Intro 1
- Course Introduction 02 minLecture1.1
Preparation - Creating a Penetration Testing Lab 6
- Lab Overview 06 minLecture2.1
- Initial Preparation 09 minLecture2.2
- Installing Kali Linux as a VM on Windows 09 minLecture2.3
- Installing Kali Linux as a VM on Apple Mac OS 10 minLecture2.4
- Installing Kali Linux as a VM on Linux 11 minLecture2.5
- Installing Metasploitable As a Virtual Machine 04 minLecture2.6
Preparation - Linux Basics 3
- Basic Overview Of Kali Linux 05 minLecture3.1
- The Linux Terminal & Basic Linux Commands 13 minLecture3.2
- Configuring Metasploitable 04 minLecture3.3
Website Basics 2
- What Is a Website? 04 minLecture4.1
- How To Hack a Website? 05 minLecture4.2
Information Gathering 9
- Gathering Information Using Whois Lookup 05 minLecture5.1
- Discovering Technologies Used On The Website 06 minLecture5.2
- Gathering Comprehensive DNS Information 10 minLecture5.3
- Discovering Websites On The Same Server 04 minLecture5.4
- Discovering Subdomains 04 minLecture5.5
- Discovering Sensitive Files 07 minLecture5.6
- Analyzing Discovered Files 04 minLecture5.7
- Maltego – Discovering Servers, Domains & Files 08 minLecture5.8
- Maltego – Discovering Websites, Hosting Provider & Emails 05 minLecture5.9
File Upload Vulnerabilities 6
- How To Discover & Exploit Basic File Upload Vulnerabilities to Hack Websites 07 minLecture6.1
- GET & POST Requests 05 minLecture6.2
- Intercepting Requests 08 minLecture6.3
- Exploiting Advanced File Upload Vulnerabilities To Hack Websites 05 minLecture6.4
- Exploiting More Advanced File Upload Vulnerabilities 06 minLecture6.5
- [Security] Fixing File Upload Vulnerabilities 06 minLecture6.6
Code Execution Vulnerabilities 3
- How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites 07 minLecture7.1
- Exploiting Advanced Code Execution Vulnerabilities 06 minLecture7.2
- [Security] – Fixing Code Execution Vulnerabilities 06 minLecture7.3
Local File Inclusion Vulnerabilities (LFI) 3
- What are they? And How To Discover & Exploit Them 06 minLecture8.1
- Gaining Shell Access From LFI Vulnerabilities – Method 1 07 minLecture8.2
- Gaining Shell Access From LFI Vulnerabilities – Method 2 10 minLecture8.3
Remote File Inclusion Vulnerabilities (RFI) 4
- Remote File Inclusion Vulnerabilities – Configuring PHP Settings 04 minLecture9.1
- Remote File Inclusion Vulnerabilities – Discovery & Exploitation 06 minLecture9.2
- Exploiting Advanced Remote File Inclusion Vulnerabilities To Hack Websites 03 minLecture9.3
- [Security] Fixing File Inclusion Vulnerabilities 06 minLecture9.4
SQL Injection Vulnerabilities 2
- What is SQL 06 minLecture10.1
- Dangers of SQL Injections 03 minLecture10.2
SQL Injection Vulnerabilities - SQLi In Login Pages 4
- Discovering SQL Injections In POST 08 minLecture11.1
- Bypassing Logins Using SQL Injection Vulnerability 05 minLecture11.2
- Bypassing More Secure Logins Using SQL Injections 06 minLecture11.3
- [Security] Preventing SQL Injections In Login Pages 08 minLecture11.4
SQL injection Vulnerabilities - Extracting Data From The Database 4
- Discovering SQL Injections in GET 07 minLecture12.1
- Reading Database Information 05 minLecture12.2
- Finding Database Tables 03 minLecture12.3
- Extracting Sensitive Data Such As Passwords 04 minLecture12.4
SQL injection Vulnerabilities - Advanced Exploitation 11
- Discovering & Exploiting Blind SQL Injections 06 minLecture13.1
- Discovering Complex SQL Injection Vulnerabilities 07 minLecture13.2
- Exploiting an advanced SQL Injection Vulnerability to Extract Passwords 05 minLecture13.3
- Bypassing Filters 05 minLecture13.4
- Bypassing Security & Accessing All Records 08 minLecture13.5
- [Security] Quick Fix To Prevent SQL Injections 07 minLecture13.6
- Reading & Writing Files On The Server Using SQL Injection 06 minLecture13.7
- Getting A Shell & Controlling The Target Server Using an SQL Injection 08 minLecture13.8
- Discovering SQL Injections & Extracting Data Using SQLmap 07 minLecture13.9
- Getting a Direct SQL Shell using SQLmap 03 minLecture13.10
- [Security] – The Right Way To Prevent SQL Injection Vulnerabilities 05 minLecture13.11
XSS Vulnerabilities 6
- Introduction – What is XSS or Cross Site Scripting? 03 minLecture14.1
- Discovering Basic Reflected XSS 04 minLecture14.2
- Discovering Advanced Reflected XSS 04 minLecture14.3
- Discovering An Even More Advanced Reflected XSS 07 minLecture14.4
- Discovering Stored XSS 03 minLecture14.5
- Discovering Advanced Stored XSS 03 minLecture14.6
XSS Vulnerabilities - Exploitation 12
- Hooking Victims To BeEF Using Reflected XSS 06 minLecture15.1
- Hooking Victims To BeEF Using Stored XSS 04 minLecture15.2
- Interacting With Hooked Victims 04 minLecture15.3
- Running Basic Commands On Victims 04 minLecture15.4
- Stealing Credentials/Passwords Using A Fake Login Prompt 02 minLecture15.5
- Bonus – Installing Veil Framework 04 minLecture15.6
- Bonus – Veil Overview & Payloads Basics 07 minLecture15.7
- Bonus – Generating An Undetectable Backdoor Using Veil 3 10 minLecture15.8
- Bonus – Listening For Incoming Connections 07 minLecture15.9
- Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10 07 minLecture15.10
- BeEF – Gaining Full Control Over Windows Target 04 minLecture15.11
- [Security] Fixing XSS Vulnerabilities 07 minLecture15.12
Insecure Session Management 5
- Logging In As Admin Without a Password By Manipulating Cookies 06 minLecture16.1
- Discovering Cross Site Request Forgery Vulnerabilities (CSRF) 07 minLecture16.2
- Exploiting CSRF To Change Admin Password Using a HTML File 07 minLecture16.3
- Exploiting CSRF Vulnerabilities To Change Admin Password Using Link 06 minLecture16.4
- [Security] The Right Way To Prevent CSRF Vulnerabilities 09 minLecture16.5
Brute Force & Dictionary Attacks 3
- Introduction to Brute Force & Dictionary Attacks? 04 minLecture17.1
- Creating a Wordlist 06 minLecture17.2
- Guessing Login Password Using a Wordlist Attack With Hydra 13 minLecture17.3
Discovering Vulnerabilities Automatically Using Owasp ZAP 2
- Scanning Target Website For Vulnerabilities 04 minLecture18.1
- Analysing Scan Results 04 minLecture18.2
Post Exploitation 11
- Post Exploitation Introduction 04 minLecture19.1
- Executing System Commands On Hacked Web Servers 07 minLecture19.2
- Escalating Reverse Shell Access To Weevely Shell 08 minLecture19.3
- Weevely Basics – Accessing Other Websites, Running Shell Commands …etc 06 minLecture19.4
- Bypassing Limited Privileges & Executing Shell Commands 05 minLecture19.5
- Downloading Files From Target Webserver 05 minLecture19.6
- Uploading Files To Target Webserver 08 minLecture19.7
- Getting a Reverse Connection From Weevely 08 minLecture19.8
- Accessing The Database 09 minLecture19.9
- Conclusion 05 minLecture19.10
- Writing a Pentest Report 14 minLecture19.11
Bonus Section 1
- Bonus Lecture – What’s Next?Lecture20.1
Post Exploitation Introduction
In this lecture we will talk about what you will learn in this section and show you where we will start from.
Resources:
