Bug Bounty Hunting or Web Application Pentesting for 2021

Name: Bug Bounty Hunting or Web Application Pentesting for 2021
Rating: 4.4 (70 reviews)

Bug Bounty course that will take you to the next level of Bug Hunting. You will be able to find real bugs after this

Created bySAFARAS K A

Last updated 2/2021

English

What you'll learn

Web application basics
Learn about many vulnerabilities
OWASP Top 10
Exploiting Vulnerabilities
Bug Bounty Hunting
Reporting Bugs
Automating the processes
Linux Basics

Course content

18 sections • 61 lectures • 9h 57m total length

Introduction1:53
A simple introduction,
I am a civil engineer who have no background in web application or similar field, all I had is passion. It's a bit hard for me to get started due to the lack of basics and lack of organized contents. I found many resources and courses out there, but I didn't got it all in one course or resource. Everything is there and there, it's a very time consuming process to found them all out. It took me a lot time to find my first ever bug. So this course will help you find your first bug faster

Installing VMWare1:11
In this video we will download and install VMWare workstation player to install another os inside our current os
Installing Kali linux inside VMWare4:14
We will download and install Kali linux inside our Vmware
Installing metasploitable4:06
Metasploitable is virtual machine based on Linux that contains several intentional vulnerabilities for you to exploit. Metasploitable is essentially a penetration testing lab in a box, available as a VMware virtual machine
Kali linux appearence changing0:28
Change your appearance in Kali Linux via the settings menu, learning basic customization before proceeding to exploitation in bug bounty hunting and web application pentesting.

Installing go3:13
Go is a statically typed, compiled programming language designed at Google.
Just like python so many tools we are using are written in go so in order to install and work them we need golang go installed in our kali machine.
Installing some tools in kali linux3:48
We will install some tools used in our hunting
Installing nuclei3:06
Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.
Nuclei is used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. Main use cases for nuclei are during initial reconnaissance phase to quickly check for low hanging fruits or CVEs across targets that are known and easily detectable. It uses retryablehttp-go library designed to handle various errors and retries in case of blocking by WAFs, this is also one of our core modules from custom-querie

Working of a bug bounty program1:12
A simple explanation about how bug bounties are working
Hackerone-Explained9:37
Bugcrowd-Explained6:14
Bugcrowd is a well known bug bounty platform and this video will explain about everything
External Bug Bounty Programs4:58
Other than public bug bounty platforms like hackerone and bugcrowd many companies have their own bug bounty or responsible disclosure programs and here we will how to find them how can we report on them

Command Injection -part 113:13
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell
Command Injection -part 27:18
Labs to Practice Command Injection3:14
After we learned about it's working and more, we have to practice more than we have done here so for that I will show you some labs that you can practice to learn more

File Upload Vulnerability - Part 18:32
We will exploit the functionality to upload a reverse shell to the server and will see how to get a connection back to our system
Bypassing Restrictions on File Upload8:39
Sometimes websites restrict users from uploading files other than required one's such as in case of profile pictures they may restrict users from uploading files other than image type like jpg,png etc. So in this lecture we will learn the methods of bypassing them
Disclosed reports about File Upload vulnerabilities5:36
Will go through some hackerone disclosed reports and so that we can learn many more methods of exploiting the upload functionality

Local file inclusion8:03
An attacker can use Local File Inclusion (LFI) to trick the web application into exposing or running files on the web server. So sometimes we can read sensitive files inside the web server which is mostly considered as a critical vulnerability
Local file Inclusion to Remote Code Execution -19:23
Other than just accessing or reading sensitive files we might be able to read some files such as logs which we can change the values and add arbitory codes to them and as a result we will be able to get the complete access of the computer that hosts the website. So this lecture will teach you how to do that.
Local File Inclusion to Remote Code Execution - 213:10
As in the previous lecture we have seen converting LFI into an RCE and this is also same with another file or we can say another method

Requirements

Use computers at basic level
A computer with any OS

Description

Welcome to Web Application Penetration Testing or Bug Bounty Hunting course. This course will take you from basics to an intermediate level where you will be able to make some money by hacking, yeah it's very interesting. Imagine making money by doing a thing we love to do.

How I get Started

First like all others I went to google and searched for what is bug bounty and how to get started in bug bounty I couldn't find what I wanted then I searched for web application pentesting and found many courses and resources out there and learned about all of them.

After learning about many vulnerabilities I went to a real world application and I was stuck with doing nothing, I didn't know what to test where to test or anything. I didn't know what should I do after selecting a domain to hack, that's the main problem I came across during my journey. Literally none of the resources or courses showed me the answer. It took me a while to understand.

So I decided to include that also at the end of the course i.e what should we do after picking up the target. I can assure you that, you won't be stuck like me while start hacking if you purchased this course.

One more thing that I coudn't realize was that how to report or where to report and I didn't heard of the platforms out there at that time, might be because of no previous knowledge in this area. So I mentioned in this course that how can we find websites that have bug bounty programs and platforms and external programs too.

I was able to find my first ever paid bug within 2 months without any previous knowledge. When I post that on twitter thanking all the hackers out there I started getting messages asking how I learned so fast and how am I hunting. This made me starting a medium blog and then got messages from people telling "Thank you I was able to find my first bug as in the blog" The blog isn't a big one but it contains vulnerabilities that you can easily find without any previous knowledge. So I thought it will be great if I could make a video course for absolute beginners to become good hackers and earn money by hacking websites.

Now my name is listed in Hall of Fames of various programs and was able to find critical vulnerabilities so that I can earn more in that way.

Each Section and lectures have a description of what we are going to learn on that particular section or lecture so that if you are already familiar with that area you can skip that portion.

Who this course is for:

Who are interested in hacking
Who are interested in Bug bounty
Who are interested in Web Application Testing
Who are interested in Ethical hacking
Who are interested to become a pentester

Bug Bounty Hunting or Web Application Pentesting for 2021

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 2min

Setting Up our machine for hacking4 lectures • 10min

Basics of linux2 lectures • 22min

Basics of Web2 lectures • 26min

Install some tools3 lectures • 10min

Burpsuite2 lectures • 23min

Bug Bounty Platforms4 lectures • 22min

Command Injection3 lectures • 24min

Exploiting File Upload Functionality3 lectures • 23min

Local File Inclusion3 lectures • 31min

Requirements

Description

Who this course is for: