Learn Website Hacking / Penetration Testing From Scratch

Section 1: Course Introduction

This is the first section in which you will be introduced to the course.

 Course Introduction

1.1 Course Introduction

Get an overview of the structure of the course and what you will learn in it.

Section 2: Preparation - Creating a Penetration Testing Lab

In this section, you will get an overview of the lab setup and the software required for this
course.

 Lab Overview & Needed Software

 Installing Kali 2018 as a Virtual Machine Using a Ready Image
 Installing Metasploitable as a Virtual Machine
 Installing Windows As a Virtual Machine

2.1 Lab Overview & Needed Software

Get an overview of the lab setup required for this course.

2.2 Installing Kali 2018 as a Virtual Machine Using a Ready Image

Know the software required for this course and learn how to install Kali as a virtual machine.

2.3 Installing Metasploitable as a Virtual Machine

Install a vulnerable operating system as a virtual machine to practice penetration testing.

2.4 Installing Windows As a Virtual Machine

Learn how to setup a Windows virtual machine to try and hack into it to practice penetration
testing.

Section 3: Preparation - Linux Basics

In this section, you will get familiar with Kali Linux, basic Linux commands and the network
configuration settings.

 Basic Overview of Kali Linux

  The Linux Terminal & Basic Linux Commands
 Configuring Metasploitable & Lab Network Settings

3.1 Basic Overview of Kali Linux

Get familiar with Kali Linux.

3.2 The Linux Terminal & Basic Linux Commands

Learn how to interact with the Linux terminal and run linux commands.

3.3 Configuring Metasploitable & Lab Network Settings

Learn how to configure the network settings for the lab machines and how to access the
websites that you will attempt to hack from the Kali machine.

Section 4: Website Basics

In this section, you will learn about websites and how to hack them.

 What is a Website?
 How to Hack a Website?

4.1 What is a Website?

Know what a website is, what it contains, and how it works.

4.2 How to Hack a Website?

Learn various methods and approaches that can be used to hack into a website.

Section 5: Information Gathering

In this section, you will learn how to gather information about the target website like the
technologies used, DNS information, other websites on the same server as the target website,
subdomains, and sensitive files and analyze the data collected.

 Gathering Information Using Whois Lookup

 Discovering Technologies Used On the Website
 Gathering Comprehensive DNS Information
 Discovering Websites on the Same Server
 Discovering Subdomains
 Discovering Sensitive Files
 Analysing Discovered Files
  Maltego - Discovering Servers, Domains & Files
 Maltego - Discovering Websites, Hosting Provider & Emails

5.1 Gathering Information Using Whois Lookup

Learn how to gather information about the website/ domain name owner, server IP address,
hosting company and more.

5.2 Discovering Technologies Used On the Website

Discover the technologies used on the target website using Netcraft.

5.3 Gathering Comprehensive DNS Information

Learn how to gather detailed DNS information about the target website such as its DNS records,
resources it shares with other websites and more.

5.4 Discovering Websites on the Same Server

Discover websites on the same server as your target website, to use them to gain access to your
target website.

5.5 Discovering Subdomains

Discover subdomains on the target website using the knock tool.

5.6 Discovering Sensitive Files

Use the Dirb tool to discover files on the target website that contain sensitive data.

5.7 Analysing Discovered Files

Analyze the files you discovered earlier and check the information they contain.

5.8 Maltego - Discovering Servers, Domains & Files

Learn about Maltego, which is a great information gathering tool and use it to discover
domains, websites, servers, and emails associated with your target.

5.9 Maltego - Discovering Websites, Hosting Provider & Emails

Dive deeper into Maltego and learn how to discover more information about the target such as
admins email, hosting company and servers.

Section 6: File Upload Vulnerabilities

In this section, you will learn about File upload vulnerabilities, how to discover and exploit
them, HTTP requests and how to fix file upload vulnerabilities.

 What are they? And How to Discover & Exploit Basic File Upload Vulnerabilities
 HTTP Requests - GET & POST
 Intercepting HTTP Requests
 Exploiting Advanced File Upload Vulnerabilities
 Exploiting More Advanced File Upload Vulnerabilities
 [Security] Fixing File Upload Vulnerabilities

6.1 What are they? And How to Discover & Exploit Basic File Upload Vulnerabilities

Learn how to discover and exploit file upload vulnerabilities to gain control over the target
server.

6.2 HTTP Requests - GET & POST

Learn more about how websites work, how the browser communicates with the web server,
http requests types and how to exploit this method of communication.

6.3 Intercepting HTTP Requests

Intercept and modify GET requests using BURP suit.

6.4 Exploiting Advanced File Upload Vulnerabilities

After learning how to intrercept HTTP requests, you can now exploit a more secure file upload
vulnerability and gain full control over the target web server.

6.5 Exploiting More Advanced File Upload Vulnerabilities

Have a look at an even more secure upload page and learn how to exploit this file upload
functionality and gain full control over the target web server.

6.6 [Security] Fixing File Upload Vulnerabilities

Have a look at the code causing vulnerabilities, learn why they are exploitable, how to fix these
pages and prevent file upload vulnerabilities.

Section 7: Code Execution Vulnerabilities

In this section, you will learn about code execution vulnerabilities, how to discover and exploit
them and also fix them.
  What are they? & How to Discover & Exploit Basic Code Execution Vulnerabilities
 Exploiting Advanced Code Execution Vulnerabilities
 [Security] - Fixing Code Execution Vulnerabilities

7.1 What are they? & How to Discover & Exploit Basic Code Execution Vulnerabilities

Know what code execution vulnerabilities are, learn how to discover and exploit them to get a
reverse shell and gain full control over the target server.

7.2 Exploiting Advanced Code Execution Vulnerabilities

Learn how to exploit some more code execution vulnerabilities to get a reverse shell and gain
full control over the target server.

7.3 [Security] - Fixing Code Execution Vulnerabilities

Explore the code causing vulnerabilities, know why they are exploitable and learn how to fix
them and secure pages from file code execution vulnerabilities.

Section 8: Local File Inclusion Vulnerabilities (LFI)

In this section, you will learn about local file inclusion vulnerabilities, how to discover and
exploit them, to get control over the target web server.

 What are they? And How to Discover & Exploit Them

 Gaining Shell Access from LFI Vulnerabilities - Method 1
 Gaining Shell Access from LFI Vulnerabilities - Method 2

8.1 What are they? And How to Discover & Exploit Them

Learn how to discover and exploit local file inclusion vulnerabilities to read any file on the
target web server.

8.2 Gaining Shell Access from LFI Vulnerabilities - Method 1

Learn how to use local file inclusion to get reverse shell and gain full control over the target
web server.

8.3 Gaining Shell Access from LFI Vulnerabilities - Method 2

Learn another method to use local file inclusion to get reverse shell and gain full control over
the target web server.

Section 9: Remote File Inclusion Vulnerabilities (RFI)

In this section, you will learn about remote file inclusion vulnerabilities, how to discover and
exploit them and also how to fix them.

 Remote File Inclusion Vulnerabilities - Configuring PHP Settings

 Remote File Inclusion Vulnerabilities - Discovery & Exploitation
 Exploiting Advanced Remote File Inclusion Vulnerabilities
 [Security] Fixing File Inclusion Vulnerabilities

9.1 Remote File Inclusion Vulnerabilities - Configuring PHP Settings

Learn how to configure PHP settings to allow remote file inclusion.

9.2 Remote File Inclusion Vulnerabilities - Discovery & Exploitation

Learn how to discover and exploit remote file inclusion vulnerabilities to get a reverse shell and
gain full control over the target server.

9.3 Exploiting Advanced Remote File Inclusion Vulnerabilities

Learn how to discover and exploit some more remote file inclusion vulnerabilities to get a
reverse shell and gain full control over the target server.

9.4 [Security] Fixing File Inclusion Vulnerabilities

Have a look at the code causing vulnerabilities, learn why they are exploitable and how to fix
them and secure pages from file inclusion vulnerabilities.

Section 10: SQL Injection Vulnerabilities

In this section, you will learn why SQL injection vulnerabilities are considered one of the most
dangerous vulnerabilities.

 What is SQL?
 Dangers of SQL Injections

10.1 What is SQL?

Learn about SQL and its use before diving into SQL injection vulnerabilities.

10.2 Dangers of SQL Injections

Learn why SQL injection vulnerabilities are considered one of the most dangerous
vulnerabilities and what it can be used for.
Section 11: SQL Injection Vulnerabilities - SQLi In Login Pages

In this section, you will learn how to discover SQL injections in POST, bypassing logins using SQL
injections and how to prevent them.

 Discovering SQL Injections In POST

 Bypassing Logins Using SQL Injection Vulnerability
 Bypassing More Secure Logins Using SQL Injections
 [Security] Preventing SQL Injections in Login Pages

11.1 Discovering SQL Injections In POST

Learn how to discover SQL injections in text boxes.

11.2 Bypassing Logins Using SQL Injection Vulnerability

Learn how tobypass login formsif the inputs are injectable, this will allow you tologin as any
user without a password.

11.3 Bypassing More Secure Logins Using SQL Injections

Learn how tobypass security measurements in login forms, also learn how tobypass client side
filtering and login as admin without a password.

11.4 [Security] Preventing SQL Injections in Login Pages

Have a look at the code causing vulnerabilities and learn why the vulnerabilities are exploitable
and how to fix them.

Section 12: SQL injection Vulnerabilities - Extracting Data from the Database

In this section, you will learn how to use SQL injection vulnerabilities to obtain database
information and extract sensitive data.

 Discovering SQL Injections in GET

 Reading Database Information
 Finding Database Tables
 Extracting Sensitive Data Such As Passwords

12.1 Discovering SQL Injections in GET

Learn how to discover SQL injections in GET requests i.e. in URL parameters.

12.2 Reading Database Information

Learn how to build a basic SELECT statement to find the database information like, database
user, database name and versions.

12.3 Finding Database Tables

Use the select statement to discover tables on the current database.

12.4 Extracting Sensitive Data Such As Passwords

Use all the discovered information to find the usernames and passwords of all the users on the
website.

Section 13: SQL injection Vulnerabilities - Advanced Exploitation

In this section, you will learn some advanced exploitation techniques using SQL injection
vulnerabilities and how to prevent them.

 Discovering & Exploiting Blind SQL Injections

 Discovering a More Complicated SQL Injection
 Extracting Data (passwords) By Exploiting a More Difficult SQL Injection
 Bypassing Security & Accessing All Records
 Bypassing Filters
 [Security] Quick Fix to Prevent SQL Injections
 Reading & Writing Files on The Server Using SQL Injection Vulnerability
 Getting a Reverse Shell Access & Gaining Full Control Over The Target Web Server
 Discovering SQL Injections & Extracting Data Using SQLmap
 Getting a Direct SQL Shell using SQLmap
 [Security] - The Right Way to Prevent SQL Injection

13.1 Discovering & Exploiting Blind SQL Injections

Learn how to discover and exploit blind SQL injections.

13.2 Discovering a More Complicated SQL Injection

Learn how to discover and exploit more advanced secure injections.

13.3 Extracting Data (passwords) By Exploiting a More Difficult SQL Injection

Learn how to bypass more security measurements and successfully obtain usernames and
passwords stored in the database.
13.4 Bypassing Security & Accessing All Records

Learn how to bypass security by iterating over all the records and access all records together.

13.5 Bypassing Filters

Learn some tricks on bypassing some client-side and server-side filters.

13.6 [Security] Quick Fix to Prevent SQL Injections

Learn a quick method to prevent SQL injections vulnerabilities.

13.7 Reading & Writing Files on The Server Using SQL Injection Vulnerability

Learn how to use SQLi to read or write files to the server.

13.8 Getting a Reverse Shell Access & Gaining Full Control Over The Target Web Server

Learn how to get a reverse shell access and gain control over the target web server using SQL
injection vulnerabiliites.

13.9 Discovering SQL Injections & Extracting Data Using SQLmap

Explore SQLmap that can be used to perform attacks and much more.

13.10 Getting a Direct SQL Shell using SQLmap

Learn how to use SQLmap that can be used to get a system shell where you can directly interact
with the database and run SQL queries.

13.11 [Security] - The Right Way to Prevent SQL Injection

Check the code causing the vulnerabilities; know why the vulnerabilities are exploitable and
how to properly write web applications that are not vulnerable to SQL injections.

Section 14: XSS Vulnerabilities

In this section, you will learn about Cross Site Scripting vulnerabilities and how to discover and
exploit basic and advanced Cross Site Scripting vulnerabilities.

 Introduction - What is XSS or Cross Site Scripting?

 Discovering Basic Reflected XSS
 Discovering Advanced Reflected XSS
 Discovering An Even More Advanced Reflected XSS
 Discovering Stored XSS
  Discovering Advanced Stored XSS
 Discovering Dom Based XSS

14.1 Introduction - What is XSS or Cross Site Scripting?

Learn what are cross side scripting vulnerabilities.

14.2 Discovering Basic Reflected XSS

Learn how to discover and exploit basic reflected XSS vulnerabilities.

14.3 Discovering Advanced Reflected XSS

Learn how to discover and exploit more advanced reflected XSS vulnerabilities.

14.4 Discovering An Even More Advanced Reflected XSS

Learn how to discover and exploit even more advanced reflected XSS vulnerabilities.

14.5 Discovering Stored XSS

Learn about stored XSS vulnerabilities and how to discover them.

14.6 Discovering Advanced Stored XSS

Learn how to discover and exploit advanced stored XSS vulnerabilities.

14.7 Discovering Dom Based XSS

Learn what are Dom based XSS vulnerabilities and how to discover them.

Section 15: XSS Vulnerabilities – Exploitation

In this section, you will learn how to use XSS vulnerabilities to hook targets to BeEF, install the
Veil framework and generate a backdoor with it and also fix the XSS vulnerabilities.

 Hooking Victims to BeEF Using Reflected XSS

 Hooking Victims to BeEF Using Stored XSS
 BeEF - Interacting With Hooked Victims
 BeEF - Running Basic Commands On Victims
 BeEF - Stealing Credentials/Passwords Using A Fake Login Prompt
 Bonus - Installing Veil 3
 Bonus - Veil Overview & Payloads Basics
 Bonus - Generating an Undetectable Backdoor Using Veil 3
 Bonus - Listening For Incoming Connections
  Bonus - Using a Basic Delivery Method to Test the Backdoor & Hack Windows 10
 BeEF - Gaining Full Control over Windows Target
 [Security] Fixing XSS Vulnerabilities

15.1 Hooking Victims to BeEF Using Reflected XSS

Learn how to use reflected XSS vulnerabilities to hook targets to BeEF which is a browser
exploitation framework that allows you to run a large number of commands on hooked
browser. Once victims are hooked you can run all the attacks BeEF allows you to such as
injecting a keylogger or gaining full control over the target machine.

15.2 Hooking Victims to BeEF Using Stored XSS

Learn how to use stored XSS vulnerabilities to hook targets to BeEF. Once victims are hooked
you can run all the attacks BeEF allows you to such as injecting a keylogger or gaining full
control over the target machine.

15.3 BeEF - Interacting With Hooked Victims

Explore the BeEF interface.

15.4 BeEF - Running Basic Commands On Victims

Learn how to run basic commands on the target machine using BeEF.

15.5 BeEF - Stealing Credentials/Passwords Using A Fake Login Prompt

Learn how to use BeEF to display a fake login dialog to the target user and steal the password
they enter.

15.6 Bonus - Installing Veil 3

Learn how to download install the Veil framework.

15.7 Bonus - Veil Overview & Payloads Basics

Get an overview of the Veil framework and its basic commands. Also learn what is payload and
the different types of payloads that can be generated with Veil.

15.8 Bonus - Generating an Undetectable Backdoor Using Veil 3

Learn how to create an undetectable backdoor using Veil that is not detectable by antivirus
programs.
15.9 Bonus - Listening For Incoming Connections

Learn how to listen to incoming connections from the backdoor you created earlier.

15.10 Bonus - Using a Basic Delivery Method to Test the Backdoor & Hack Windows 10

Test the backdoor that you created to ensure that it works as expected.

15.11 BeEF - Gaining Full Control over Windows Target

Use BeEF to create afake notification bartelling the user that there is a new update, the update
is actually a backdoor. Once they install that update, you will gain full control over the target
machine.

15.12 [Security] Fixing XSS Vulnerabilities

Check the code causing the vulnerabilities, learn why they are exploitable, how to fix them and
secure pages from them.

Section 16: Insecure Session Management

In this section, learn how to access accounts by manipulating cookies, exploit CSRF
vulnerabilities and prevent CSRF vulnerabiliites.

 Logging In As Admin without a Password by Manipulating Cookies

 Discovering Cross Site Request Forgery Vulnerabilities (CSRF)
 Exploiting CSRF Vulnerabilities to Change Admin Password Using a HTML File
 Exploiting CSRF Vulnerabilities To Change Admin Password Using Link
 [Security] The Right Way to Prevent CSRF Vulnerabilities

16.1 Logging In As Admin without a Password by Manipulating Cookies

Learn how to login to any account on a website that uses in-secure session management
without knowing the password.

16.2 Discovering Cross Site Request Forgery Vulnerabilities (CSRF)

Learn about cross site request vulnerabilities, why they are dangerous and how to exploit them.

16.3 Exploiting CSRF Vulnerabilities to Change Admin Password Using a HTML File

Learn how to exploit CSRF vulnerabilities, learn how to create a HTML file that can change the
password of the person who opens it without them even knowing.
16.4 Exploiting CSRF Vulnerabilities To Change Admin Password Using Link

Learn a more advanced method to exploit CSRF vulnerabilities, learn how to generate a URL
that would change the password of anybody who clicks on it without the person knowing it.

16.5 [Security] The Right Way to Prevent CSRF Vulnerabilities

Learn the right way to prevent CSRF vulnerabilities.

Section 17: Brute Force & Dictionary Attacks

In this section, you will learn about Brute force and Dictionary attacks, the difference between
them, creating a wordlist and using the Hydra tool to launch attacks.

 What Are Brute Force & Dictionary Attacks?

 Creating a Wordlist
 Launching a Wordlist Attack & Guessing Login Password Using Hydra

17.1 What Are Brute Force & Dictionary Attacks?

Learn what are brute force and dictionary attacks, the difference between them and their uses.

17.2 Creating a Wordlist

Create a wordlist or a dictionary and use it in dictionary attacks.

17.3 Launching a Wordlist Attack & Guessing Login Password Using Hydra

Use Hydra- a tool used to launch brute force attacks, to launch a dictionary attack against a
login page and guess the password.

Section 18: Discovering Vulnerabilities Automatically Using Owasp ZAP

In this section, you will learn how to use the Owasp tool to automatically discover
vulnerabilities and configure a scan against your target website.

 Scanning Target Website for Vulnerabilities

 Analysing Scan Results

18.1 Scanning Target Website for Vulnerabilities

Learn how to use OWasp to automatically discover vulnerabilities and learn how to configure
and start a scan against your target website.
18.2 Analysing Scan Results

Analyse the scan results obtained from the previous lecture.

Section 19: Post Exploitation

This section introduces you to the activities that are done after the website has been exploited.

 Post Exploitation Introduction

 Interacting With the Reverse Shell Access Obtained In Previous Lectures
 Escalating Reverse Shell Access to Weevely Shell
 Weevely Basics - Accessing Other Websites, Running Shell Commands ...etc
 Bypassing Limited Privileges & Executing Shell Commands
 Downloading Files from Target Webserver
 Uploading Files to Target Webserver
 Getting a Reverse Connection from Weevely
 Accessing the Database

19.1 Post Exploitation Introduction

Know what you will learn in this section.

19.2 Interacting With the Reverse Shell Access Obtained In Previous Lectures

Learn how to interact with the reverse shell access obtained by exploiting the vulnerabiliites in
the previous lectures.

19.3 Escalating Reverse Shell Access to Weevely Shell

Learn how to upload files to the target server using the shell access you have.

19.4 Weevely Basics - Accessing Other Websites, Running Shell Commands ...etc

Learn the basics of using the weevely shell like running basic commands, getting system
information and navigate between websites on the same server.

19.5 Bypassing Limited Privileges & Executing Shell Commands

Learn how to bypass limited privileges and execute system commands on the target web server
using Weevely.

19.6 Downloading Files from Target Webserver

Learn how to download files from the target webserver to your machine.
19.7 Uploading Files to Target Webserver

Learn how to upload files like scripts, exploits, etc from your computer to the target web server.

19.8 Getting a Reverse Connection from Weevely

Learn how to get a reverse shell access from a weevely shell.

19.9 Accessing the Database

Learn how to access the database of the webserver you hacked. Find database information and
use it to either connect to the database to run SQL commands or download the whole database
to your local machine.