Become a bug bounty hunter! Hack websites & web applications like black hat hackers and secure them like experts.
The contents of this course are not covered in any of my other courses except for some basics. Although website hacking is covered in one of my other courses, that course only covers the basics where this course dives much deeper in this topic covering more techniques, more vulnerabilities, advanced exploitation, advanced post exploitation, bypassing security and more!
Welcome to my this comprehensive course on Website penetration testing. In this course you’ll learn website / web applications hacking & Bug Bounty hunting! This course assumes you have NO prior knowledge in hacking, and by the end of it you’ll be at a high level, being able to hack & discover bugs in websites like black-hat hackers and secure them like security experts!
This course is highly practical but it won’t neglect the theory, first you’ll learn how to install the needed software (on Windows, Linux and Mac OS X) and then we’ll start with websites basics, the different components that make a website, the technologies used, and then we’ll dive into website hacking straight away. From here onwards you’ll learn everything by example, by discovering vulnerabilities and exploiting them to hack into websites, so we’ll never have any dry boring theoretical lectures.
Before jumping into hacking, you’ll first learn how to gather comprehensive information about the target website, then the course is divided into a number of sections, each section covers how to discover, exploit and mitigate a common web application vulnerability, for each vulnerability you will first learn the basic exploitation, then you will learn advanced techniques to bypass security, escalate your privileges, access the database, and even use the hacked websites to hack into other websites on the same server.
All of the vulnerabilities covered here are very common in bug bounty programs, and most of them are part of the OWASP top 10.
You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid causing them.
Here’s a more detailed breakdown of the course content:
1. Information Gathering – In this section you’ll learn how to gather information about a target website, you’ll learn how to discover its DNS information, the services used, subdomains, un-published directories, sensitive files, user emails, websites on the same server and even the hosting provider. This information is crucial as it increases the chances of being able to successfully gain access to the target website.
2. Discovery, Exploitation & Mitigation – In this section you will learn how to discover, exploit and mitigate a large number of vulnerabilities, this section is divided into a number of sub-sections, each covering a specific vulnerability, firstly you will learn what is that vulnerability and what does it allow us to do, then you will learn how to exploit this vulnerability and bypass security, and finally we will analyse the code causing this vulnerability and see how to fix it, the following vulnerabilities are covered in the course
Creating a Penetration Testing Lab
- Gathering Infomation using Whois Lookup
- Discovering Technologies Used on the Website
- Gathering Comprehensive DNS information
- Discovering Websites on the same Server
- Discovering Subdomains
- Discovering Sensitive Files
- Maltego-Discovering Servers, Domains & Files
- Maltego-Discovering, Websites, Hosting Provider & Emails
File Upload Vulnerabilities
Code Execution Vulnerabilities
Local File Inclusion Vulnerabilities (LFI)
Remote File Inclusion Vulnerabilities (RFI)
SQL Injection Vulnerabilities
SQL Injection Vulnerabilities - SQLi in Login Pages
SQL Injection Vulnerabilities - Extracting Data From The Database
SQL Injection Vulnerabilities - Advanced Exploitation
- Discovering & Exploiting Blind SQL Injections
- Discovering Complex SQL Injection Vulnerabilities
- Exploiting an advanced SQL Injection Vulnerability to Extract Passwords
- Bypassing Filters
- Bypassing Security & Accessing All Records
- Reading & Writing Files on the Server Using SQL Injections
- Quick Fix to Prevent SQL Injections [Security]
- Reading & Writing Files On The Server Using SQL Injections
- Getting A Shell & Controlling The Target Server Using an SQL Injection
- Discovering SQL Injections & Extracting Data Using SQLmap
- Getting a Direct SQL Shell using SQLmap
- The Right Way To Prevent SQL Injection Vulnerabilties
XSS Vulnerabilties Exploitation
- Hooking Victims To BeEF Using Reflected XSS
- Hooking Victims To BeEF Using Stored XSS
- Interacting With Hooked Targets
- Running Basic Commands On Victims
- Stealing Credentials/Passwords Using A Fake Login Prompt
- Installing Veil Framework
- Veil Overview & Payloads Basics
- Generating An Undetectable Backdoor Using Veil 3
- Listening For Incoming Connections
- Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10
- Gaining Full Control Over Windows
- Fixing XSS Vulnerabilties [Security]
Brute Force & Dictionary Attacks
Discovering Vulnerabilities Automatically Using Owasp ZAP
Insecure Session Management
- Post Exploitation Introducation
- Executing System Commands On Hacked Web Servers
- Escalating Reverse Shell Access To Weevely Shell
- Weevely Basics – Accessing Other Websites, Running Shell Commands.
- Bypassing Limited Privileges & Executing Shell Commands
- Downloading Files From Target Webserver
- Uploading Files To Target Webserver
- Getting a Reverse Connection From Weevely
- Accessing The Database