Welcome to my comprehensive course on Website & Web applications Hacking! This course assumes you have NO prior knowledge in hacking and by the end of it you’ll be at a high level, being able to hack websites like black-hat hackers and secure them like security experts!
This course is highly practical, but it won’t neglect the theory, first you’ll learn how to install the needed software (works on Windows, Linux and Mac OS X) and then we’ll start with basics about how websites work, the different components that make a website, the technologies used, and then we’ll dive into website hacking straight away. From here onwards you’ll learn everything by example, by discovering vulnerabilities and exploiting them to hack into websites, so we’ll never have any dry boring theoretical lectures.
Before jumping into hacking, you’ll first learn how to gather comprehensive information about your target website, then the course is divided into a number of sections, each section covers how to discover, exploit and mitigate a common web application vulnerability, for each vulnerability you will first learn the basic exploitation, then you will learn advanced techniques to bypass security, escalate your privileges, access the database, and even use the hacked websites to hack into other websites on the same server.
You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid causing them.
NOTE: This course is created for educational purposes only and all the attacks are launched in my own lab or against devices that I have permission to test.
NOTE: This course is totally a product of Sohel Akhter and no other organization is associated with it or a certification exam. Although, you will receive a Course Completion Certification from CCCure + PMSuccess, INC, apart from that NO OTHER ORGANIZATION IS INVOLVED.
YOU’LL LEARN HOW TO
- Set Up A Lab Environment ( works on Windows, OS X, and Linux) to Practice Hacking and Penetration Testing.
- Understand How Websites / Web Applications Work.
- Detect What Technologies / Scripts A Website Is Using.
- Intercept HTTP Requests Using A Personal Proxy.
- Collect Sensitive Information About the Target.
- Exploit Top 10 Web Applications / Websites Vulnerabilities and Learn about Website Related Hacking Techniques.
- Discover unpublished directories and files associated with a target website
- Discover and Exploit the following vulnerabilities:
- Cross Site Scripting (XSS)
- Reflected Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- DOM-Based XSS
- Command Execution
- SQL Injection
- Script Source Code Disclosure
- Directory Traversal
- File Upload
- Broken Access Control
- Open Redirects
- Unencrypted Communications
- User Enumeration
- Information Leakage
- Password Mismanagement
- Privilege Escalation
- Session Fixation
- Week Session IDs
- XML Bombs
- XML External Entities
- Bypass login mechanisms using SQL injections and login a website without password
- Find unknown usernames and passwords: brute force & dictionary attacks
- Launch a Dictionary Attack
- Launch a Denial of Service Attack
- Email Spoofing
- Conduct Malvertising
- Access unauthorized processes
- Access sensitive data using path traversal attack
- Session management mechanism
- Impersonating victim by session fixation attack
- Prevent all kind of vulnerabilities
- Get A Job as A Web Application Penetration Tester / Ethical Hacker & Or Make Money Online As A Freelancer.
- Answer Any Questions About Ethical Hacking and Penetration Testing!
- Burp Suite Proxy
- BeEF Framework
- Vega (Web App / Website Vulnerability Scanner) To Scan Websites.
- Arachni (Web Vulnerability Scanner) To Scan Websites.
- Basic Information Technology Skills
- A Desire to Learn
- No Linux, programming or hacking knowledge required
- Computer with a minimum of 4GB ram/memory
- Operating System: Windows / OS X / Linux
- Basic Knowledge of Web Applications (not mandatory)
SECTION: 1 INTRODUCTION
- Welcome to the Web Applications Hacking and Penetration Testing Course
- How I Hacked the Payment System of Origin Energy (Australian Company)
- Facebook Bug- Facebook Users (Denial of Use) Attack
SECTION: 2 BASICS
- What is a Website?
- How Websites work?
- How to Hack a Website?
SECTION: 3 REPARATION
- Install XAMPP & DVWA
- Install Burp Suite Proxy
- Configure Burp Suite Proxy
- Make Burp Suite Capture SSL Traffic
- Install Python
- Install Vega Scanner
- Setting the DVWA Security Level
- Install Kali 2018 As a Virtual Machine Using a Ready Image
- Install Metasploitable As a Virtual Machine
- Install Windows As a Virtual Machine
- Basic Overview of Kali Linux
- Linux Terminal & Basic Linux Commands
- Configuring Metasploitable & Lab Network Settings
SECTION: 4 INFORMATION GATHERING
- Gathering Information – Whois Lookup
- Identify Technology & Software on Websites – NetCraft
- Gathering DNS Information – Robtex
- Finding Subdomains – Knock Git Repo
- Discovering Website on the Same Server
- Discovering Sensitive Files
- Analyzing Discovered Files
- Discovering Servers, Domains & Files – Maltego
- Discovering Websites, Hosting Providers & Emails – Maltego
SECTION: 5 CROSS SITE SCRIPTING (XSS)
- Cross Site Scripting (XSS) Explained
- Stored Cross Site Scripting (XSS) Vulnerability
- Reflected Cross Site Scripting (XSS) Vulnerability
- Lab: XSS, Stored XSS, and Reflected XSS Vulnerabilities
SECTION: 6 INSECURE SESSION MANAGEMENT
- Logging in As Admin without a Password by Manipulating Cookies
- Cross Site Request Forgery (CSRF) Explained
- Lab: Cross Site Request Forgery (CSRF) Vulnerability
SECTION: 7 SQL INJECTION
- SQL Injection Explained
- Lab: SQL Injection Vulnerability
SECTION: 8 COMMAND EXECUTION
- Command Execution Explained
- Lab: Command Execution Vulnerability
SECTION: 9 FILE UPLOAD VULNERABILITIES
- File Upload Vulnerability Explained
- Lab: How to Generate Web Backdoors (Shells)?
SECTION: 10 LOCAL FILE INCLUSION VULNERABILITIES (LFI)
- How to discover and Exploit
- Lab: Gaining shell access from LFI Vulnerabilities
SECTION: 11 REMOTE FILE INCLUSION VULNERABILITIES (RFI)
- How to discover and Exploit
- Lab: Fixing File Inclusion Vulnerabilities
SECTION: 12 BRUTE FORCE ATTACK
- Brute Force a Login Page
- Lab: Create Word lists for Password Cracking
- Download Crunch tool
- Lab: Real World Brute Force Attack
- Download Hydra tool
SECTION: 13 REAL WORLD HACKING
- Discover vulnerabilities using Vega scanner
- Exploiting SQL injection using sqlmap
- Exploiting Cross Site Scripting (XSS) using BruteXSS tool
- Exploiting Script Source Code Disclosure Vulnerability
- Discover Vulnerabilities using Arachni Scanner
- Help you to be an expert with real practical knowledge of application pen testing
- The Course will help to get a job as the Application Pen Tester/ Engineer
- This course will also help with CEH and OSCP certification exam
- Great demand for Pen Tester/ Engineer around the world and in most industries
- Because information security is important throughout an organization, your job may evolve
- There are 74% more cyber security jobs today than there were a year ago. 51% of companies intend to hire information security specialists this year.
- Security jobs are unlikely to be outsourced. In a time when even bridge and road construction is being outsourced–seriously, cities are hiring Chinese companies to bring in their workers and build infrastructure–that’s an important consideration.
- Better visibility to customers that need security expertise and services as it is easier to sell services with certified employees. Customers may not know the acronyms, but they always seem impressed by them.
- Your security knowledge may lead to a promotion or raise, your mileage may vary
WHO SHOULD ATTEND
- Anybody who is interested in learning website & web application hacking / penetration testing
- Anybody who wants to learn how to secure websites & web applications from hacker
- Web developers so they can create secure web application & secure their existing ones
- Web admins so they can secure their websites
- Anyone who wants to learn how to hack or harden a website.
- Anyone who is curious about how data is leaked from social media environments
- Anyone who wants to learn how even the most secure web sites are hacked
- Anyone who is afraid of being hacked and would like to secure his/her websites
- People who are willing to make a career in Cyber Security