Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Subscribe
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Ethical Hacking: File Inclusion
Rating: 4.1 out of 5(238 ratings)
37,656 students
Created byPeter A
Last updated 7/2022
English

What you'll learn

  • How to Hack a Server using LFI
  • How Local File Inclusion vulnerability works
  • How Remote File Inclusion vulnerability works
  • How to Mitigate these vulnerabilities

Course content

1 section7 lectures57m total length

  • What is File Inclusion?5:52

    Explore file inclusion vulnerabilities, including local and remote inclusion and directory traversal, and how weak input validation can expose sensitive files and even enable remote command execution.

  • Path Traversal11:40

    Explore how path traversal allows attackers to read arbitrary files by manipulating URLs and inputs, using dot-dot-slash tricks to access Linux system files.

  • Local File Inclusion5:32

    Discover how local file inclusion exploits unchecked inputs in PHP (and other languages) by manipulating file parameters with dot dot slash to read arbitrary files via include, require, or file_get_contents.

  • Remote File Inclusion3:02
  • Mitigation2:49
  • Example Hack (Brute)13:14
  • Example Hack (Shadow)15:28

Requirements

  • Kali Linux Live USB or Virtualbox image
  • Some programming knowledge helps

Description

In this course you will learn about Local File Inclusion (LFI), Remote File Inclusion (RFI) and other vulnerabilities that may exist in web apps. You will learn how to prevent them as a developer and how you can leverage them to hack into servers. The course contains examples hack, that you could try on your own home lab.

For this vulnerability to work, the website needs to have a file inclusion vulnerability. But, if it's present you might either hack the server directly or indirectly through another protocol like SSH or RDP.  The course will also show you about the steps every hacker takes, regardless of what is the target. You'll learn how to scan for apps running on a server and how you might disclose if the target is running a Linux or Windows server.

If you are new to hacking, this course is for you. You'll be able to hack a server, given this vulnerability is present in the web app. It's a beginners course and you don't need any prior experience. No programming experience is needed, but we will go over a tiny bit of programming. However, as this is a hacking course the main focus is on that.



Who this course is for:

  • Beginner Ethical Hackers
  • Software Developers
  • Sysadmins
  • Devops

Report abuse