This course was last updated on 26/04/2017
Welcome to my comprehensive course on Ethical Hacking! In this course, you will start as a beginner with no previous knowledge about penetration testing or hacking. The first thing you will learn is some basic information about ethical hacking and the different fields in penetration testing.
This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install needed software to practice penetration testing on your own machine. All the attacks explained in this course are launched against real devices in my lab.
The course is structured in a way that will take you through the basics of linux, computer systems, networks and how devices communicate with each other. We will start by talking about how we can exploit these systems to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level -- by the time you finish, you will have knowledge about most penetration testing fields.
The course is divided into four main sections:
1. Network Penetration Testing - This section will teach you how to test the security of networks, both wired and wireless. First, you will learn how networks work, basic network terminology and how devices communicate with each other. Then it will branch into three sub sections:
2. Gaining Access - In this section you will learn two main approaches to gain full control over any computer system:
3. Post Exploitation - In this section you will learn how to interact with the systems you compromised so far. You’ll learn how to access the file system (read/write/upload/execute), maintain your access, spy on the target and even use the target computer as a pivot to hack other computer systems.
4. Web Application Penetration Testing - In this section you will learn how websites work. Then you will learn how to gather information about your target website, such as website owner, server location, used technologies and much more. You will also learn how to discover and exploit a number of dangerous vulnerabilities such as SQL injections, XSS vulnerabilities, etc.
At the end of each section you will learn how to detect, prevent and secure your system and yourself from these attacks.
All the attacks in this course are practical attacks that work against any computer device, ie: it does not matter if the device is a phone, tablet, laptop, etc. Each attack is explained in a simple way -- first you will learn the theory behind each attack and then you will learn how to carry out the attack using Kali Linux.
NOTE: This course is created for educational purposes only and all the attacks are launched in my own lab or against devices that I have permission to test.
NOTE: This course is totally a product of Zaid Sabih and no other organization is associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANIZATION IS INVOLVED.
Welcome to the course, this lecture will give you a full outline of the structure of the course, and will give you an over view of what you will learn in each section.
This is a teaser lecture, in it I show you an example of the things that you'll be able to do at the end of the course, in this lecture I show you how to hack into a Windows 10 machine and turn on its web cam without asking the user to do anything.
As this is a teaser lecture, I won't be going into details about how is this achieved, but don't worry about that as I will break this down to you through out the course and you will understand exactly how to do that.
This is just one example, by the end of the course you'll learn much more attacks and be able to target all operating systems.
In this course, we will be using a number of operating systems, Kali for hacking and 2 others as victim or target machines, in this section you will learn how to install all of these machines as virtual machines inside your current operating system, this allow use to use all of the machines at the same time, it also completely isolates these machines from your main machine therefore your main machine will not be affected if anything goes wrong.
This lecture will give you an overview of the lab that we will need to set up for this course.
This lecture will give you an overview of what software you need to install for this course, and how it can be installed.
You will also learn how to configure and install Kali Rolling as a virtual machine.
In this lecture you will learn how to install Kali Linux using the iso image.
This option can be used to install Kali as a main machine or virtual machine.
Skip this lecture if the method above works for you and you're happy enough with it.
In this lecture you will learn how to install a vulnerable operating system (Metasploitable) as a virtual machine so we can use it to practice penetration testing in future lectures.
In this lecture you will learn how to set up a windows virtual machine so that we can try and hack into it to practice penetration testing.
In this lecture we will have a basic look on Kali linux just to get you comfortable with using it.
You will learn how to use its main applications, browse files, connect to the internet ....etc.
In this lecture you will learn how to interact with the linux terminal and run linux commands.
In this lecture you will learn how to install programs on Kali, update the sources and upgrade the system.
Checkout the links in the resources if you face any issues after upgrading.
This is an introduction lecture for the network penetration testing section, it will give you an overview of the structure of this section and what you will learn in it
Before jumping to network hacking you need to know some basics about networks, in this lecture you will learn how networks work and how devices communicate with each other.
Media Access Control or MAC address is a uniques ID assigned to each network card, in this lecture you shall learn what is it, what does it do and how to change it.
This lecture will clarify why is it possible to capture any packet around us even if it's not directed to our device, you will learn about two wireless modes: monitor and managed mode, you shall learn what is the difference between them, when do we use each of them and how to correctly enable monitor mode on your wireless card.
This video shows another method that can be used to enable monitor mode just incase the method explained in the previous lecture did not enable it properly for you.
This video shows another method that can be used to enable monitor mode just incase the method explained in the previous lectures did not enable it properly for you.
This is the first lecture in the "pre connection section", in this lecture you will learn how to use airodump-ng to see all the access points (WiFi Networks) and associated clients that are within your wireless range and gather information about them.
In this lecture , we shall learn how to launch airodump-ng on a specific AP , and store all packets in a capture file.
Deauthentication attacks allow us to disconnect (disassociate) any client that is connected to any network that is within our wifi range even if the network uses encryption (such as WEP/WPA/WPA2).
Fake access points can be handy in many scenarios , one example is creating an open AP , this will attract a lot of clients , many of which will automatically connect to it. Then we can sniff all the traffic created by the clients that connect to it , and since its open , the traffic will not be encrypted !
This lecture will explain the theory behind creating a fake AP and what do we need to make it work.
In this lecture you will learn how to create a fake AP using a tool called Mana-Toolkit.
PS: run the following command to install Mana
apt-get install mana-toolkit
Welcome to this section of the course , in this section we shall learn how to break WEP/WPA/WPA2 encryption and determine the network key.
This lecture explains the weaknesses in WEP encryption and how we can use these weaknesses to break it.
In this video we shall learn the basics of cracking WEP encryption , the target is a WEP encrypted network with active clients.
In this lecture we shall learn the theory behind cracking WEP encrypted APs with no or idle clients.
To do this we will inject packets in the traffic, but before we can do that we need to authenticate our wifi card with the target AP so that it does not ignore our requests as AP's only accept packets from associated devices, therefore we shall learn how to fake authenticate our wifi card with the target AP so that it starts accepting packets from us.
This method can be used to crack idle or clientless AP's .
In this method , after successfully associating with the target AP , we will wait for an ARP packet , we will then capture this packet and inject it into the traffic , this will force the AP to generate a new ARP packet with a new IV , we capture this new packet and inject into the traffic again , this process is repeated until the number of IV's captured is sufficient enough to crack the key.
This is an introduction to WPA/WPA2 , we shall learn what is the main difference between WPA and WEP and why WPA is more difficult to crack.
In this lecture we shall learn how to exploit the WPS feature to crack WPA/WPA2 encrypted AP's without a wordlist attack and without the need to any connected clients.
In this lecture we shall learn the theory behind cracking WPA/WPA2 encryption, why is it more difficult to crack, you will also learn what is a handshake and why do we need it to crack WPA/WPA2.
In this lecture we shall learn how to capture the handshake from the target AP.
To crack WPA/WPA2 we need to use a wordlist attacks , you can download ready wordlists from the internet or create your own by following this lecture.
In this lecture we will use the wordlist created in the previous lecture to crack the WPA key using aircrack-ng.
In this lecture you will learn how to secure your network and protect it from the above attacks.
In this lecture you will learn how to access your router's admin panel and configure it correctly to protect it from the above attacks and make it nearly impossible to crack.
This lecture is an introduction to the last section of network penetration testing, it will give you an outline of what we shall learn in this section and some important notes.
Gathering information is one of the most important steps in penetration testing. In this lecture we will learn how to use netdiscover to discover devices connected to the same network as us, we will be able to find their IP and MAC address.
In this lecture you will learn how to install autoscan and use it to discover connected devices and gather more information about these devices such as open ports and their operating system.
In this lecture we shall learn how to use zenmap (the GUI for nmap) to discover all connected devices and gather detailed information about these devices, such as their operating system, open ports and even services using these ports.
In this video we shall learn about one of the most dangerous and effective attacks that you can launch on a network; (ARP Poisonning) , we shall learn the theory behind ARP poisoning, how does it work and how it can be used to redirect the flow of packets and place us in the middle of the connection.
In this lecture we will learn how to use arpspoof to do a basic ARP poisoning attack and redirect the flow of packets in the network.
In this lecture we shall have a look on Man In The Middle Framework , how to use it to ARP poison a target client and sniff usernames and passwords from that target.
Basically you will learn how to capture any passwords entered by any device that's connected to the same network as you.
In this lecture we shall learn how to bypass HTTPS/SSL so that we can capture passwords entered on HTTPS enabled web pages such as Hotmail and Yahoo.
If the user uses the "remember me" feature then we can't sniff the password because they will not enter it , the user will be authenticated using cookies, so in this lecture we shall learn how to sniff these cookies, inject them in the browser and access target user account without having to enter the user name and password.
Basically you will be able to access any account accessed by any user in the same network without having to enter the password.
Note: This only works if the target website does not use HTTPS everywhere, it will work if the target website use HTTPS on the login page only.
In this lecture we shall learn how to control DNS requests made by the target client, so basically it allows us to redirect requests made by computers on the same network to any other place, this can be very useful as it can be used to redirect computers to fake websites, fake updates, fake logins ...etc.
This lecture will teach you how to capture screenshots of any computer as long as you are the MITM, you will also learn how to inject a keylogger that will log all key strikes entered by the target .
So far we have been using MITMf against the Windows virtual machine thrugh the virtual Nat Network, in this lecture I will show you how to use MITMf against a real computer that's connected to a real WiFi network, I will also cover a few important points that you need to keep in mind when using it against real devices.
Wireshark is a network protocol analyser, in this lecture we will have a basic overview on it, you will learn why is it useful and how to use it with MITM attacks or use it to analyse a capture file that contains data that you already sniffed.
I this lecture you will learn how to use Wireshark to sniff data (traffic) sent/received by any client in your network. You will also learn how to analyse this data, filter HTTP traffic and find useful information such as the websites visited, sent requests and more!
In this lecture we will continue using Wireshark, you will learn more methods to analyse the captured data, you'll learn how to find packets that contain specific information, how to capture logins (usernames and passwords), and how to capture the cookies if the person has already logged in, we will have examples on Hotmail and Dailymotion.
In this lecture we shall learn two methods to detect ARP poisoning attacks.
Server side attacks allow you to gain access to a target computer without user interaction, in this section you will learn a number of methods to launch server side attacks and gain full control over your target without user interaction.
In this lecture we will have a look on a basic example of gaining control over a target computer, we will use Zenmap to gather information and discover the vulnerability, then you'll learn how to research and exploit a mis-configured service.
Metasploit is a huge penetration testing framework, in this lecture you will learn how to use it to exploit a vulnerable target and gain full control over it.
In this lecture we will use a more complex vulnerability to gain full access to a vulnerable device using Metasploit.
This lecture will teach you how to install Metasploit Community.
Metasploit Community is a GUI for Metasploit that can be used to scan targets, discover open ports and services, and map found vulnerabilities to Metasploit modules.
In this video you will learn how to scan target(s) using Metasploit Community, this will show open ports, installed services and Metasploit Modules that can be used against the target(s).
In this video we will analyse the scan result obtained from the previous video and see how to launch a module and exploit the target system using Metasploit Community.
Nexpose is a vulnerability management framework, it allows us to discover, assess and act on discovered vulnerabilities, it also tells us a lot of info about the discovered vulnerabilities, weather they are exploitable and helps us write a report at the end of the assessment.
When downloading Nexpose, you will be asked to enter a company email address, you can use the link in the resources to get a temporary email address which will be accepted by Nexpose.
This lecture will teach you how to launch a scan using Nexpose, you will learn how to setup your target(s) and configure scan to suit your goals.
In this lecture we will analyse the scan results obtained from the previous video and see how to generate various types of reports.
My name is Zaid Al-Quraishi , I am an ethical hacker, pentester and a computer scientist. I just love hacking and breaking the rules, but don’t get me wrong as I said I am an ethical hacker.
I have a very good experience in ethical hacking. I started making video tutorials since 2009 in an ethical hacking website (iSecuri1ty), I received very good feedback for my tutorials which lead to promoting me as an editor in the website. I also work in the penetration testing team of iSecur1ty.
In 2013 I started teaching my first course online in the training center in iSecur1ty, again this course received amazing feedback for learners, which motivated me to create an English version of this course.
The english course was the most popular and the top paid course in Udemy for almost a year, again the feedback was amazing, therefore I decided to make more courses on ethical hacking, so I released a number of other courses which are doing just as good as that one.
My method of teaching is mostly by example, so I usually start by explaining the theory behind each technique, then I show you how it actually works in a real life situation.