malicious code and obtain a reverse shell access which provides the attacker full control over the target web server.
Local File inclusion – This vulnerability are often wont to read any file on the target server, so it are often exploited to read sensitive files, we’ll not stop at that though, you’ll learn two methods to escalate this vulnerability and obtain a reverse shell connection which provides you full control over the target web server.
Remote File inclusion – This vulnerability are often load remote files on the target web server, exploiting this vulnerability properly gives you full control over the target web server.
SQL Injection– this is often one among the foremost dangerous vulnerabilities, it’s found everywhere and may be exploited to try to to all of the items the above vulnerabilities allow us to try to to and more, so it allows you to login as admin without knowing the password, access the database and obtain all data stored there like usernames, passwords, credit cards ….etc, read/write files and even get a reverse shell access which provides you full control over the target server!
Cross Site Scripting (XSS) – This vulnerability are often wont to run javascript code on users who access the vulnerable page, we won’t stop at that, you’ll find out how to steal credentials from users (such as facebook or youtube passwords) and even gain full access to their computer. you’ll learn all three types (reflected, stored and DOM-based).
Insecure Session Management – during this section you’ll find out how to take advantage of insecure session management in web applications and login to other user accounts without knowing their password, you’ll also find out how to get and exploit CSRF (Cross Site Request Forgery) vulnerabilities.
Brute Force & Dictionary Attacks – during this section you’ll learn what are these attacks, what’s the difference between them and the way to launch them, in successful cases you’ll be ready to guess the password for a target login page.
3. Post Exploitation – during this section you’ll learn what are you able to do with the access you gained from exploiting the above vulnerabilities, you’ll find out how to convert reverse shell access to a Weevely access and the other way around , you’ll also find out how to execute system commands on the target server, navigate between directories, access other websites on an equivalent server, upload/download files, access the database and even download the entire database to your local machine. you’ll also find out how to bypass security and do all of that albeit you probably did not have enough permissions! With this course you’ll get 24/7 support, so if you’ve got any questions you’ll post them within the Q&A section and we’ll answer you within 15 hours. NOTE: This course is made for educational purposes only and every one the attacks are launched in my very own lab or against devices that I even have permission to check . NOTE: This course is completely a product of Zaid Sabih and no other organization is related to it or a certification exam. Although, you’ll receive a Course Completion Certification from Udemy, aside from that NO OTHER ORGANIZATION IS INVOLVED.
Who this course is for:
Anybody who is curious about learning website & web application hacking / penetration testing
Anybody who wants to find out how hackers hack websites
Anybody who wants to find out the way to secure websites & web applications from hacker
Web developers in order that they can create secure web application & secure their existing ones
Web admins in order that they can secure their websites
Created by Zaid Sabih
Last updated 1/2019 English
English [Auto-generated]
Size: 1.60 GB
