Website Hacking / Penetration Testing Course
$99.99
Curriculum
- Intro
- Preparation - Creating a Penetration Testing Lab
- Preparation - Linux Basics
- Website Basics
- Information Gathering
- Gathering Information Using Whois Lookup
- Discovering Technologies Used On The Website
- Gathering Comprehensive DNS Information
- Discovering Websites On The Same Server
- Discovering Subdomains
- Discovering Sensitive Files
- Analyzing Discovered Files
- Maltego – Discovering Servers, Domains & Files
- Maltego – Discovering Websites, Hosting Provider & Emails
- File Upload Vulnerabilities
- Code Execution Vulnerabilities
- Local File Inclusion Vulnerabilities (LFI)
- Remote File Inclusion Vulnerabilities (RFI)
- SQL Injection Vulnerabilities
- SQL Injection Vulnerabilities - SQLi In Login Pages
- SQL injection Vulnerabilities - Extracting Data From The Database
- SQL injection Vulnerabilities - Advanced Exploitation
- Discovering & Exploiting Blind SQL Injections
- Discovering Complex SQL Injection Vulnerabilities
- Exploiting an advanced SQL Injection Vulnerability to Extract Passwords
- Bypassing Filters
- Bypassing Security & Accessing All Records
- [Security] Quick Fix To Prevent SQL Injections
- Reading & Writing Files On The Server Using SQL Injection
- Getting A Shell & Controlling The Target Server Using an SQL Injection
- Discovering SQL Injections & Extracting Data Using SQLmap
- Getting a Direct SQL Shell using SQLmap
- [Security] – The Right Way To Prevent SQL Injection Vulnerabilities
- XSS Vulnerabilities
- XSS Vulnerabilities - Exploitation
- Installing Windows As a Virtual Machine
- Installing Windows as a Virtual Machine on Apple Silicon Computers
- Hooking Victims To BeEF Using Reflected XSS
- Hooking Victims To BeEF Using Stored XSS
- Interacting With Hooked Targets
- Running Basic Commands On Victims
- Stealing Credentials/Passwords Using A Fake Login Prompt
- Bonus – Installing Veil Framework
- Bonus – Veil Overview & Payloads Basics
- Bonus – Generating An Undetectable Backdoor Using Veil 3
- Bonus – Listening For Incoming Connections
- Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10
- Gaining Full Control Over Windows Target
- [Security] Fixing XSS Vulnerabilities
- Insecure Session Management
- Logging In As Admin Without a Password By Manipulating Cookies
- Discovering Cross Site Request Forgery Vulnerabilities (CSRF)
- Exploiting CSRF To Change Admin Password Using a HTML File
- Exploiting CSRF Vulnerabilities To Change Admin Password Using Link
- [Security] The Right Way To Prevent CSRF Vulnerabilities
- Brute Force & Dictionary Attacks
- Discovering Vulnerabilities Automatically Using Owasp ZAP
- Post Exploitation
- Post Exploitation Introduction
- Executing System Commands On Hacked Web Servers
- Escalating Reverse Shell Access To Weevely Shell
- Weevely Basics – Accessing Other Websites, Running Shell Commands …etc
- Bypassing Limited Privileges & Executing Shell Commands
- Downloading Files From Target Webserver
- Uploading Files To Target Webserver
- Getting a Reverse Connection From Weevely
- Accessing The Database
- Conclusion
- Writing a Pentest Report
- 4 Ways to Secure Websites & Apps
- Bonus Section
Your instructor
Dustin Foster
Great easy to follow along with Zaid. Very informative but not so much that you get overwhelmed. I feel many teachers will throw so much at a student that they feel as if they can’t do it and quit. Zaid is excellent for beginners & for anyone just needing to refresh’s on a topic. Highly recommend worth every penny.Ulises Violante
Zaid is a great teacher, and the course is very well thought. Despite the fact I have more than 20 years working on IT, I´ve learned many things with Zaid and sometimes is really amazing how easy it could hack a website.
