Learn Website Hacking / Penetration Testing From Scratch – zSecurity

Learn Website Hacking / Penetration Testing From Scratch

Avatar
(0 review)
$190.99 $49.00

Exploiting CSRF Vulnerabilities To Change Admin Password Using Link

Welcome to my comprehensive course on Website & Web applications Hacking! In this course, you will start as a beginner with no previous knowledge about penetration testing or hacking.

This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install needed software to practice penetration testing on your own machine.

Then you will learn what is a website, how does it work, what does it rely on, what do mean by a web server, a database, and how all of these components work together to give us functioning websites,

Once you understand how websites work we will start talking about how can we exploit these components and this method of communication to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level — by the time you finish, you will be able to launch attacks and test the security of websites and web applications exactly the same way that black hat hackers would do, not only that but you’ll be able to fix these vulnerabilities and secure websites from them. All the attacks explained in this course are launched against real devices in my lab.

The course is divided into the three main sections:

1. Information Gathering – This section will teach you how to gather information about your target website, you will learn how to discover the DNS server used, the services, subdomains, un-published directories, sensitive files, user emails, websites on the same server and even the web hosting provider. This information is crucial as it increases the chances of being able to successfully gain access to the target website.

2. Discovering, Exploiting & Fixing – In this section you will learn how to discover, exploit and fix a large number of vulnerabilities, this section is divided into a number of sub-sections, each covering a specific vulnerability, firstly you will learn what is that vulnerability and what does it allow us to do, then you will learn how to exploit this vulnerability, and finally we will have a look on the code causing this vulnerability and show you how to fix it and secure the website from it, the following vulnerabilities are covered in the course:

  •   File upload :  This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website .
  • Code Execution – This vulnerability allow users to run system code on the target web server, this can be used to execute malicious code and get a reverse shell access which gives the attacker full control over the target web server.
  • Local File inclusion – This vulnerability can be used to read any file on the target derver, this can exploited to read sensitive files, we will not stop at that though, you will learn two methods to escalate this vulnerability and get a reverse shell connection which gives you full control over the target web server.
  • Remote File inclusion – This vulnerability can be load remote files on the target web server, exploiting this vulnerability properly gives you full control over the target web server.
  • SQL Injection- This is one of the biggest sections on the course, this is because this is one of the most dangerous vulnerabilities ever, it is found everywhere, not only that but it can be exploited to do all of the things the above vulnerabilities allow us to and more, so it allows you to login as admin without knowing the password, access the database and get all data stored there such as usernames, passwords, credit cards ….etc, read files stored in the server, write files to the server and even get a reverse shell access which gives you full control over the web server!
  • XSS – This vulnerability can be used to run javascript code on users who access the vulnerable pages, we won’t stop at that, you will learn how to steal credentials from users (such as facebook or youtube passwords) and even gain full access to their computer. You will learn all three types (reflected, stored and DOM-based).
  • Insecure Session Management – In this section you will learn how to exploit insecure session management in web applications and login to other user accounts without knowing their password, you’ll also learn how to discover and exploit CSRF (Cross Site Reguest Forgery.
  • Brute Force & Dictionary Attacks – In this section you will learn what are these attacks, what is the difference between them and how to launch them, in successful cases you will be able to guess the password for your target login.

3. Post Exploitation – In this section you will learn what can you do with the access you gained from exploiting the above vulnerabilities, you will learn how to convert reverse shell access to a Weevely access and vice versa, you will also learn how to run system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the whole database to your local machine, you will learn how to bypass security and do all of that even if you did not have permissions to do that!

All the attacks in this course are practical attacks that work against any real websites, in each vulnerability you will learn the basic exploitation, then you will learn advanced methods that will give you more privileges or allow you to bypass security measurements — You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid casing them.

 

Requirements

  • Basic IT Skills
  • No Linux, programming or hacking knowledge required.
  • Computer with a minimum of 4GB ram/memory.
  • Operating System: Windows / OS X / Linux.

 

Who this course is for:

  • Anybody who is interested in learning website & web application hacking / penetration testing.
  • Anybody who wants to learn how hackers hack websites.
  • Anybody who wants to learn how to secure websites & web applications from hacker.
  • Web developers so they can create secure web application & secure their existing ones.
  • Web admins so they can secure their websites.

 

NOTE: This course is created for educational purposes only and all the attacks are launched in my own lab or against devices that I have permission to test.

NOTE: This course is totally a product of Zaid Sabih & zSecurity and No other organization is associated for certification exam for the same.

Course Features

  • Lectures 94
  • Duration 9 hours
  • Skill level All levels
  • Language English
  • Students 11022
  • Assessments Yes
  • 0/1

  • Preparation - Creating a Penetration Testing Lab 0/4

    • Lecture2.1
      Lab Overview & Needed Software
      3m
    • Lecture2.2
      Installing Kali 2019 As a Virtual Machine Using a Ready Image
      8m
    • Lecture2.3
      Installing Metasploitable As a Virtual Machine
      4m
    • Lecture2.4
      Installing Windows As a Virtual Machine
      3m
  • Preparation - Linux Basics 0/3

    • Lecture3.1
      Basic Overview Of Kali Linux
      4m
    • Lecture3.2
      The Linux Terminal & Basic Linux Commands
      9m
    • Lecture3.3
      Configuring Metasploitable & Lab Network Settings
      5m
  • Website Basics 0/2

    • Lecture4.1
      What Is a Website?
      4m
    • Lecture4.2
      How To Hack a Website?
      5m
  • Information Gathering 0/9

    • Lecture5.1
      Gathering Information Using Whois Lookup
      5m
    • Lecture5.2
      Discovering Technologies Used On The Website
      6m
    • Lecture5.3
      Gathering Comprehensive DNS Information
      6m
    • Lecture5.4
      Discovering Websites On The Same Server
      4m
    • Lecture5.5
      Discovering Subdomains
      5m
    • Lecture5.6
      Discovering Sensitive Files
      7m
    • Lecture5.7
      Analyzing Discovered Files
      4m
    • Lecture5.8
      Maltego – Discovering Servers, Domains & Files
      8m
    • Lecture5.9
      Maltego – Discovering Websites, Hosting Provider & Emails
      5m
  • File Upload Vulnerabilities 0/6

  • Code Execution Vulnerabilities 0/3

    • Lecture7.1
      What are they? & How To Discover & Exploit Basic Code Execution Vulnerabilities
      7m
    • Lecture7.2
      Exploiting Advanced Code Execution Vulnerabilities
      6m
    • Lecture7.3
      [Security] – Fixing Code Execution Vulnerabilities
      6m
  • Local File Inclusion Vulnerabilities (LFI) 0/3

  • Remote File Inclusion Vulnerabilities (RFI) 0/4

    • Lecture9.1
      Remote File Inclusion Vulnerabilities – Configuring PHP Settings
      4m
    • Lecture9.2
      Remote File Inclusion Vulnerabilities – Discovery & Exploitation
      6m
    • Lecture9.3
      Exploiting Advanced Remote File Inclusion Vulnerabilities
      3m
    • Lecture9.4
      [Security] Fixing File Inclusion Vulnerabilities
      6m
  • SQL Injection Vulnerabilities 0/2

    • Lecture10.1
      What is SQL
      6m
    • Lecture10.2
      Dangers of SQL Injections
      3m
  • SQL Injection Vulnerabilities - SQLi In Login Pages 0/4

    • Lecture11.1
      Discovering SQL Injections In POST
      8m
    • Lecture11.2
      Bypassing Logins Using SQL Injection Vulnerability
      5m
    • Lecture11.3
      Bypassing More Secure Logins Using SQL Injections
      6m
    • Lecture11.4
      [Security] Preventing SQL Injections In Login Pages
      8m
  • SQL injection Vulnerabilities - Extracting Data From The Database 0/4

    • Lecture12.1
      Discovering SQL Injections in GET
      7m
    • Lecture12.2
      Reading Database Information
      5m
    • Lecture12.3
      Finding Database Tables
      3m
    • Lecture12.4
      Extracting Sensitive Data Such As Passwords
      4m
  • SQL injection Vulnerabilities - Advanced Exploitation 0/11

    • Lecture13.1
      Discovering & Exploiting Blind SQL Injections
      6m
    • Lecture13.2
      Discovering a More Complicated SQL Injection
      7m
    • Lecture13.3
      Extracting Data (passwords) By Exploiting a More Difficult SQL Injection
      5m
    • Lecture13.4
      Bypassing Security & Accessing All Records
      7m
    • Lecture13.5
      Bypassing Filters
      5m
    • Lecture13.6
      [Security] Quick Fix To Prevent SQL Injections
      7m
    • Lecture13.7
      Reading & Writing Files On The Server Using SQL Injection Vulnerability
      6m
    • Lecture13.8
      Getting A Reverse Shell Access & Gaining Full Control Over The Target Web Server
      8m
    • Lecture13.9
      Discovering SQL Injections & Extracting Data Using SQLmap
      7m
    • Lecture13.10
      Getting a Direct SQL Shell using SQLmap
      3m
    • Lecture13.11
      [Security] – The Right Way To Prevent SQL Injection
      5m
  • XSS Vulnerabilities 0/7

    • Lecture14.1
      Introduction – What is XSS or Cross Site Scripting?
      3m
    • Lecture14.2
      Discovering Basic Reflected XSS
      4m
    • Lecture14.3
      Discovering Advanced Reflected XSS
      4m
    • Lecture14.4
      Discovering An Even More Advanced Reflected XSS
      7m
    • Lecture14.5
      Discovering Stored XSS
      3m
    • Lecture14.6
      Discovering Advanced Stored XSS
      3m
    • Lecture14.7
      Discovering Dom Based XSS
      6m
  • XSS Vulnerabilities - Exploitation 0/12

    • Lecture15.1
      Hooking Victims To BeEF Using Reflected XSS
      6m
    • Lecture15.2
      Hooking Victims To BeEF Using Stored XSS
      4m
    • Lecture15.3
      BeEF – Interacting With Hooked Victims
      4m
    • Lecture15.4
      BeEF – Running Basic Commands On Victims
      4m
    • Lecture15.5
      BeEF – Stealing Credentials/Passwords Using A Fake Login Prompt
      2m
    • Lecture15.6
      Installing Veil 3
      8m
    • Lecture15.7
      Bonus – Veil Overview & Payloads Basics
      7m
    • Lecture15.8
      Bonus – Generating An Undetectable Backdoor Using Veil 3
      10m
    • Lecture15.9
      Bonus – Listening For Incoming Connections
      7m
    • Lecture15.10
      Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10
      7m
    • Lecture15.11
      BeEF – Gaining Full Control Over Windows Target
      4m
    • Lecture15.12
      [Security] Fixing XSS Vulnerabilities
      7m
  • Insecure Session Management 0/5

    • Lecture16.1
      Logging In As Admin Without a Password By Manipulating Cookies
      6m
    • Lecture16.2
      Discovering Cross Site Request Forgery Vulnerabilities (CSRF)
      7m
    • Lecture16.3
      Exploiting CSRF Vulnerabilities To Change Admin Password Using a HTML File
      7m
    • Lecture16.4
      Exploiting CSRF Vulnerabilities To Change Admin Password Using Link
      6m
    • Lecture16.5
      [Security] The Right Way To Prevent CSRF Vulnerabilities
      9m
  • Brute Force & Dictionary Attacks 0/3

    • Lecture17.1
      What Are Brute Force & Dictionary Attacks?
      4m
    • Lecture17.2
      Creating a Wordlist
      6m
    • Lecture17.3
      Launching a Wordlist Attack & Guessing Login Password Using Hydra
      13m
  • Discovering Vulnerabilities Automatically Using Owasp ZAP 0/2

    • Lecture18.1
      Scanning Target Website For Vulnerabilities
      4m
    • Lecture18.2
      Analysing Scan Results
      4m
  • Post Exploitation 0/9

    • Lecture19.1
      Post Exploitation Introduction
      4m
    • Lecture19.2
      Interacting With The Reverse Shell Access Obtained In Previous Lectures
      7m
    • Lecture19.3
      Escalating Reverse Shell Access To Weevely Shell
      8m
    • Lecture19.4
      Weevely Basics – Accessing Other Websites, Running Shell Commands …etc
      6m
    • Lecture19.5
      Bypassing Limited Privileges & Executing Shell Commands
      5m
    • Lecture19.6
      Downloading Files From Target Webserver
      5m
    • Lecture19.7
      Uploading Files To Target Webserver
      8m
    • Lecture19.8
      Getting a Reverse Connection From Weevely
      8m
    • Lecture19.9
      Accessing The Database
      9m
Avatar
Zaid Sabih

Ethical Hacker, Pentester & Computer Scientist

My name is Zaid Al-Quraishi, I am an ethical hacker, a computer scientist, and the founder and CTO of zSecurity. I just love hacking and breaking the rules, but don’t get me wrong as I said I am an ethical hacker. I studied computer science in University College Dublin, I graduated in may 2016. I have a very good experience in ethical hacking, I started making video tutorials back in 2009 in an ethical hacking community (iSecuri1ty.org), I also worked as a pentester for the same company. In 2013 I started teaching my first course online in Arabic, this course received amazing feedback which motivated me to create an English version of this course. The english course became the most popular and the top paid course in Udemy for almost a year, this motivated me to make more courses on ethical hacking, now I have a number of courses on ethical hacking and more than 200,000 students on Udemy and other teaching platforms such as StackSocial, StackSkills and zSecurity.

Reviews

Average Rating

0
0 rating

Detailed Rating

5 stars
0
4 stars
0
3 stars
0
2 stars
0
1 star
0
$190.99 $49.00