Intro 1
- Course Introduction 02 minLecture1.1
Preparation - Creating a Penetration Testing Lab 6
- Lab Overview 06 minLecture2.1
- Initial Preparation 09 minLecture2.2
- Installing Kali Linux as a VM on Windows 09 minLecture2.3
- Installing Kali Linux as a VM on Apple Mac OS 10 minLecture2.4
- Installing Kali Linux as a VM on Linux 11 minLecture2.5
- Installing Metasploitable As a Virtual Machine 04 minLecture2.6
Preparation - Linux Basics 3
- Basic Overview Of Kali Linux 05 minLecture3.1
- The Linux Terminal & Basic Linux Commands 13 minLecture3.2
- Configuring Metasploitable 04 minLecture3.3
Website Basics 2
- What Is a Website? 04 minLecture4.1
- How To Hack a Website? 05 minLecture4.2
Information Gathering 9
- Gathering Information Using Whois Lookup 05 minLecture5.1
- Discovering Technologies Used On The Website 06 minLecture5.2
- Gathering Comprehensive DNS Information 10 minLecture5.3
- Discovering Websites On The Same Server 04 minLecture5.4
- Discovering Subdomains 04 minLecture5.5
- Discovering Sensitive Files 07 minLecture5.6
- Analyzing Discovered Files 04 minLecture5.7
- Maltego – Discovering Servers, Domains & Files 08 minLecture5.8
- Maltego – Discovering Websites, Hosting Provider & Emails 05 minLecture5.9
File Upload Vulnerabilities 6
- How To Discover & Exploit Basic File Upload Vulnerabilities to Hack Websites 07 minLecture6.1
- GET & POST Requests 05 minLecture6.2
- Intercepting Requests 08 minLecture6.3
- Exploiting Advanced File Upload Vulnerabilities To Hack Websites 05 minLecture6.4
- Exploiting More Advanced File Upload Vulnerabilities 06 minLecture6.5
- [Security] Fixing File Upload Vulnerabilities 06 minLecture6.6
Code Execution Vulnerabilities 3
- How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites 07 minLecture7.1
- Exploiting Advanced Code Execution Vulnerabilities 06 minLecture7.2
- [Security] – Fixing Code Execution Vulnerabilities 06 minLecture7.3
Local File Inclusion Vulnerabilities (LFI) 3
- What are they? And How To Discover & Exploit Them 06 minLecture8.1
- Gaining Shell Access From LFI Vulnerabilities – Method 1 07 minLecture8.2
- Gaining Shell Access From LFI Vulnerabilities – Method 2 10 minLecture8.3
Remote File Inclusion Vulnerabilities (RFI) 4
- Remote File Inclusion Vulnerabilities – Configuring PHP Settings 04 minLecture9.1
- Remote File Inclusion Vulnerabilities – Discovery & Exploitation 06 minLecture9.2
- Exploiting Advanced Remote File Inclusion Vulnerabilities To Hack Websites 03 minLecture9.3
- [Security] Fixing File Inclusion Vulnerabilities 06 minLecture9.4
SQL Injection Vulnerabilities 2
- What is SQL 06 minLecture10.1
- Dangers of SQL Injections 03 minLecture10.2
SQL Injection Vulnerabilities - SQLi In Login Pages 4
- Discovering SQL Injections In POST 08 minLecture11.1
- Bypassing Logins Using SQL Injection Vulnerability 05 minLecture11.2
- Bypassing More Secure Logins Using SQL Injections 06 minLecture11.3
- [Security] Preventing SQL Injections In Login Pages 08 minLecture11.4
SQL injection Vulnerabilities - Extracting Data From The Database 4
- Discovering SQL Injections in GET 07 minLecture12.1
- Reading Database Information 05 minLecture12.2
- Finding Database Tables 03 minLecture12.3
- Extracting Sensitive Data Such As Passwords 04 minLecture12.4
SQL injection Vulnerabilities - Advanced Exploitation 11
- Discovering & Exploiting Blind SQL Injections 06 minLecture13.1
- Discovering Complex SQL Injection Vulnerabilities 07 minLecture13.2
- Exploiting an advanced SQL Injection Vulnerability to Extract Passwords 05 minLecture13.3
- Bypassing Filters 05 minLecture13.4
- Bypassing Security & Accessing All Records 08 minLecture13.5
- [Security] Quick Fix To Prevent SQL Injections 07 minLecture13.6
- Reading & Writing Files On The Server Using SQL Injection 06 minLecture13.7
- Getting A Shell & Controlling The Target Server Using an SQL Injection 08 minLecture13.8
- Discovering SQL Injections & Extracting Data Using SQLmap 07 minLecture13.9
- Getting a Direct SQL Shell using SQLmap 03 minLecture13.10
- [Security] – The Right Way To Prevent SQL Injection Vulnerabilities 05 minLecture13.11
XSS Vulnerabilities 6
- Introduction – What is XSS or Cross Site Scripting? 03 minLecture14.1
- Discovering Basic Reflected XSS 04 minLecture14.2
- Discovering Advanced Reflected XSS 04 minLecture14.3
- Discovering An Even More Advanced Reflected XSS 07 minLecture14.4
- Discovering Stored XSS 03 minLecture14.5
- Discovering Advanced Stored XSS 03 minLecture14.6
XSS Vulnerabilities - Exploitation 12
- Hooking Victims To BeEF Using Reflected XSS 06 minLecture15.1
- Hooking Victims To BeEF Using Stored XSS 04 minLecture15.2
- Interacting With Hooked Victims 04 minLecture15.3
- Running Basic Commands On Victims 04 minLecture15.4
- Stealing Credentials/Passwords Using A Fake Login Prompt 02 minLecture15.5
- Bonus – Installing Veil Framework 04 minLecture15.6
- Bonus – Veil Overview & Payloads Basics 07 minLecture15.7
- Bonus – Generating An Undetectable Backdoor Using Veil 3 10 minLecture15.8
- Bonus – Listening For Incoming Connections 07 minLecture15.9
- Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10 07 minLecture15.10
- BeEF – Gaining Full Control Over Windows Target 04 minLecture15.11
- [Security] Fixing XSS Vulnerabilities 07 minLecture15.12
Insecure Session Management 5
- Logging In As Admin Without a Password By Manipulating Cookies 06 minLecture16.1
- Discovering Cross Site Request Forgery Vulnerabilities (CSRF) 07 minLecture16.2
- Exploiting CSRF To Change Admin Password Using a HTML File 07 minLecture16.3
- Exploiting CSRF Vulnerabilities To Change Admin Password Using Link 06 minLecture16.4
- [Security] The Right Way To Prevent CSRF Vulnerabilities 09 minLecture16.5
Brute Force & Dictionary Attacks 3
- Introduction to Brute Force & Dictionary Attacks? 04 minLecture17.1
- Creating a Wordlist 06 minLecture17.2
- Guessing Login Password Using a Wordlist Attack With Hydra 13 minLecture17.3
Discovering Vulnerabilities Automatically Using Owasp ZAP 2
- Scanning Target Website For Vulnerabilities 04 minLecture18.1
- Analysing Scan Results 04 minLecture18.2
Post Exploitation 11
- Post Exploitation Introduction 04 minLecture19.1
- Executing System Commands On Hacked Web Servers 07 minLecture19.2
- Escalating Reverse Shell Access To Weevely Shell 08 minLecture19.3
- Weevely Basics – Accessing Other Websites, Running Shell Commands …etc 06 minLecture19.4
- Bypassing Limited Privileges & Executing Shell Commands 05 minLecture19.5
- Downloading Files From Target Webserver 05 minLecture19.6
- Uploading Files To Target Webserver 08 minLecture19.7
- Getting a Reverse Connection From Weevely 08 minLecture19.8
- Accessing The Database 09 minLecture19.9
- Conclusion 05 minLecture19.10
- Writing a Pentest Report 14 minLecture19.11
Bonus Section 1
- Bonus Lecture – What’s Next?Lecture20.1
Maltego – Discovering Websites, Hosting Provider & Emails
In this lecture we will dive deeper into Maltego, you will learn how to discover more info about the target such as admin’s email, hosting company, servers and lay out this information nicely.
