Website Hacking / Penetration Testing

About Course

Last Update: May 2024

Notes:

Although website hacking is covered in one of my other courses, that course only covers the basics where this course dives much deeper in this topic covering more techniques, more vulnerabilities, advanced exploitation, advanced post exploitation, bypassing security and more!
This course focuses on website hacking, I have a different course that teaches bug hunting from scratch.

Welcome to my comprehensive course on Website hacking / penetration testing. This course assumes you have NO prior knowledge in hacking, it starts with you from scratch and takes you step-by-step to an advanced level, being able to hack websites like black-hat hackers and secure them like security experts!

This course is highly practical but doesn’t neglect the theory, we’ll start with basics to teach you how websites work and install the needed software (on Windows, Linux and Apple Mac OS). Then we’ll start hacking straight away. You’ll learn everything by example, by discovering vulnerabilities and exploiting them to hack websites. No boring dry lectures

Before jumping into hacking, you’ll first learn how to gather comprehensive information about the target website. Then the course is divided into a number of sections, each aims to teach you a common vulnerability from the OWASP top 10 most common security threats. Each section takes you through a number of hands-on examples to teach you the cause of the security bug or vulnerability and how to discover it and exploit it in a number of scenarios, from simple to advanced, ultimately allowing you to hack the target website. You’ll also learn advanced techniques to bypass filters and security, escalate your privileges, access the database and much more post-exploitation techniques. As we do this I will also introduce you to different hacking and security concepts, tools and techniques. Everything will be taught through examples and hands-on practicals, there will be no useless or boring lectures!

Here’s a more detailed breakdown of the course content:

1. Information Gathering – In this section you’ll learn how to gather comprehensive information about a target website, you’ll learn how to discover its DNS information, the services used, subdomains, un-published directories, sensitive files, user emails, websites on the same server and even the hosting provider. This information is crucial as it expands the attack surface, increasing our changes of successfully hacking the target website.

2. Discovery, Exploitation & Mitigation – In this section you will learn how to discover, exploit and mitigate a common vulnerabilities from the OWASP top 10 most common security threats. This section is divided into a number of subsections. Each subsection takes you through a number of hands-on examples to teach you the cause of the vulnerability, how to discover it and how to exploit it in a number of scenarios, from simple to advanced, ultimately allowing you to hack the target website. You’ll also learn advanced techniques to bypass filters and security. Finally we will analyse the code causing these vulnerabilities and d,

Here’s a list of the main vulnerabilities that will be covered in this section.

- Information Disclosure.
- File upload.
- Code Execution.
- Local File Inclusion.
- Remote File Inclusion.
- SQL Injection.
- Cross Site Scripting (XSS).
- Insecure Session Management.
- Brute Force & Dictionary Attacks.
- CSRF (Client-Side Request Forgery).

3. Post Exploitation – In this section you will learn what can you do with the access you gained by exploiting the above vulnerabilities. You will learn how to convert reverse shell access to a Weevely access and vice versa, how to execute system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the whole database to your local machine. You will also learn how to bypass security, privilege escalation and do all of the above with limited permissions on the server !

You’ll use the following tools to achieve the above:

Kali Linux.
Weevely.
THC-Hydra .
Netcat .
Dev tools.
Burp Suite.
OWASP Zap.
Metasploit.
BeEF.
Dirb.
Maltego.
Knockpy.

With this course you get 24/7 support, so if you have any questions you can post them in the Q&A section and we’ll respond to you within 15 hours.

Checkout the curriculum and the course teaser for more info!

Notes:

This course is created for educational purposes only and all the attacks are launched in my own lab or against systems that I have permission to test.
This course is totally a product of Zaid Sabih & zSecurity, no other organization is associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANIZATION IS INVOLVED.

100+ Videos (10+ hours) to teach you website hacking from scratch.
50+ hands-on real-life website hacking examples - from simple to advanced.
Discover, exploit and mitigate a number of dangerous web vulnerabilities.
Hack cloud servers using these vulnerabilities.
No prior knowledge in Linux, hacking or programming is required.
Advanced post exploitation - pivoting, dump the database, privilege escalation, etc
Bypass security & advanced exploitation of these vulnerabilities.
Bypass security & filters.
Create a hacking lab.
Intercept requests using a proxy.
Adopt SQL queries to discover and exploit SQL injections in secure pages.
Gain full control over cloud servers using SQL injections.
Discover & exploit blind SQL injections.
Install Kali Linux - a penetration testing operating system.
Learn linux commands and how to interact with the terminal.
Learn linux basics.
Understand how websites & web applications work.
Understand how browsers communicate with websites.
Gather sensitive information about websites.
Discover servers, technologies & services used on target website.
Discover emails & sensitive data associated with a specific website.
Find all subdomains associated with a website.
Discover unpublished directories & files associated with a target website.
Find all websites hosted on the same server as the target website.
Discover, exploit and fix file upload vulnerabilities.
Exploit advanced file upload vulnerabilities & gain full control over the target website.
Discover, exploit and fix code execution vulnerabilities.
Exploit advanced code execution vulnerabilities & gain full control over the target website.
Discover, exploit & fix local file inclusion vulnerabilities.
Exploit local file inclusion vulnerabilities to to get a shell.
Exploit advanced local file inclusion vulnerabilities & gain full control over the target website.
Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website.
Discover, fix, and exploit SQL injection vulnerabilities.
Bypass login forms and login as admin using SQL injections.
Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections
Bypass filtering, and login as admin without password using SQL injections.
Bypass filtering and security measurements.
Read / Write files to the server using SQL injections.
Patch SQL injections quickly.
The right way to write SQL queries to prevent SQL injections.
Discover basic & advanced reflected XSS vulnerabilities.
Discover basic & advanced stored XSS vulnerabilities.
How to use BeEF framwork.
Hook users to BeEF using reflected & XSS vulnerabilities.
Steal credentials from hooked targets.
Run javascript code on hooked targets.
Create Windows backdoors.
Hack computers using XSS vulnerabilities.
Fix XSS vulnerabilities & protect yourself from them as a user.
Brute force & wordlist attacks.
Create a wordlist or a dictionary.
Launch a wordlist attack and guess admin's password.
Discover all of the above vulnerabilities automatically using a web proxy.
Run system commands on the target webserver.
Access the file system (navigate between directories, read/write files).
Download, upload files to / from hacked servers.
Bypass security measurements.
Access all websites on the same webserver.
Connect to the database and execute SQL queries or download the whole database to the local machine.
Discover, exploit and mitigate CSRF vulnerabilities.

Course Content

01 – Course Introduction

A Message from the Professor
001 Course Introduction.mp4

00:00

01 – Preparation – Creating a Penetration Testing Lab

001 Lab Overview & Needed Software.mp4

00:00
002 Initial Preparation.mp4

00:00
003 Installing Kali Linux as a VM on Windows.mp4

00:00
004 Installing Kali Linux as a VM on Apple Mac OS.mp4

00:00
005 Installing Kali Linux as a VM on Apple M1 Computers.mp4

00:00
006 Installing Kali Linux as a VM on Linux.mp4

00:00
007 Installing Metasploitable As a Virtual Machine.mp4

00:00
7157940-The-Lab.pdf

00:00
external-assets-links.txt

00:00

02 – Preparation – Linux Basics

03 – Website Basics

04 – Information Gathering

001 Gathering Information Using Whois Lookup.mp4

00:00
002 Discovering Technologies Used On The Website.mp4

00:00
003 Gathering Comprehensive DNS Information.mp4

00:00
004 Discovering Websites On The Same Server.mp4

00:00
005 Discovering Subdomains.mp4

00:00
006 Discovering Sensitive Files.mp4

00:00
007 Analysing Discovered Files.mp4

00:00
008 Maltego – Discovering Servers, Domains & Files.mp4

00:00
009 Maltego – Discovering Websites, Hosting Provider & Emails.mp4

00:00
7158024-Information-Gathering.pdf

00:00
external-assets-links.txt

00:00

05 – File Upload Vulnerabilities

06 – Code Execution Vulnerabilities

07 – Local File Inclusion Vulnerabilities (LFI)

08 – Remote File Inclusion Vulnerabilities (RFI)

09 – SQL Injection Vulnerabilities

10 – SQL Injection Vulnerabilities – SQLi In Login Pages

11 – SQL injection Vulnerabilities – Extracting Data From The Database

12 – SQL injection Vulnerabilities – Advanced Exploitation

001 Discovering & Exploiting Blind SQL Injections.mp4

00:00
002 Discovering Complex SQL Injection Vulnerabilities.mp4

00:00
003 Exploiting an advanced SQL Injection Vulnerability to Extract Passwords.mp4

00:00
004 Bypassing Filters.mp4

00:00
005 Bypassing Security & Accessing All Records.mp4

00:00
006 (Security) Quick Fix To Prevent SQL Injections.mp4

00:00
007 Reading & Writing Files On The Server Using SQL Injections.mp4

00:00
008 Getting A Shell & Controlling The Target Server Using an SQL Injection.mp4

00:00
009 Discovering SQL Injections & Extracting Data Using SQLmap.mp4

00:00
010 Getting a Direct SQL Shell using SQLmap.mp4

00:00
011 (Security) – The Right Way To Prevent SQL Injection Vulnerabilites.mp4

00:00
7158198-sqli-tips.txt

00:00

13 – XSS Vulnerabilities

14 – XSS Vulnerabilities – Exploitation

001 Installing Windows As a Virtual Machine.mp4

00:00
002 Hooking Victims To BeEF Using Reflected XSS.mp4

00:00
003 Hooking Victims To BeEF Using Stored XSS.mp4

00:00
004 Interacting With Hooked Targets.mp4

00:00
005 Running Basic Commands On Victims.mp4

00:00
006 Stealing CredentialsPasswords Using A Fake Login Prompt.mp4

00:00
007 Bonus – Installing Veil Framework.mp4

00:00
008 Bonus – Veil Overview & Payloads Basics.mp4

00:00
009 Bonus – Generating An Undetectable Backdoor Using Veil 3.mp4

00:00
010 Bonus – Listening For Incoming Connections.mp4

00:00
011 Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10.mp4

00:00
012 Gaining Full Control Over Windows Target.mp4

00:00
013 (Security) Fixing XSS Vulnerabilities.mp4

00:00
32970850-install-veil

00:00
33871610-install-veil-kali-2021

00:00
external-assets-links.txt

00:00

15 – Insecure Session Management

16 – Brute Force & Dictionary Attacks

17 – Discovering Vulnerabilities Automatically Using Owasp ZAP

18 – Post Exploitation

001 Post Exploitation Introduction.mp4

00:00
002 Executing System Commands On Hacked Web Servers.mp4

00:00
003 Escalating Reverse Shell Access To Weevely Shell.mp4

00:00
004 Weevely Basics – Accessing Other Websites, Running Shell Commands …etc.mp4

00:00
005 Bypassing Limited Privileges & Executing Shell Commands.mp4

00:00
006 Downloading Files From Target Webserver.mp4

00:00
007 Uploading Files To Target Webserver.mp4

00:00
008 Getting a Reverse Connection From Weevely.mp4

00:00
009 Accessing The Database.mp4

00:00
010 Conclusion.mp4

00:00
011 Writing a Pentest Report.mp4

00:00
012 4 Ways to Secure Websites & Apps.mp4

00:00
33871920-Sample-Pentest-Report.docx

00:00
37099704-bug-bounty-platforms.txt

00:00
7180134-Post-Exploitation.pdf

00:00
external-assets-links.txt

00:00

19 – Bonus Section

Add this certificate to your resume to demonstrate your skills & increase your chances of getting noticed.

Student Ratings & Reviews

No Review Yet

About Course

What Will You Learn?

Course Content

01 – Course Introduction

A Message from the Professor

001 Course Introduction.mp4

01 – Preparation – Creating a Penetration Testing Lab

001 Lab Overview & Needed Software.mp4

002 Initial Preparation.mp4

003 Installing Kali Linux as a VM on Windows.mp4

004 Installing Kali Linux as a VM on Apple Mac OS.mp4

005 Installing Kali Linux as a VM on Apple M1 Computers.mp4

006 Installing Kali Linux as a VM on Linux.mp4

007 Installing Metasploitable As a Virtual Machine.mp4

7157940-The-Lab.pdf

external-assets-links.txt

02 – Preparation – Linux Basics

001 Basic Overview Of Kali Linux.mp4

002 The Linux Terminal & Basic Linux Commands.mp4

003 Configuring Metasploitable & Lab Network Settings.mp4

external-assets-links.txt

03 – Website Basics

001 What is a Website.mp4

002 How To Hack a Website.mp4

7158016-Intro-what-is-a-website.pdf

04 – Information Gathering

001 Gathering Information Using Whois Lookup.mp4

002 Discovering Technologies Used On The Website.mp4

003 Gathering Comprehensive DNS Information.mp4

004 Discovering Websites On The Same Server.mp4

005 Discovering Subdomains.mp4

006 Discovering Sensitive Files.mp4

007 Analysing Discovered Files.mp4

008 Maltego – Discovering Servers, Domains & Files.mp4

009 Maltego – Discovering Websites, Hosting Provider & Emails.mp4

7158024-Information-Gathering.pdf

external-assets-links.txt

05 – File Upload Vulnerabilities

001 How To Discover & Exploit Basic File Upload Vulnerabilities to Hack Websites.mp4

002 GET & POST Requests.mp4

003 Intercepting Requests.mp4

004 Exploiting Advanced File Upload Vulnerabilities To Hack Websites.mp4

005 Exploiting More Advanced File Upload Vulnerabilities.mp4

006 (Security) Fixing File Upload Vulnerabilities.mp4

7158042-File-upload-Code-execution-LFI-RFI-SQLi-XSS.pdf

external-assets-links.txt

06 – Code Execution Vulnerabilities

001 How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites.mp4

002 Exploiting Advanced Code Execution Vulnerabilities.mp4

003 (Security) – Fixing Code Execution Vulnerabilities.mp4

07 – Local File Inclusion Vulnerabilities (LFI)

001 What are they And How To Discover & Exploit Them.mp4

002 Gaining Shell Access From LFI Vulnerabilities – Method 1.mp4

003 Gaining Shell Access From LFI Vulnerabilities – Method 2.mp4

08 – Remote File Inclusion Vulnerabilities (RFI)

001 Remote File Inclusion Vulnerabilities – Configuring PHP Settings.mp4

002 Remote File Inclusion Vulnerabilities – Discovery & Exploitation.mp4

003 Exploiting Advanced Remote File Inclusion Vulnerabilities To Hack Websites.mp4

004 (Security) Fixing File Inclusion Vulnerabilities.mp4

09 – SQL Injection Vulnerabilities

001 What is SQL.mp4

002 Dangers of SQL Injections.mp4

10 – SQL Injection Vulnerabilities – SQLi In Login Pages

001 Discovering SQL Injections In POST.mp4

002 Bypassing Logins Using SQL Injection Vulnerability.mp4

003 Bypassing More Secure Logins Using SQL Injections.mp4

004 (Security) Preventing SQL Injections In Login Pages.mp4

external-assets-links.txt

11 – SQL injection Vulnerabilities – Extracting Data From The Database

001 Discovering SQL Injections in GET.mp4

002 Reading Database Information.mp4

003 Finding Database Tables.mp4

004 Extracting Sensitive Data Such As Passwords.mp4

12 – SQL injection Vulnerabilities – Advanced Exploitation

001 Discovering & Exploiting Blind SQL Injections.mp4

002 Discovering Complex SQL Injection Vulnerabilities.mp4

003 Exploiting an advanced SQL Injection Vulnerability to Extract Passwords.mp4

004 Bypassing Filters.mp4

005 Bypassing Security & Accessing All Records.mp4

006 (Security) Quick Fix To Prevent SQL Injections.mp4