Hands-on Penetration Testing Labs 1.0
4.6 (757 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
7,269 students enrolled

Hands-on Penetration Testing Labs 1.0

Comprehensive walkthroughs of penetration testing labs
4.6 (757 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
7,269 students enrolled
Last updated 4/2020
English
English [Auto], Italian [Auto]
Current price: $16.99 Original price: $24.99 Discount: 32% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 4.5 hours on-demand video
  • 17 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Enumerate/scan systems with Netdiscover, Nmap, Dirb, Nikto, etc.
  • Perform remote exploitation of systems
  • Escalate local privileges to root level
  • Utilize a variety of industry standard penetration testing tools within the Kali Linux distro
  • Build buffer overflows manually
Requirements
  • Basic Linux knowledge
  • Basic networking knowledge
  • Kali Linux
  • Desktop or Laptop with a minimum of 2GB RAM (8GB+ preferable)
  • VirtualBox
  • Windows 7 or 10 host OS preferred (tested)
Description

NOTE: This is independent from my other course, Hands-on Pentration Labs 1.0 - they both have original content and you're not required to buy one or the other by itself.

Looking for Powerpoint slides and lectures that will put you to sleep? Keep moving, because this course is not for you.

This course consists of 100% hands-on technical labs, utilizing industry standard open source technology to hack a variety of intentionally vulnerable operating systems. All of the resources to build the labs are free. Detailed instructions on how to set up the labs are included within this course (VMware Player, Kali Linux, Kioptrix, etc.). Moreover, I've set up a Google drive for you to conveniently download all vulnerable VMs. To make the most out of this course, it is recommended that you actually perform the activities within the labs rather than just watch the videos.

The main points that will be covered in this course is enumeration, remote exploitation, buffer overflows, and privilege escalation. These labs will show you how to interpret results from tools such as Nmap, Dirb, and enum4linux, and use them effectively to compromise vulnerable systems. Please note that these labs contain spoilers, and it is a good idea to attempt to compromise the vulnerable systems on your own prior to getting the answers from the walk through that's provided.

Who this course is for:
  • Cybersecurity Students
  • Cybersecurity Professionals
  • New Penetration Testers
  • CEH Candidates
  • OSCP Candidates
  • Pentest+ Candidates
Course content
Expand 18 lectures 04:26:45
+ Hands-on Labs
18 lectures 04:26:45

This lecture will cover a brief introduction for what's to be expected during the Hands-on Penetration Testing Labs 1.0 course.

Preview 03:49

Due to popular demand in my previous pentesting courses, I'm going to provide a technical explanation of many but not all of the commands and tools we'll be utilizing within this course. Also, in the resources attached to this lecture, I have a bunch of URLs that contain additional comprehensive information related to what we're about to cover. If there's anything you're confused about or need further information on that you cannot find out on your own with research, please feel free to contact me via the Q&A system or direct messaging.

If you're already well versed in basic to intermediate Linux commands, you should be okay with skipping this lecture. Otherwise, stay tuned for the new information or refresher depending on your skill level.

Overview of Lab Commands and Tools
09:43

This lecture will show you how and where to download and configure the latest version of Kali Linux, 2020, which is tailor made for my Udemy course Hands-on Penetration Testing Labs 4.0. It's also being made available for all other courses, as the newest version has some slight differences which may make an impact.

Preview 02:58
Download and Configure Kali Linux
11:28

In this quick video I'm going to show you where you can download the majority of vulnerable VMs that are going to be utilized within this course. I've hosted them all on a Google drive, and the link will be provided to you via a text document that's attached to this lecture.

Download Vulnerable Lab VMs
02:05

This video will cover the enumeration and exploitation of Kioptrix 1, which is an intentionally vulnerable Linux VM that I've acquired from VulnHub. This is one of the first VMs I've ever exploited on my journey towards learning OSCP. It is quite dated, so there are compatibility issues when trying to use it on VirtualBox or VMware if you don't know how to change the settings properly.

Luckily for you, I've taken the initiative to figure out how to get them converted to VirtualBox and have tested them during the creation of this course. I've also exported Kioptrix 1-5 as OVA files, which you can download from my Google drive and double click to import to VirtualBox Manager. Obtaining these Kioptrix VMs and getting them to run should be easy and straight forward for you.

Preview 09:47

This video is going to show you how to enumerate and exploit Kioptrix 2, an intentionally vulnerable Linux VM that comes from VulnHub. I've got it working on VirtualBox and exported this and all other Kioptrix boxes to OVA files which I've conveniently hosted for you on a Google drive. Download it, double click the OVA file, click import, make sure the network is configured to host-only, and let's get to work.

Kioptrix Level 2 - Enumeration and Exploitation
23:33

This video will show you how to enumerate and exploit Kioptrix 3, an intentionally vulnerable Linux VM.

Kioptrix Level 3 - Enumeration and Exploitation
24:05

This video will show you how to enumerate and exploit Kioptrix 4, an intentionally vulnerable Linux VM.

Kioptrix Level 4 - Enumeration and Exploitation
17:26

This video will show you how to enumerate and exploit Kioptrix 5, an intentionally vulnerable Linux VM.

Kioptrix Level 5 - Enumeration and Exploitation
18:33

Tr0ll 1 is an intentionally vulnerable VM that is said to have been inspired by the constant trolling of the OSCP labs. The goal as with all of our other intentionally vulnerable VMs is to gain root access to the system. This was a really fun challenge for me, and was excellent to help prepare for the relentless trolling of the OSCP and similar CTF challenges.

Tr0ll 1 - Enumeration and Exploitation
13:13

Tr0ll 2 is another intentionally vulnerable Linux VM which is a bit harder than its predecessor. We're going to cover the enumeration and exploitation of it over the course of this lecture.

Tr0ll 2 - Enumeration and Exploitation
27:28

This video will cover how to set up a Windows 7 Enterprise 32-bit virtual machine that is intentionally vulnerable to the eternalblue exploit. VirtualBox will be used as a software hypervisor to set it up.  

Bonus Lab 2: Windows 7 Eternalblue Vulnerable VM VirtualBox Setup
05:03

This video will cover the exploitation of Windows 7 with Kali Linux, using an Eternalblue Python standalone exploit. To follow along with this tutorial, you'll need Security Onion, Windows 7 Enterprise 32-bit, and Kali Linux VM's set up to communicate with one another with host-only interfaces. After the exploitation, analysis will be conducted within Security Onion on the Snort alerts and associated rules, and PCAP to identify the network evidence of the successful compromise. These are real-world skills that are crucial for cybersecurity analysts.

Bonus Lab 3: Windows 7 Eternalblue Exploitation and Snort/PCAP Analysis
19:42

This video will show you how to install and configure Ubuntu Server 12.04 to be vulnerable to Heartbleed. VirtualBox will be used as a software hypervisor for this process.

Bonus Lab 4: Ubuntu Server 12.04 Vulnerable VM VirtualBox Setup
11:06

This video will cover the exploitation of Ubuntu Server 12.04 using a Heartbleed Metasploit auxiliary module. To follow along with this tutorial, you'll need Security Onion, Ubuntu Server 12.04, and Kali Linux VM's set up to communicate with one another with host-only interfaces. After the exploitation, analysis will be conducted within Security Onion on the Snort alerts and associated rules, and PCAP to identify the network evidence of the successful compromise. These are real-world skills that are crucial for cybersecurity analysts.

Bonus Lab 5: Ubuntu Server 12.04 Heartbleed Exploitation and Snort/PCAP Analysis
11:47

Step by step lab to demonstrate how to discover and exploit a buffer overflow vulnerability in SLmail using python and immunity debugger.

Bonus Lab 6: SLMail Buffer Overflow Development
31:42