Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Subscribe
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Hands-on Penetration Testing Labs 1.0
Rating: 4.5 out of 5(1,511 ratings)
13,227 students

Hands-on Penetration Testing Labs 1.0

Comprehensive walkthroughs of penetration testing labs
Created byJesse K, M.S., OSCP, CEH, Security+, Linux+, Network+, CISSP
Last updated 4/2020
English

What you'll learn

  • Enumerate/scan systems with Netdiscover, Nmap, Dirb, Nikto, etc.
  • Perform remote exploitation of systems
  • Escalate local privileges to root level
  • Utilize a variety of industry standard penetration testing tools within the Kali Linux distro
  • Build buffer overflows manually

Course content

1 section18 lectures4h 26m total length

  • Introduction3:49

    This lecture will cover a brief introduction for what's to be expected during the Hands-on Penetration Testing Labs 1.0 course.

  • Overview of Lab Commands and Tools9:43

    Due to popular demand in my previous pentesting courses, I'm going to provide a technical explanation of many but not all of the commands and tools we'll be utilizing within this course. Also, in the resources attached to this lecture, I have a bunch of URLs that contain additional comprehensive information related to what we're about to cover. If there's anything you're confused about or need further information on that you cannot find out on your own with research, please feel free to contact me via the Q&A system or direct messaging.

    If you're already well versed in basic to intermediate Linux commands, you should be okay with skipping this lecture. Otherwise, stay tuned for the new information or refresher depending on your skill level.

  • Bonus Lab - Kali Linux 20202:58

    This lecture will show you how and where to download and configure the latest version of Kali Linux, 2020, which is tailor made for my Udemy course Hands-on Penetration Testing Labs 4.0. It's also being made available for all other courses, as the newest version has some slight differences which may make an impact.

  • Download and Configure Kali Linux11:28
  • Download Vulnerable Lab VMs2:05

    In this quick video I'm going to show you where you can download the majority of vulnerable VMs that are going to be utilized within this course. I've hosted them all on a Google drive, and the link will be provided to you via a text document that's attached to this lecture.

  • Kioptrix Level 1 - Enumeration and Exploitation9:47

    This video will cover the enumeration and exploitation of Kioptrix 1, which is an intentionally vulnerable Linux VM that I've acquired from VulnHub. This is one of the first VMs I've ever exploited on my journey towards learning OSCP. It is quite dated, so there are compatibility issues when trying to use it on VirtualBox or VMware if you don't know how to change the settings properly.

    Luckily for you, I've taken the initiative to figure out how to get them converted to VirtualBox and have tested them during the creation of this course. I've also exported Kioptrix 1-5 as OVA files, which you can download from my Google drive and double click to import to VirtualBox Manager. Obtaining these Kioptrix VMs and getting them to run should be easy and straight forward for you.

  • Kioptrix Level 2 - Enumeration and Exploitation23:33

    This video is going to show you how to enumerate and exploit Kioptrix 2, an intentionally vulnerable Linux VM that comes from VulnHub. I've got it working on VirtualBox and exported this and all other Kioptrix boxes to OVA files which I've conveniently hosted for you on a Google drive. Download it, double click the OVA file, click import, make sure the network is configured to host-only, and let's get to work.

  • Kioptrix Level 3 - Enumeration and Exploitation24:05

    This video will show you how to enumerate and exploit Kioptrix 3, an intentionally vulnerable Linux VM.

  • Kioptrix Level 4 - Enumeration and Exploitation17:26

    This video will show you how to enumerate and exploit Kioptrix 4, an intentionally vulnerable Linux VM.

  • Kioptrix Level 5 - Enumeration and Exploitation18:33

    This video will show you how to enumerate and exploit Kioptrix 5, an intentionally vulnerable Linux VM.

  • Tr0ll 1 - Enumeration and Exploitation13:13

    Tr0ll 1 is an intentionally vulnerable VM that is said to have been inspired by the constant trolling of the OSCP labs. The goal as with all of our other intentionally vulnerable VMs is to gain root access to the system. This was a really fun challenge for me, and was excellent to help prepare for the relentless trolling of the OSCP and similar CTF challenges.

  • Tr0ll 2 - Enumeration and Exploitation27:28

    Tr0ll 2 is another intentionally vulnerable Linux VM which is a bit harder than its predecessor. We're going to cover the enumeration and exploitation of it over the course of this lecture.

  • Bonus Lab 1: Security Onion Lab Setup with VirtualBox23:17
  • Bonus Lab 2: Windows 7 Eternalblue Vulnerable VM VirtualBox Setup5:03

    This video will cover how to set up a Windows 7 Enterprise 32-bit virtual machine that is intentionally vulnerable to the eternalblue exploit. VirtualBox will be used as a software hypervisor to set it up.  

  • Bonus Lab 3: Windows 7 Eternalblue Exploitation and Snort/PCAP Analysis19:42

    This video will cover the exploitation of Windows 7 with Kali Linux, using an Eternalblue Python standalone exploit. To follow along with this tutorial, you'll need Security Onion, Windows 7 Enterprise 32-bit, and Kali Linux VM's set up to communicate with one another with host-only interfaces. After the exploitation, analysis will be conducted within Security Onion on the Snort alerts and associated rules, and PCAP to identify the network evidence of the successful compromise. These are real-world skills that are crucial for cybersecurity analysts.

  • Bonus Lab 4: Ubuntu Server 12.04 Vulnerable VM VirtualBox Setup11:06

    This video will show you how to install and configure Ubuntu Server 12.04 to be vulnerable to Heartbleed. VirtualBox will be used as a software hypervisor for this process.

  • Bonus Lab 5: Ubuntu Server 12.04 Heartbleed Exploitation and Snort/PCAP Analysis11:47

    This video will cover the exploitation of Ubuntu Server 12.04 using a Heartbleed Metasploit auxiliary module. To follow along with this tutorial, you'll need Security Onion, Ubuntu Server 12.04, and Kali Linux VM's set up to communicate with one another with host-only interfaces. After the exploitation, analysis will be conducted within Security Onion on the Snort alerts and associated rules, and PCAP to identify the network evidence of the successful compromise. These are real-world skills that are crucial for cybersecurity analysts.

  • Bonus Lab 6: SLMail Buffer Overflow Development31:42

    Step by step lab to demonstrate how to discover and exploit a buffer overflow vulnerability in SLmail using python and immunity debugger.

Requirements

  • Basic Linux knowledge
  • Basic networking knowledge
  • Kali Linux
  • Desktop or Laptop with a minimum of 2GB RAM (8GB+ preferable)
  • VirtualBox
  • Windows 7 or 10 host OS preferred (tested)

Description

NOTE: This is independent from my other course, Hands-on Pentration Labs 1.0 - they both have original content and you're not required to buy one or the other by itself.

Looking for Powerpoint slides and lectures that will put you to sleep? Keep moving, because this course is not for you.

This course consists of 100% hands-on technical labs, utilizing industry standard open source technology to hack a variety of intentionally vulnerable operating systems. All of the resources to build the labs are free. Detailed instructions on how to set up the labs are included within this course (VMware Player, Kali Linux, Kioptrix, etc.). Moreover, I've set up a Google drive for you to conveniently download all vulnerable VMs. To make the most out of this course, it is recommended that you actually perform the activities within the labs rather than just watch the videos.

The main points that will be covered in this course is enumeration, remote exploitation, buffer overflows, and privilege escalation. These labs will show you how to interpret results from tools such as Nmap, Dirb, and enum4linux, and use them effectively to compromise vulnerable systems. Please note that these labs contain spoilers, and it is a good idea to attempt to compromise the vulnerable systems on your own prior to getting the answers from the walk through that's provided.

Who this course is for:

  • Cybersecurity Students
  • Cybersecurity Professionals
  • New Penetration Testers
  • CEH Candidates
  • OSCP Candidates
  • Pentest+ Candidates

Report abuse