CG数据库 >> Learn Website Hacking / Penetration Testing From Scratch (Apr. 2018)

Learn Website Hacking / Penetration Testing From Scratch (Apr. 2018)的图片1

MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz, Stereo | Duration: 9h 6m | 1.35 GB

Genre: eLearning | Language: English

Learn how to hack websites and web applications like black hat hackers, and learn how to secure them from these hackers.

What Will I Learn?

Set up a lab environment to practice hacking

Install Kali Linux - a penetration testing operating system

Install windows & vulnerable operating systems as virtual machines for testing

Learn linux commands and how to interact with the terminal

Learn linux basics

Understand how websites & web applications work

Understand how browsers communicate with websites

Gather sensitive information about websites

Discover servers, technologies and services used on target website

Discover emails and sensitive data associated with a specific website

Find all subdomains associated with a website

Discover unpublished directories and files associated with a target website

Find all websites hosted on the same server as the target website

Discover, exploit and fix file upload vulnerabilities

Exploit advanced file upload vulnerabilities & gain full control over the target website

Intercepting requests using a proxy

Discover, exploit and fix code execution vulnerabilities

Exploit advanced code execution vulnerabilities & gain full control over the target website

Discover, exploit & fix local file inclusion vulnerabilities

Exploit advanced local file inclusion vulnerabilities & gain full control over the target website

Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website

Discover, fix, and exploit SQL injection vulnerabilities

Bypass login forms and login as admin using SQL injections

Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections

Bypass filtering, and login as admin without password using SQL injections

Adopt SQL queries to discover and exploit SQL injections in more secure pages

Bypass filtering and security measurements

Discover & exploit blind SQL injections

Read / Write files to the server using SQL injections

Gain full control over the target server using SQL injections

Patch SQL injections quickly

Learn the right way to write SQL queries to prevent SQL injections

Discover basic & advanced reflected XSS vulnerabilities

Discover basic & advanced stored XSS vulnerabilities

Discover DOM-based XSS vulnerabilities

How to use BeEF framwork

Hook victims to BeEF using reflected, stored and DOM based XSS vulnerabilities

Steal credentials from hooked victims

Run javascript code on hooked victims

Create an undetectable backdoor

Hack into hooked computers and gain full control over them

Fix XSS vulnerabilities & protect yourself from them as a user

What do we mean by brute force & wordlist attacks

Create a wordlist or a dictionary

Launch a wordlist attack and guess admin's password

Discover all of the above vulnerabilities automatically using a web proxy

Run system commands on the target webserver

Access the file system (navigate between directories, read/write files)

Download, upload files

Bypass security measurements

Access all websites on the same webserver

Connect to the database and execute SQL queries or download the whole database to the local machine

Requirements

Basic IT Skills

Description

Welcome to my comprehensive course on Website & Web applications Hacking! In this course, you will start as a beginner with no previous knowledge about penetration testing or hacking.

This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install needed software to practice penetration testing on your own machine.

Then you will learn what is a website, how does it work, what does it rely on, what do mean by a web server, a database, and how all of these components work together to give us functioning websites,

Once you understand how websites work we will start talking about how can we exploit these components and this method of communication to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level -- by the time you finish, you will be able to launch attacks and test the security of websites and web applications exactly the same way that black hat hackers would do, not only that but you'll be able to fix these vulnerabilities and secure websites from them. All the attacks explained in this course are launched against real devices in my lab.

The course is divided into the three main sections:

1. Information Gathering -

This section will teach you how to gather information about your target website, you will learn how to discover the DNS server used, the services, subdomains, un-published directories, sensitive files, user emails, websites on the same server and even the web hosting provider. This information is crucial as it increases the chances of being able to successfully gain access to the target website.

2. Discovering, Exploiting & Fixing -

In this section you will learn how to discover, exploit and fix a large number of vulnerabilities, this section is divided into a number of sub-sections, each covering a specific vulnerability, firstly you will learn what is that vulnerability and what does it allow us to do, then you will learn how to exploit this vulnerability, and finally we will have a look on the code causing this vulnerability and show you how to fix it and secure the website from it, the following vulnerabilities are covered in the course:

* File upload : This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website .

* Code Execution - This vulnerability allow users to run system code on the target web server, this can be used to execute malicious code and get a reverse shell access which gives the attacker full control over the target web server.

* Local File inclusion - This vulnerability can be used to read any file on the target derver, this can exploited to read sensitive files, we will not stop at that though, you will learn two methods to escalate this vulnerability and get a reverse shell connection which gives you full control over the target web server.

* Remote File inclusion - This vulnerability can be load remote files on the target web server, exploiting this vulnerability properly gives you full control over the target web server.

* SQL Injection- This is one of the biggest sections on the course, this is because this is one of the most dangerous vulnerabilities ever, it is found everywhere, not only that but it can be exploited to do all of the things the above vulnerabilities allow us to and more, so it allows you to login as admin without knowing the password, access the database and get all data stored there such as usernames, passwords, credit cards ....etc, read files stored in the server, write files to the server and even get a reverse shell access which gives you full control over the web server!

* XSS - This vulnerability can be used to run javascript code on users who access the vulnerable pages, we won't stop at that, you will learn how to steal credentials from users (such as facebook or youtube passwords) and even gain full access to their computer. You will learn all three types (reflected, stored and DOM-based).

* Insecure Session Management - In this section you will learn how to exploit insecure session management in web applications and login to other user accounts without knowing their password, you'll also learn how to discover and exploit CSRF (Cross Site Reguest Forgery.

* Brute Force & Dictionary Attacks - In this section you will learn what are these attacks, what is the difference between them and how to launch them, in successful cases you will be able to guess the password for your target login.

3. Post Exploitation -

In this section you will learn what can you do with the access you gained from exploiting the above vulnerabilities, you will learn how to convert reverse shell access to a Weevely access and vice versa, you will also learn how to run system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the whole database to your local machine, you will learn how to bypass security and do all of that even if you did not have permissions to do that!

All the attacks in this course are practical attacks that work against any real websites, in each vulnerability you will learn the basic exploitation, then you will learn advanced methods that will give you more privileges or allow you to bypass security measurements -- You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid casing them.

NOTE: This course is created for educational purposes only and all the attacks are launched in my own lab or against devices that I have permission to test.

Who is the target audience?

Anybody who is interested in learning website & web application hacking / penetration testing

Anybody who wants to learn how hackers hack websites

Anybody who wants to learn how to secure websites & web applications from hacker

Web developers so they can create secure web application & secure their existing ones

Web admins so they can secure their websites

Learn Website Hacking / Penetration Testing From Scratch (Apr. 2018)的图片2

发布日期: 2018-04-21