Booking options
£25
£25
On-Demand course
9 hours 17 minutes
All levels
Want to know how to hack a website and fix vulnerabilities in computer systems and networks? Are you a web administrator or developer who wants to secure your website? This Learn Website Hacking From Scratch is ideal for those who have little or no knowledge of website hacking, and want an introductory guide to this topic.
In this website hacking and penetration testing course for beginners, you'll start with learning the basics of how to exploit and mitigate websites and web applications, moving on to more advanced techniques, where topics covered include bypassing security, accessing databases, SQL injection and cross-site scripting (XSS). You'll also familiarise with the Linux operating system and BeEf web browser attacking framework.
On course completion, you'll have the practical skills and knowledge to exploit networks like an attacker. Enrol in this Learn Website Hacking From Scratch today and start hacking systems like the experts!
Install hacking lab & needed software (works on Windows, OS X and Linux).
Discover, exploit and mitigate a number of dangerous vulnerabilities.
Use advanced techniques to discover and exploit these vulnerabilities.
Bypass security measurements and escalate privileges.
Intercept requests using a proxy.
Hack all websites on same server.
Bypass filters and client-side security
Adopt SQL queries to discover and exploit SQL injections in secure pages
Gain full control over target server using SQL injections
Discover & exploit blind SQL injections
Install Kali Linux - a penetration testing operating system
Install windows & vulnerable operating systems as virtual machines for testing
Learn linux commands and how to interact with the terminal
Learn linux basics
Understand how websites & web applications work
Understand how browsers communicate with websites
Gather sensitive information about websites
Discover servers, technologies and services used on target website
Discover emails and sensitive data associated with a specific website
Find all subdomains associated with a website
Discover unpublished directories and files associated with a target website
Find all websites hosted on the same server as the target website
Discover, exploit and fix file upload vulnerabilities
Exploit advanced file upload vulnerabilities & gain full control over the target website
Discover, exploit and fix code execution vulnerabilities
Exploit advanced code execution vulnerabilities & gain full control over the target website
Discover, exploit & fix local file inclusion vulnerabilities
Exploit advanced local file inclusion vulnerabilities & gain full control over the target website
Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website
Discover, fix, and exploit SQL injection vulnerabilities
Bypass login forms and login as admin using SQL injections
Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections
Bypass filtering, and login as admin without password using SQL injections
Bypass filtering and security measurements
Read / Write files to the server using SQL injections
Patch SQL injections quickly
Learn the right way to write SQL queries to prevent SQL injections
Discover basic & advanced reflected XSS vulnerabilities
Discover basic & advanced stored XSS vulnerabilities
Discover DOM-based XSS vulnerabilities
How to use BeEF framwork
Hook victims to BeEF using reflected, stored and DOM based XSS vulnerabilities
Steal credentials from hooked victims
Run javascript code on hooked victims
Create an undetectable backdoor
Hack into hooked computers and gain full control over them
Fix XSS vulnerabilities & protect yourself from them as a user
What do we mean by brute force & wordlist attacks
Create a wordlist or a dictionary
Launch a wordlist attack and guess admin's password
Discover all of the above vulnerabilities automatically using a web proxy
Run system commands on the target webserver
Access the file system (navigate between directories, read/write files)
Download, upload files
Bypass security measurements
Access all websites on the same webserver
Connect to the database and execute SQL queries or download the whole database to the local machine
Basic IT Skills
No Linux, programming or hacking knowledge required.
Computer with a minimum of 4GB ram/memory
Operating System: Windows / OS X / Linux
Anybody who is interested in learning website & web application hacking / penetration testing
Anybody who wants to learn how hackers hack websites
Anybody who wants to learn how to secure websites & web applications from hacker
Web developers so they can create secure web application & secure their existing ones
Web admins so they can secure their websites
Course Introduction | |||
Course Introduction | FREE | 00:02:00 | |
Preparation - Creating a Penetration Testing Lab | |||
Lab Overview & Needed Software | 00:08:00 | ||
Installing Kali 2019 As a Virtual Machine Using a Ready Image | 00:10:00 | ||
Installing Kali 2019 As a Virtual Machine | 00:10:00 | ||
Installing Metasploitable As a Virtual Machine | 00:04:00 | ||
Preparation - Linux Basics | |||
Basic Overview of Kali Linux | 00:05:00 | ||
The Linux Terminal & Basic Linux Commands | 00:11:00 | ||
Configuring Metasploitable & Lab Network Settings | 00:06:00 | ||
Website Basics | |||
What is a Website? | 00:04:00 | ||
How To Hack a Website? | 00:04:00 | ||
Information Gathering | |||
Gathering Information Using Whois Lookup | 00:05:00 | ||
Discovering Technologies Used On The Website | 00:06:00 | ||
Gathering Comprehensive DNS Information | 00:10:00 | ||
Discovering Websites On The Same Server | 00:04:00 | ||
Discovering Subdomains | 00:05:00 | ||
Discovering Sensitive Files | 00:07:00 | ||
Analysing Discovered Files | 00:04:00 | ||
Maltego - Discovering Servers, Domains & Files | 00:08:00 | ||
Maltego - Discovering Websites, Hosting Provider & Emails | 00:05:00 | ||
File Upload Vulnerabilities | |||
What are they? And How To Discover & Exploit Basic File Upload Vulnerabilities | 00:07:00 | ||
HTTP Requests - GET & POST | 00:04:00 | ||
Intercepting HTTP Requests | 00:07:00 | ||
Exploiting Advanced File Upload Vulnerabilities | 00:05:00 | ||
Exploiting More Advanced File Upload Vulnerabilities | 00:04:00 | ||
[Security] Fixing File Upload Vulnerabilities | 00:06:00 | ||
Code Execution Vulnerabilities | |||
What are they? & How To Discover & Exploit Basic Code Execution Vulnerabilities | 00:07:00 | ||
Exploiting Advanced Code Execution Vulnerabilities | 00:06:00 | ||
[Security] - Fixing Code Execution Vulnerabilities | 00:06:00 | ||
Local File Inclusion Vulnerabilities (LFI) | |||
What are they? And How To Discover & Exploit Them | 00:06:00 | ||
Gaining Shell Access From LFI Vulnerabilities - Method 1 | 00:07:00 | ||
Gaining Shell Access From LFI Vulnerabilities - Method 2 | 00:11:00 | ||
Remote File Inclusion Vulnerabilities (RFI) | |||
Remote File Inclusion Vulnerabilities - Configuring PHP Settings | 00:04:00 | ||
Remote File Inclusion Vulnerabilities - Discovery & Exploitation | 00:06:00 | ||
Exploiting Advanced Remote File Inclusion Vulnerabilities | 00:03:00 | ||
[Security] Fixing File Inclusion Vulnerabilities | 00:06:00 | ||
SQL Injection Vulnerabilities | |||
What is SQL | 00:06:00 | ||
Dangers of SQL Injections | 00:03:00 | ||
SQL Injection Vulnerabilities - SQLi In Login Pages | |||
Discovering SQL Injections In POST | 00:08:00 | ||
Bypassing Logins Using SQL Injection Vulnerability | 00:05:00 | ||
Bypassing More Secure Logins Using SQL Injections | 00:06:00 | ||
[Security] Preventing SQL Injections In Login Pages | 00:08:00 | ||
SQL Injection Vulnerabilities - Extracting Data From The Database | |||
Discovering SQL Injections in GET | 00:07:00 | ||
Reading Database Information | 00:05:00 | ||
Finding Database Tables | 00:04:00 | ||
Extracting Sensitive Data Such As Passwords | 00:04:00 | ||
SQL Injection Vulnerabilities - Advanced Exploitation | |||
Discovering & Exploiting Blind SQL Injections | 00:06:00 | ||
Discovering a More Complicated SQL Injection | 00:07:00 | ||
Extracting Data (passwords) By Exploiting a More Difficult SQL Injection | 00:05:00 | ||
Bypassing Filters | 00:05:00 | ||
Bypassing Security & Accessing All Records | 00:09:00 | ||
[Security] Quick Fix To Prevent SQL Injections | 00:07:00 | ||
Reading & Writing Files On The Server Using SQL Injection Vulnerability | 00:06:00 | ||
Getting A Reverse Shell Access & Gaining Full Control Over The Target Web Server | 00:08:00 | ||
Discovering SQL Injections & Extracting Data Using SQLmap | 00:07:00 | ||
[Security] - The Right Way To Prevent SQL Injection | 00:05:00 | ||
XSS Vulnerabilities | |||
Introduction - What is XSS or Cross Site Scripting? | 00:03:00 | ||
Discovering Basic Reflected XSS | 00:04:00 | ||
Discovering Advanced Reflected XSS | 00:05:00 | ||
Discovering An Even More Advanced Reflected XSS | 00:07:00 | ||
Discovering Stored XSS | 00:03:00 | ||
Discovering Advanced Stored XSS | 00:04:00 | ||
XSS Vulnerabilities - Exploitation | |||
Hooking Victims To BeEF Using Reflected XSS | 00:06:00 | ||
Hooking Victims To BeEF Using Stored XSS | 00:04:00 | ||
BeEF - Interacting With Hooked Victims | 00:04:00 | ||
BeEF - Running Basic Commands On Victims | 00:04:00 | ||
BeEF - Stealing Credentials/Passwords Using A Fake Login Prompt | 00:02:00 | ||
Bonus - Installing Veil 3.1 | 00:06:00 | ||
Bonus - Veil Overview & Payloads Basics | 00:07:00 | ||
Bonus - Generating An Undetectable Backdoor Using Veil 3 | 00:10:00 | ||
Bonus - Listening For Incoming Connections | 00:07:00 | ||
Bonus - Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10 | 00:07:00 | ||
BeEF - Gaining Full Control Over Windows Target | 00:04:00 | ||
[Security] Fixing XSS Vulnerabilities | 00:07:00 | ||
Insecure Session Management | |||
Logging In As Admin Without a Password By Manipulating Cookies | 00:06:00 | ||
Discovering Cross Site Request Forgery Vulnerabilities (CSRF) | 00:07:00 | ||
Exploiting CSRF Vulnerabilities To Change Admin Password Using a HTML File | 00:07:00 | ||
Exploiting CSRF Vulnerabilities To Change Admin Password Using Link (Preview) | 00:06:00 | ||
[Security] The Right Way To Prevent CSRF Vulnerabilities | 00:09:00 | ||
Brute Force & Dictionary Attacks | |||
What Are Brute Force & Dictionary Attacks? | 00:04:00 | ||
Creating a Wordlist | 00:07:00 | ||
Launching a Wordlist Attack & Guessing Login Password Using Hydra | 00:14:00 | ||
Discovering Vulnerabilities Automatically Using Owasp ZAP | |||
Scanning Target Website For Vulnerabilities | 00:04:00 | ||
Analysing Scan Results | 00:04:00 | ||
Post Exploitation | |||
Post Exploitation Introduction | 00:04:00 | ||
Interacting With The Reverse Shell Access Obtained In Previous Lectures | 00:07:00 | ||
Escalating Reverse Shell Access To Weevely Shell | 00:08:00 | ||
Weevely Basics - Accessing Other Websites, Running Shell Commands ...etc | 00:07:00 | ||
Bypassing Limited Privileges & Executing Shell Commands | 00:05:00 | ||
Downloading Files From Target Webserver | 00:05:00 | ||
Uploading Files To Target Webserver | 00:08:00 | ||
Getting a Reverse Connection From Weevely | 00:08:00 | ||
Accessing The Database | 00:09:00 | ||
Resources | |||
Resources - Learn Website Hacking From Scratch | 00:00:00 |
We understand more than anyone how important it is for yo...