Companies Home Search Profile
TrainingHub TrainingHub

Website Hacking / Penetration Testing

Focused View

Zaid Sabih,z Security

10:21:04

174 View
  • 001 Course Introduction.mp4
    02:13
  • 001 Lab Overview & Needed Software.mp4
    05:54
  • 002 Initial Preparation.mp4
    08:55
  • 003 Installing Kali Linux as a VM on Windows.mp4
    08:55
  • 004 Installing Kali Linux as a VM on Apple Mac OS.mp4
    09:38
  • 005 Installing Kali Linux as a VM on Apple M1 Computers.mp4
    09:08
  • 006 Installing Kali Linux as a VM on Linux.mp4
    10:46
  • 007 Installing Metasploitable As a Virtual Machine.mp4
    04:33
  • 7157940-The-Lab.pdf
  • external-assets-links.txt
  • 001 Basic Overview Of Kali Linux.mp4
    05:10
  • 002 The Linux Terminal & Basic Linux Commands.mp4
    13:06
  • 003 Configuring Metasploitable & Lab Network Settings.mp4
    03:45
  • external-assets-links.txt
  • 001 What is a Website.mp4
    04:13
  • 002 How To Hack a Website.mp4
    05:31
  • 7158016-Intro-what-is-a-website.pdf
  • 001 Gathering Information Using Whois Lookup.mp4
    04:41
  • 002 Discovering Technologies Used On The Website.mp4
    06:04
  • 003 Gathering Comprehensive DNS Information.mp4
    10:23
  • 004 Discovering Websites On The Same Server.mp4
    03:43
  • 005 Discovering Subdomains.mp4
    04:09
  • 006 Discovering Sensitive Files.mp4
    07:25
  • 007 Analysing Discovered Files.mp4
    04:17
  • 008 Maltego - Discovering Servers, Domains & Files.mp4
    07:42
  • 009 Maltego - Discovering Websites, Hosting Provider & Emails.mp4
    04:49
  • 7158024-Information-Gathering.pdf
  • external-assets-links.txt
  • 001 How To Discover & Exploit Basic File Upload Vulnerabilities to Hack Websites.mp4
    06:44
  • 002 GET & POST Requests.mp4
    05:20
  • 003 Intercepting Requests.mp4
    08:02
  • 004 Exploiting Advanced File Upload Vulnerabilities To Hack Websites.mp4
    05:09
  • 005 Exploiting More Advanced File Upload Vulnerabilities.mp4
    06:33
  • 006 [Security] Fixing File Upload Vulnerabilities.mp4
    06:22
  • 7158042-File-upload-Code-execution-LFI-RFI-SQLi-XSS.pdf
  • external-assets-links.txt
  • 001 How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites.mp4
    07:26
  • 002 Exploiting Advanced Code Execution Vulnerabilities.mp4
    06:06
  • 003 [Security] - Fixing Code Execution Vulnerabilities.mp4
    05:47
  • 7158050-code-execution-reverse-shell-commands.txt
  • 001 What are they And How To Discover & Exploit Them.mp4
    05:49
  • 002 Gaining Shell Access From LFI Vulnerabilities - Method 1.mp4
    06:46
  • 003 Gaining Shell Access From LFI Vulnerabilities - Method 2.mp4
    10:37
  • 001 Remote File Inclusion Vulnerabilities - Configuring PHP Settings.mp4
    03:46
  • 002 Remote File Inclusion Vulnerabilities - Discovery & Exploitation.mp4
    05:44
  • 003 Exploiting Advanced Remote File Inclusion Vulnerabilities To Hack Websites.mp4
    02:49
  • 004 [Security] Fixing File Inclusion Vulnerabilities.mp4
    05:54
  • 001 What is SQL.mp4
    05:48
  • 002 Dangers of SQL Injections.mp4
    02:54
  • 001 Discovering SQL Injections In POST.mp4
    07:56
  • 002 Bypassing Logins Using SQL Injection Vulnerability.mp4
    04:49
  • 003 Bypassing More Secure Logins Using SQL Injections.mp4
    06:24
  • 004 [Security] Preventing SQL Injections In Login Pages.mp4
    07:43
  • external-assets-links.txt
  • 001 Discovering SQL Injections in GET.mp4
    07:02
  • 002 Reading Database Information.mp4
    05:26
  • 003 Finding Database Tables.mp4
    03:34
  • 004 Extracting Sensitive Data Such As Passwords.mp4
    04:29
  • 001 Discovering & Exploiting Blind SQL Injections.mp4
    05:53
  • 002 Discovering Complex SQL Injection Vulnerabilities.mp4
    07:21
  • 003 Exploiting an advanced SQL Injection Vulnerability to Extract Passwords.mp4
    04:47
  • 004 Bypassing Filters.mp4
    04:48
  • 005 Bypassing Security & Accessing All Records.mp4
    08:36
  • 006 [Security] Quick Fix To Prevent SQL Injections.mp4
    06:43
  • 007 Reading & Writing Files On The Server Using SQL Injections.mp4
    05:58
  • 008 Getting A Shell & Controlling The Target Server Using an SQL Injection.mp4
    08:26
  • 009 Discovering SQL Injections & Extracting Data Using SQLmap.mp4
    06:47
  • 010 Getting a Direct SQL Shell using SQLmap.mp4
    02:57
  • 011 [Security] - The Right Way To Prevent SQL Injection Vulnerabilites.mp4
    04:58
  • 7158198-sqli-tips.txt
  • 7158200-sqli-quries.txt
  • 001 Introduction - What is XSS or Cross Site Scripting.mp4
    03:09
  • 002 Discovering Basic Reflected XSS.mp4
    03:46
  • 003 Discovering Advanced Reflected XSS.mp4
    04:34
  • 004 Discovering An Even More Advanced Reflected XSS.mp4
    07:04
  • 005 Discovering Stored XSS.mp4
    02:57
  • 006 Discovering Advanced Stored XSS.mp4
    03:36
  • external-assets-links.txt
  • 001 Installing Windows As a Virtual Machine.mp4
    06:09
  • 002 Hooking Victims To BeEF Using Reflected XSS.mp4
    05:41
  • 003 Hooking Victims To BeEF Using Stored XSS.mp4
    04:09
  • 004 Interacting With Hooked Targets.mp4
    03:56
  • 005 Running Basic Commands On Victims.mp4
    04:24
  • 006 Stealing CredentialsPasswords Using A Fake Login Prompt.mp4
    02:17
  • 007 Bonus - Installing Veil Framework.mp4
    03:56
  • 008 Bonus - Veil Overview & Payloads Basics.mp4
    07:20
  • 009 Bonus - Generating An Undetectable Backdoor Using Veil 3.mp4
    10:19
  • 010 Bonus - Listening For Incoming Connections.mp4
    07:18
  • 011 Bonus - Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10.mp4
    07:12
  • 012 Gaining Full Control Over Windows Target.mp4
    03:40
  • 013 [Security] Fixing XSS Vulnerabilities.mp4
    07:17
  • 32970850-install-veil.zip
  • 33871610-install-veil-kali-2021.zip
  • external-assets-links.txt
  • 001 Logging In As Admin Without a Password By Manipulating Cookies.mp4
    06:05
  • 002 Discovering Cross Site Request Forgery Vulnerabilities (CSRF).mp4
    06:46
  • 003 Exploiting CSRF To Change Admin Password Using a HTML File.mp4
    07:00
  • 004 Exploiting CSRF Vulnerabilities To Change Admin Password Using Link.mp4
    05:40
  • 005 [Security] The Right Way To Prevent CSRF Vulnerabilities.mp4
    09:19
  • 001 Introduction to Brute Force & Dictionary Attacks.mp4
    03:44
  • 002 Creating a Wordlist.mp4
    06:35
  • 003 Guessing Login Password Using a Wordlist Attack With Hydra.mp4
    13:32
  • 22398107-Some-Links-To-Wordlists-1.txt
  • 001 Scanning Target Website For Vulnerabilities.mp4
    04:19
  • 002 Analysing Scan Results.mp4
    04:11
  • 001 Post Exploitation Introduction.mp4
    03:58
  • 002 Executing System Commands On Hacked Web Servers.mp4
    06:59
  • 003 Escalating Reverse Shell Access To Weevely Shell.mp4
    07:52
  • 004 Weevely Basics - Accessing Other Websites, Running Shell Commands ...etc.mp4
    06:32
  • 005 Bypassing Limited Privileges & Executing Shell Commands.mp4
    04:53
  • 006 Downloading Files From Target Webserver.mp4
    04:39
  • 007 Uploading Files To Target Webserver.mp4
    07:53
  • 008 Getting a Reverse Connection From Weevely.mp4
    07:46
  • 009 Accessing The Database.mp4
    08:53
  • 010 Conclusion.mp4
    05:20
  • 011 Writing a Pentest Report.mp4
    13:48
  • 012 4 Ways to Secure Websites & Apps.mp4
    09:23
  • 7180134-Post-Exploitation.pdf
  • 33871920-Sample-Pentest-Report.docx
  • 37099704-bug-bounty-platforms.txt
  • external-assets-links.txt
  • 001 Bonus Lecture - Discounts.html
    •

    Description

    Hack websites & web applications like black hat hackers and secure them like experts.

    What You'll Learn?

    • 90+ Videos to take you from a beginner to advanced in website hacking.
    • Create a hacking lab & needed software (on Windows, OS X and Linux).
    • Become a bug bounty hunters & discover bug bounty bugs!
    • Discover, exploit and mitigate a number of dangerous web vulnerabilities.
    • Exploit these vulnerabilities to hack into web servers.
    • Bypass security & advanced exploitation of these vulnerabilities.
    • Advanced post exploitation - hack other websites on the same server, dump the database, privilege escalation....etc
    • Bypass security & filters.
    • Intercept requests using a proxy.
    • Adopt SQL queries to discover and exploit SQL injections in secure pages.
    • Gain full control over target server using SQL injections.
    • Discover & exploit blind SQL injections.
    • Install Kali Linux - a penetration testing operating system.
    • Learn linux commands and how to interact with the terminal.
    • Learn linux basics.
    • Understand how websites & web applications work.
    • Understand how browsers communicate with websites.
    • Gather sensitive information about websites.
    • Discover servers, technologies & services used on target website.
    • Discover emails & sensitive data associated with a specific website.
    • Find all subdomains associated with a website.
    • Discover unpublished directories & files associated with a target website.
    • Find all websites hosted on the same server as the target website.
    • Discover, exploit and fix file upload vulnerabilities.
    • Exploit advanced file upload vulnerabilities & gain full control over the target website.
    • Discover, exploit and fix code execution vulnerabilities.
    • Exploit advanced code execution vulnerabilities & gain full control over the target website.
    • Discover, exploit & fix local file inclusion vulnerabilities.
    • Exploit local file inclusion vulnerabilities to to get a shell.
    • Exploit advanced local file inclusion vulnerabilities & gain full control over the target website.
    • Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website.
    • Discover, fix, and exploit SQL injection vulnerabilities.
    • Bypass login forms and login as admin using SQL injections.
    • Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections
    • Bypass filtering, and login as admin without password using SQL injections.
    • Bypass filtering and security measurements.
    • Read / Write files to the server using SQL injections.
    • Patch SQL injections quickly.
    • Learn the right way to write SQL queries to prevent SQL injections.
    • Discover basic & advanced reflected XSS vulnerabilities.
    • Discover basic & advanced stored XSS vulnerabilities.
    • How to use BeEF framwork.
    • Hook users to BeEF using reflected & XSS vulnerabilities.
    • Steal credentials from hooked targets.
    • Run javascript code on hooked targets.
    • Create undetectable backdoors.
    • Hack computers using XSS vulnerabilities.
    • Fix XSS vulnerabilities & protect yourself from them as a user.
    • What do we mean by brute force & wordlist attacks.
    • Create a wordlist or a dictionary.
    • Launch a wordlist attack and guess admin's password.
    • Discover all of the above vulnerabilities automatically using a web proxy.
    • Run system commands on the target webserver.
    • Access the file system (navigate between directories, read/write files).
    • Download, upload files.
    • Bypass security measurements.
    • Access all websites on the same webserver.
    • Connect to the database and execute SQL queries or download the whole database to the local machine.
    • Discover, exploit and mitigate CSRF vulnerabilities.

    Who is this for?

  • Anybody interested in learning website & web application hacking / penetration testing.
  • Anybody interested in becoming a bug bounty hunter.
  • Anybody interested website hacking.
  • Anybody interested in learning how to secure websites & web applications from hacker.
  • Web developers so they can create secure web application & secure their existing ones.
  • Web admins so they can secure their websites.

    • What You Need to Know?

  • Basic IT Skills.
  • No Linux, programming or hacking knowledge required.
  • Computer with a minimum of 4GB ram/memory.
  • Operating System: Windows / OS X / Linux.

    • More details

    Description

    Note: The contents of this course are not covered in any of my other courses except for some basics. Although website hacking is covered in one of my other courses, that course only covers the basics where this course dives much deeper in this topic covering more techniques, more vulnerabilities, advanced exploitation, advanced post exploitation, bypassing security and more!

    Welcome to my this comprehensive course on Website penetration testing. In this course you'll learn website / web applications hacking! This course assumes you have NO prior knowledge in hacking, and by the end of it you'll be at a high level, being able to hack & discover bugs in websites like black-hat hackers and secure them like security experts!

    This course is highly practical but it won't neglect the theory, first you'll learn how to install the needed software (on Windows, Linux and Mac OS X) and then we'll start with websites basics, the different components that make a website, the technologies used, and then we'll dive into website hacking straight away. From here onwards you'll learn everything by example, by discovering vulnerabilities and exploiting them to hack into websites, so we'll never have any dry boring theoretical lectures.

    Before jumping into hacking, you'll first learn how to gather comprehensive information about the target website, then the course is divided into a number of sections, each section covers how to discover, exploit and mitigate a common web application vulnerability, for each vulnerability you will first learn the basic exploitation, then you will learn advanced techniques to bypass security, escalate your privileges, access the database, and even use the hacked websites to hack into other websites on the same server.

    All of the vulnerabilities covered here are very common in bug bounty programs, and most of them are part of the OWASP top 10.

    You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid causing them.


    Here's a more detailed breakdown of the course content:

    1. Information Gathering - In this section you'll learn how to gather information about a target website, you'll learn how to discover its DNS information, the services used, subdomains, un-published directories, sensitive files, user emails, websites on the same server and even the hosting provider. This information is crucial as it increases the chances of being able to successfully gain access to the target website.

    2. Discovery, Exploitation & Mitigation - In this section you will learn how to discover, exploit and mitigate a large number of vulnerabilities, this section is divided into a number of sub-sections, each covering a specific vulnerability, firstly you will learn what is that vulnerability and what does it allow us to do, then you will learn how to exploit this vulnerability and bypass security, and finally we will analyse the code causing this vulnerability and see how to fix it, the following vulnerabilities are covered in the course:

    • File upload -  This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website.

    • Code Execution - This vulnerability allow users to execute system code on the target web server, this can be used to execute malicious code and get a reverse shell access which gives the attacker full control over the target web server.

    • Local File Inclusion - This vulnerability can be used to read any file on the target server, so it can be exploited to read sensitive files, we will not stop at that though, you will learn two methods to exploit this vulnerability to get a reverse shell connection which gives you full control over the target web server.

    • Remote File Inclusion - This vulnerability can be used to load remote files, exploiting this vulnerability properly gives you full control over the target web server.

    • SQL Injection -  This is one of the most dangerous vulnerabilities, it is everywhere and can be exploited to do all of the things the above vulnerabilities allow us to do and more, so it allows you to login as admin without knowing the password, access the database and get all data stored there such as usernames, passwords, credit cards ....etc, read/write files and even get a reverse shell access which gives you full control over the target server!

    • Cross Site Scripting (XSS) - This vulnerability can be used to inject javascript code in vulnerable pages, we won't stop at that, you will learn how to steal credentials from users (such as facebook or youtube passwords) and even gain full access to their computer.

    • Insecure Session Management - In this section you will learn how to exploit insecure session management in web applications and login to other user accounts without knowing their password, you'll also learn how to discover and exploit CSRF (Cross Site Request Forgery) vulnerabilities to force users to change their password, or submit any request you want.

    • Brute Force & Dictionary Attacks - In this section you will learn what are these attacks, the difference between them and how to launch them, in successful cases you will be able to guess the password for a target user.

    3. Post Exploitation - In this section you will learn what can you do with the access you gained by exploiting the above vulnerabilities, you will learn how to convert reverse shell access to a Weevely access and vice versa, you will learn how to execute system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the whole database to your local machine. You will also learn how to bypass security and do all of that even if you did not have enough permissions! 

    With this course you get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you within 15 hours.


    Notes:

    • This course is created for educational purposes only and all the attacks are launched in my own lab or against systems that I have permission to test.

    • This course is totally a product of Zaid Sabih & zSecurity, no other organization is associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANIZATION IS INVOLVED.

    Who this course is for:

    • Anybody interested in learning website & web application hacking / penetration testing.
    • Anybody interested in becoming a bug bounty hunter.
    • Anybody interested website hacking.
    • Anybody interested in learning how to secure websites & web applications from hacker.
    • Web developers so they can create secure web application & secure their existing ones.
    • Web admins so they can secure their websites.

    User Reviews
    Rating
    0
    0
    0
    0
    0
    average 0
    Total votes0
    Focused display
    Category

    Ethical Hacking

    Penetration Testing

    Zaid Sabih
    Zaid Sabih
    Instructor's Courses
    My name is Zaid Al-Quraishi, I am an ethical hacker, a computer scientist, and the founder and CEO of zSecurity & Bug-Bounty. I just love hacking and breaking the rules, but don’t get me wrong as I said I am an ethical hacker. I have tremendous experience in ethical hacking and cyber security and I have over 1M students world wide on multiple teaching platforms.
    z Security
    z Security
    Instructor's Courses
    zSecurity is a leading provider of ethical hacking and cyber security training, we teach hacking and security to help people become ethical hackers so they can test and secure systems from black-hat hackers.  Becoming an ethical hacker is simple but not easy, there are many resources online but lots of them are wrong and outdated, not only that but it is hard to stay up to date even if you already have a background in cyber security.  Our goal is to educate people and increase awareness by exposing methods used by real black-hat hackers and show how to secure systems from these hackers.
    Udemy
    Udemy
    View courses Udemy
    Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.
    • language english
    • Training sessions 100
    • duration 10:21:04
    • English subtitles has
    • Release Date 2023/06/24

    Courses related to Ethical Hacking

    Flask Hacking Mastery
    Udemy Frank Anemaet
    Frank Anemaet
    Flask Hacking Mastery
    35:39
    11/08/2023
    SEC455 SIEM Design And Implementation
    SansSEC455 SIEM Design And Implementation
    7:02:27
    07/02/2023
    exploit Development Student (XDS)
    Elearnsecurityexploit Development Student (XDS)
    2:08:50
    06/08/2023

    Courses related to Penetration Testing

    Intro to Windows Digital Forensics and Incident Response
    Udemy Robert McMillen
    Robert McMillen
    Intro to Windows Digital Forensics and Incident Response
    2:50:40
    11/08/2023
    Nmap for Penetration Testing: From Beginner to Advanced [Updated for 2021]
    PacktPub HackerSploit Academy
    HackerSploit Academy
    Nmap for Penetration Testing: From Beginner to Advanced [Updated for 2021]
    5:03:20
    03/11/2024
    Burp Suite Essential Training
    Linkedin Learning Malcolm Shore
    Malcolm Shore
    Burp Suite Essential Training
    1:24:48
    01/02/2023