Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Learn Website Hacking From Scratch
Introduction
Course Introduction (2:13)
First Section
Lab Overview & Needed Software (7:48)
Installing Kali 2020 As a Virtual Machine Using a Ready Image (10:34)
Installing Metasploitable As a Virtual Machine (4:10)
Installing Windows As a Virtual Machine (3:22)
Preparation - Linux Basics
Basic Overview Of Kali Linux (4:37)
The Linux Terminal & Basic Linux Commands (9:07)
Configuring Metasploitable & Lab Network Settings (5:38)
Website Basics
What is a Website? (4:13)
How To Hack a Website ? (5:31)
Information Gathering
Gathering Information Using Whois Lookup (4:41)
Discovering Technologies Used On The Website (6:03)
Gathering Comprehensive DNS Information (7:01)
Discovering Websites On The Same Server (3:43)
Discovering Subdomains (5:06)
Discovering Sensitive Files (7:26)
Analysing Discovered Files (4:17)
Maltego - Discovering Servers, Domains & Files (7:43)
Maltego - Discovering Websites, Hosting Provider & Emails (4:49)
File Upload Vulnerabilities
What are they? And How To Discover & Exploit Basic File Upload Vulnerabilites (6:44)
HTTP Requests - GET & POST (4:13)
Intercepting HTTP Requests (6:46)
Exploiting Advanced File Upload Vulnerabilities (4:37)
Exploiting More Advanced File Upload Vulnerabilities (4:22)
[Security] Fixing File Upload Vulnerabilities (6:22)
Code Execution Vulnerabilities
What are they? & How To Discover & Exploit Basic Code Execution Vulnerabilities (7:26)
Exploiting Advanced Code Execution Vulnerabilities (6:06)
[Security] - Fixing Code Execution Vulnerabilities (5:49)
Local File Inclusion Vulnerabilities (LFI)
What are they? And How To Discover & Exploit Them (5:49)
Gaining Shell Access From LFI Vulnerabilities - Method 1 (7:10)
Gaining Shell Access From LFI Vulnerabilities - Method 2 (10:38)
Remote File Inclusion Vulnerabilities (RFI)
Remote File Inclusion Vulnerabilities - Configuring PHP Settings
Remote File Inclusion Vulnerabilities - Discovery & Exploitation (5:44)
Exploiting Advanced Remote File Inclusion Vulnerabilities (2:50)
[Security] Fixing File Inclusion Vulnerabilities (5:55)
SQL Injection Vulnerabilities
What is SQL (5:48)
Dangers of SQL Injections (2:53)
SQL Injection Vulnerabilities - SQLi In Login Pages
Discovering SQL Injections In POST (7:56)
Bypassing Logins Using SQL Injection Vulnerability (4:49)
Bypassing More Secure Logins Using SQL Injections (6:24)
[Security] Preventing SQL Injections In Login Pages (7:43)
SQL injection Vulnerabilities - Extracting Data From The Database
Discovering SQL Injections in GET (7:01)
Reading Database Information (5:26)
Finding Database Tables (3:34)
Extracting Sensitive Data Such As Passwords (4:31)
SQL injection Vulnerabilities - Advanced Exploitation
Discovering & Exploiting Blind SQL Injections (5:53)
Discovering a More Complicated SQL Injection (7:21)
Extracting Data (passwords) By Exploiting a More Difficult SQL Injection (4:47)
Bypassing Filters (4:48)
Bypassing Security & Accessing All Records (8:36)
[Security] Quick Fix To Prevent SQL Injections (6:43)
Reading & Writing Files On The Server Using SQL Injection Vulnerability (5:58)
Getting A Reverse Shell Access & Gaining Full Control Over The Target Web Server (8:27)
Discoverting SQL Injections & Extracting Data Using SQLmap (6:47)
Getting a Direct SQL Shell using SQLmap (2:58)
[Security] - The Right Way To Prevent SQL Injection (4:58)
XSS Vulnerabilities
Introduction - What is XSS or Cross Site Scripting? (3:09)
Discovering Basic Reflected XSS (3:47)
Discovering Advanced Reflected XSS (4:34)
Discovering An Even More Advanced Reflected XSS (7:04)
Discovering Stored XSS (2:56)
Discovering Advanced Stored XSS (3:36)
XSS Vulnerabilities - Exploitation
Hooking Victims To BeEF Using Reflected XSS (5:41)
Hooking Victims To BeEF Using Stored XSS (4:09)
BeEF - Interacting With Hooked Victims (3:56)
BeEF - Running Basic Commands On Victims (4:24)
BeEF - Stealing Credentials/Passwords Using A Fake Login Prompt (2:17)
bonus - installing veil framework (6:20)
Bonus - Veil Overview & Payloads Basics (7:22)
Bonus - Generating An Undetectable Backdoor Using Veil 3 (9:46)
Bonus - Listening For Incoming Connections (7:20)
Bonus - Using A Basic Deliver Method To Test The Backdoor & Hack Windows 10 (7:14)
BeEF - Gaining Full Control Over Windows Target (3:40)
[Security] Fixing XSS Vulnerabilities (7:17)
Insecure Session Management
Logging In As Admin Without a Password By Manipulating Cookies (6:07)
Discovering Cross Site Request Forgery Vulnerabilities (CSRF) (6:46)
Exploiting CSRF Vulnerabilities To Change Admin Password Using a HTML File (7:00)
Exploiting CSRF Vulnerabilities To Change Admin Password Using Link (5:40)
[Security] The Right Way To Prevent CSRF Vulnerabilities (8:45)
Brute Force & Dictionary Attacks
What Are Brute Force & Dictionary Attacks? (3:44)
Creating a Wordlist (6:35)
Launching a Wordlist Attack & Guessing Login Password Using Hydra (13:32)
Discovering Vulnerabilities Automatically Using Owasp ZAP
Scanning Target Website For Vulnerabilities (4:11)
Analysing Scan Results (4:19)
Post Exploitation
Post Exploitation Introduction (3:58)
Interacting With The Reverse Shell Access Obtained In Previous Lectures (6:59)
Escalating Reverse Shell Access To Weevely Shell (7:52)
Weevely Basics - Accessing Other Websites, Running Shell Commands ...etc (4:54)
Bypassing Limited Privileges & Executing Shell Commands (6:32)
Downloading Files From Target Webserver (4:39)
Uploading Files To Target Webserver (7:53)
Getting a Reverse Connection From Weevely (7:46)
Accessing The Database (8:53)
Logging In As Admin Without a Password By Manipulating Cookies
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock