O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Learn Website Hacking / Penetration Testing From Scratch

Video Description

Learn website hacking and penetration testing from scratch

About This Video

  • Learn how to gather information about your target website and discover, exploit and fix a large number of vulnerabilities.
  • Learn what can you do with the access you gained from exploiting these vulnerabilities and much more.

In Detail

Welcome to this comprehensive course on website and web application hacking! In this course, you will start as a beginner with no previous knowledge about penetration testing or hacking. This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install the required software to practice penetration testing on your own machine. Then you will learn about websites, how they work, what they rely on, what is meant by a web server, a database, and how all of these components work together to give us functioning websites. Once you understand how websites work we will start talking about how can we exploit these components and this method of communication to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level. By the time you finish, you will be able to launch attacks and test the security of websites and web applications in exactly the same way that black hat hackers would do, fix these vulnerabilities, and secure websites from them. All the attacks in this course are practical attacks that work against any real websites. For each vulnerability you will learn the basic exploitation, then you will learn advanced methods that will give you more privileges or allow you to bypass security measurements.

Table of Contents

  1. Chapter 1 : Course Introduction
    1. Course Introduction 00:02:13
  2. Chapter 2 : Preparation - Creating a Penetration Testing Lab
    1. Lab Overview & Needed Software 00:03:26
    2. Installing Kali 2018 as a Virtual Machine Using a Ready Image 00:08:31
    3. Installing Metasploitable as a Virtual Machine 00:04:11
    4. Installing Windows As a Virtual Machine 00:03:22
  3. Chapter 3 : Preparation - Linux Basics
    1. Basic Overview of Kali Linux 00:04:37
    2. The Linux Terminal & Basic Linux Commands 00:09:07
    3. Configuring Metasploitable & Lab Network Settings 00:05:38
  4. Chapter 4 : Website Basics
    1. What is a Website? 00:04:14
    2. How to Hack a Website? 00:05:31
  5. Chapter 5 : Information Gathering
    1. Gathering Information Using Whois Lookup 00:04:41
    2. Discovering Technologies Used On the Website 00:06:04
    3. Gathering Comprehensive DNS Information 00:05:58
    4. Discovering Websites on the Same Server 00:03:43
    5. Discovering Subdomains 00:05:06
    6. Discovering Sensitive Files 00:07:26
    7. Analysing Discovered Files 00:04:18
    8. Maltego - Discovering Servers, Domains & Files 00:07:43
    9. Maltego - Discovering Websites, Hosting Provider & Emails 00:04:49
  6. Chapter 6 : File Upload Vulnerabilities
    1. What are they? And How to Discover & Exploit Basic File Upload Vulnerabilities 00:06:44
    2. HTTP Requests - GET & POST 00:04:13
    3. Intercepting HTTP Requests 00:06:45
    4. Exploiting Advanced File Upload Vulnerabilities 00:04:37
    5. Exploiting More Advanced File Upload Vulnerabilities 00:04:22
    6. [Security] Fixing File Upload Vulnerabilities 00:06:22
  7. Chapter 7 : Code Execution Vulnerabilities
    1. What are they? & How to Discover & Exploit Basic Code Execution Vulnerabilities 00:07:26
    2. Exploiting Advanced Code Execution Vulnerabilities 00:06:06
    3. [Security] - Fixing Code Execution Vulnerabilities 00:05:48
  8. Chapter 8 : Local File Inclusion Vulnerabilities (LFI)
    1. What are they? And How to Discover & Exploit Them 00:05:49
    2. Gaining Shell Access from LFI Vulnerabilities - Method 1 00:07:11
    3. Gaining Shell Access from LFI Vulnerabilities - Method 2 00:10:38
  9. Chapter 9 : Remote File Inclusion Vulnerabilities (RFI)
    1. Remote File Inclusion Vulnerabilities - Configuring PHP Settings 00:03:46
    2. Remote File Inclusion Vulnerabilities - Discovery & Exploitation 00:05:44
    3. Exploiting Advanced Remote File Inclusion Vulnerabilities 00:02:50
    4. [Security] Fixing File Inclusion Vulnerabilities 00:05:55
  10. Chapter 10 : SQL Injection Vulnerabilities
    1. What is SQL? 00:05:48
    2. Dangers of SQL Injections 00:02:54
  11. Chapter 11 : SQL Injection Vulnerabilities - SQLi In Login Pages
    1. Discovering SQL Injections In POST 00:07:56
    2. Bypassing Logins Using SQL Injection Vulnerability 00:04:49
    3. Bypassing More Secure Logins Using SQL Injections 00:06:25
    4. [Security] Preventing SQL Injections in Login Pages 00:07:44
  12. Chapter 12 : SQL injection Vulnerabilities - Extracting Data from the Database
    1. Discovering SQL Injections in GET 00:07:02
    2. Reading Database Information 00:05:26
    3. Finding Database Tables 00:03:34
    4. Extracting Sensitive Data Such As Passwords 00:04:29
  13. Chapter 13 : SQL injection Vulnerabilities - Advanced Exploitation
    1. Discovering & Exploiting Blind SQL Injections 00:05:54
    2. Discovering a More Complicated SQL Injection 00:07:22
    3. Extracting Data (passwords) By Exploiting a More Difficult SQL Injection 00:04:48
    4. Bypassing Security & Accessing All Records 00:04:49
    5. Bypassing Filters 00:07:20
    6. [Security] Quick Fix to Prevent SQL Injections 00:06:44
    7. Reading & Writing Files on The Server Using SQL Injection Vulnerability 00:05:58
    8. Getting a Reverse Shell Access & Gaining Full Control Over The Target Web Server 00:08:27
    9. Discovering SQL Injections & Extracting Data Using SQLmap 00:06:48
    10. Getting a Direct SQL Shell using SQLmap 00:02:58
    11. [Security] - The Right Way to Prevent SQL Injection 00:04:58
  14. Chapter 14 : XSS Vulnerabilities
    1. Introduction - What is XSS or Cross Site Scripting? 00:03:09
    2. Discovering Basic Reflected XSS 00:03:47
    3. Discovering Advanced Reflected XSS 00:04:35
    4. Discovering An Even More Advanced Reflected XSS 00:07:05
    5. Discovering Stored XSS 00:02:57
    6. Discovering Advanced Stored XSS 00:03:36
    7. Discovering Dom Based XSS 00:06:33
  15. Chapter 15 : XSS Vulnerabilities – Exploitation
    1. Hooking Victims to BeEF Using Reflected XSS 00:05:42
    2. Hooking Victims to BeEF Using Stored XSS 00:04:09
    3. BeEF - Interacting With Hooked Victims 00:03:56
    4. BeEF - Running Basic Commands On Victims 00:04:24
    5. BeEF - Stealing Credentials/Passwords Using A Fake Login Prompt 00:02:17
    6. Bonus - Installing Veil 3 00:07:50
    7. Bonus - Veil Overview & Payloads Basics 00:07:20
    8. Bonus - Generating an Undetectable Backdoor Using Veil 3 00:09:44
    9. Bonus - Listening For Incoming Connections 00:07:19
    10. Bonus - Using a Basic Delivery Method to Test the Backdoor & Hack Windows 10 00:07:12
    11. BeEF - Gaining Full Control over Windows Target 00:03:40
    12. [Security] Fixing XSS Vulnerabilities 00:07:17
  16. Chapter 16 : Insecure Session Management
    1. Logging In As Admin without a Password by Manipulating Cookies 00:06:06
    2. Discovering Cross Site Request Forgery Vulnerabilities (CSRF) 00:06:46
    3. Exploiting CSRF Vulnerabilities to Change Admin Password Using a HTML File 00:07:00
    4. Exploiting CSRF Vulnerabilities To Change Admin Password Using Link 00:05:41
    5. [Security] The Right Way to Prevent CSRF Vulnerabilities 00:09:20
  17. Chapter 17 : Brute Force & Dictionary Attacks
    1. What Are Brute Force & Dictionary Attacks? 00:03:45
    2. Creating a Wordlist 00:06:35
    3. Launching a Wordlist Attack & Guessing Login Password Using Hydra 00:13:32
  18. Chapter 18 : Discovering Vulnerabilities Automatically Using Owasp ZAP
    1. Scanning Target Website for Vulnerabilities 00:04:19
    2. Analysing Scan Results 00:04:11
  19. Chapter 19 : Post Exploitation
    1. Post Exploitation Introduction 00:03:59
    2. Interacting With the Reverse Shell Access Obtained In Previous Lectures 00:06:59
    3. Escalating Reverse Shell Access to Weevely Shell 00:07:53
    4. Weevely Basics - Accessing Other Websites, Running Shell Commands ...etc 00:06:32
    5. Bypassing Limited Privileges & Executing Shell Commands 00:04:54
    6. Downloading Files from Target Webserver 00:04:40
    7. Uploading Files to Target Webserver 00:07:53
    8. Getting a Reverse Connection from Weevely 00:07:46
    9. Accessing the Database 00:08:53