Course details
Welcome to my comprehensive course on Website & Web applicationsHacking!This course assumesyou have NOprior knowledge in hacking and by the end of it you'll be at a high level, being able to hack websites like black-hat hackers and secure them like security experts!
Thiscourse ishighly practical but it won't neglect the theory, first you'll learn how to install the needed software (works on Windows, Linux and Mac OS X) and then we'll start with basics about how websites work, the different components that make a website, the technologies used, and then we'll dive into website hacking straight away. From here onwards you'll learn everything by example, by discovering vulnerabilities and exploiting them to hack into websites, so we'll never have any dry boring theoretical lectures.
Before jumping into hacking, you'll first learn how to gather comprehensive information about your target website, then the course is divided into a number of sections, each section covers how to discover, exploit and mitigate a common web application vulnerability, for each vulnerability you will first learn the basic exploitation, then you will learn advanced techniques to bypass security, escalate your privileges, access the database, and even use the hacked websites to hack into other websites on the same server.
You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid causing them.
Here's a more detailed breakdown of the course content:
1.Information Gathering-In this section you'll learn how to gather information about a target website, you'll learn how to discover the DNS server used, the services, subdomains, un-published directories, sensitive files, useremails, websites on the same server and even the web hosting provider. This information is crucial asit increases the chances of being able to successfully gain access to the target website.
2.Discovering, Exploiting & Mitigation-In this section you will learn how to discover, exploit and mitigate a large number of vulnerabilities, this section is divided into a number of sub-sections, each covering a specific vulnerability, firstly you will learn what is that vulnerability and what does it allow us to do, then you will learn how to exploit this vulnerability and bypass security measurements, and finally we will analyse the code causing this vulnerabilityand see how to fix it, the following vulnerabilities are covered in the course:
File upload: This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives youfull control over the target website.
Code Execution -This vulnerability allow users to run system code on the target web server, this can be used to execute malicious code and get areverse shell accesswhich gives the attackerfull control over the target web server.
Local File inclusion -This vulnerability can be used to read any file on the target server, so it can be exploited toread sensitive files, we will not stop at that though, you will learn two methods toescalatethis vulnerability and get areverse shellconnection which gives youfull control over the targetweb server.
RemoteFile inclusion -This vulnerability can be load remote files on the target web server, exploiting this vulnerability properly gives youfull controlover the target web server.
SQL Injection-This is one of themost dangerousvulnerabilities, it is found everywhere and can be exploited to doall of the things the above vulnerabilities allow us todo and more, so it allows you to login as admin without knowing the password,access the databaseand get all data stored there such as usernames, passwords, credit cards ....etc, read/write files and even get a reverse shell access which gives youfull control over the target server!
Cross Site Scripting (XSS)-This vulnerability can be used to run javascript code on users who access the vulnerable page, we won't stop at that, you will learn how tosteal credentials from users(such as facebook or youtubepasswords) and even gainfull accessto their computer. You will learn all three types (reflected, stored and DOM-based).
Insecure Session Management- In this section you will learn how to exploit insecure session management in web applications and login to other user accounts without knowing their password, you'll also learn how to discover and exploitCSRF (Cross Site Request Forgery) vulnerabilities.
Brute Force & Dictionary Attacks- In this section you will learn what are these attacks, what is the difference between them and how to launch them, in successful cases you will be able toguess the password for a target login page.
3.Post Exploitation -In this section you will learn what can you do with the access you gained from exploiting the above vulnerabilities, you will learn how to convert reverse shell access to a Weevely access and vice versa, you will also learn how to execute system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the wholedatabase to your local machine. You will also learn how to bypass security and do all of that even if you did not have enough permissions!
With this course you'll get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you within 15 hours.
NOTE: This course is created for educational purposes only andall the attacks are launched in my own lab or against devices that I have permission to test.
NOTE: This course is totally a product of Zaid Sabih and no otherorganizationis associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANIZATION IS INVOLVED.
Updated on 14 November, 2018- JavaScript Full stack web developer virtual internship Virtual Bootcamp + Internship at LaimoonAED 1,449Duration: Upto 30 Hours
- Penetration Testing with OWASP ZAP Skill-UpUSD 18Duration: Upto 7 Hours
- USD 18Duration: Upto 20 Hours