Learn Website Hacking / Penetration Testing From Scratch
4.6 (645 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
7,427 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Learn Website Hacking / Penetration Testing From Scratch to your Wishlist.

Add to Wishlist

Learn Website Hacking / Penetration Testing From Scratch

Learn how to hack websites and web applications like black hat hackers, and learn how to secure them from these hackers.
Bestselling
4.6 (645 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
7,427 students enrolled
Created by Zaid Sabih
Last updated 6/2017
English
English
Current price: $10 Original price: $180 Discount: 94% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 9 hours on-demand video
  • 1 Article
  • 9 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Set up a lab environment to practice hacking
  • Install Kali Linux - a penetration testing operating system
  • Install windows & vulnerable operating systems as virtual machines for testing
  • Learn linux commands and how to interact with the terminal
  • Learn linux basics
  • Understand how websites & web applications work
  • Understand how browsers communicate with websites
  • Gather sensitive information about websites
  • Discover servers, technologies and services used on target website
  • Discover emails and sensitive data associated with a specific website
  • Find all subdomains associated with a website
  • Discover unpublished directories and files associated with a target website
  • Find all websites hosted on the same server as the target website
  • Discover, exploit and fix file upload vulnerabilities
  • Exploit advanced file upload vulnerabilities & gain full control over the target website
  • Intercepting requests using a proxy
  • Discover, exploit and fix code execution vulnerabilities
  • Exploit advanced code execution vulnerabilities & gain full control over the target website
  • Discover, exploit & fix local file inclusion vulnerabilities
  • Exploit advanced local file inclusion vulnerabilities & gain full control over the target website
  • Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website
  • Discover, fix, and exploit SQL injection vulnerabilities
  • Bypass login forms and login as admin using SQL injections
  • Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections
  • Bypass filtering, and login as admin without password using SQL injections
  • Adopt SQL queries to discover and exploit SQL injections in more secure pages
  • Bypass filtering and security measurements
  • Discover & exploit blind SQL injections
  • Read / Write files to the server using SQL injections
  • Gain full control over the target server using SQL injections
  • Patch SQL injections quickly
  • Learn the right way to write SQL queries to prevent SQL injections
  • Discover basic & advanced reflected XSS vulnerabilities
  • Discover basic & advanced stored XSS vulnerabilities
  • Discover DOM-based XSS vulnerabilities
  • How to use BeEF framwork
  • Hook victims to BeEF using reflected, stored and DOM based XSS vulnerabilities
  • Steal credentials from hooked victims
  • Run javascript code on hooked victims
  • Create an undetectable backdoor
  • Hack into hooked computers and gain full control over them
  • Fix XSS vulnerabilities & protect yourself from them as a user
  • What do we mean by brute force & wordlist attacks
  • Create a wordlist or a dictionary
  • Launch a wordlist attack and guess admin's password
  • Discover all of the above vulnerabilities automatically using a web proxy
  • Run system commands on the target webserver
  • Access the file system (navigate between directories, read/write files)
  • Download, upload files
  • Bypass security measurements
  • Access all websites on the same webserver
  • Connect to the database and execute SQL queries or download the whole database to the local machine
View Curriculum
Requirements
  • Basic IT Skills
Description

Welcome to my comprehensive course on Website & Web applications Hacking! In this course, you will start as a beginner with no previous knowledge about penetration testing or hacking.

This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install needed software to practice penetration testing on your own machine. 

Then you will learn what is a website, how does it work, what does it rely on, what do mean by a web server, a database, and how all of these components work together to give us functioning websites,

Once you understand how websites work we will start talking about how can we exploit these components and this method of communication to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level -- by the time you finish, you will be able to launch attacks and test the security of websites and web applications exactly the same way that black hat hackers would do, not only that but you'll be able to fix these vulnerabilities and secure websites from them. All the attacks explained in this course are launched against real devices in my lab.

The course is divided into the three main sections:

1. Information Gathering - This section will teach you how to gather information about your target website, you will learn how to discover the DNS server used, the services, subdomains, un-published directories, sensitive files, user emails, websites on the same server and even the web hosting provider. This information is crucial as it increases the chances of being able to successfully gain access to the target website.

2. Discovering, Exploiting & Fixing - In this section you will learn how to discover, exploit and fix a large number of vulnerabilities, this section is divided into a number of sub-sections, each covering a specific vulnerability, firstly you will learn what is that vulnerability and what does it allow us to do, then you will learn how to exploit this vulnerability, and finally we will have a look on the code causing this vulnerability and show you how to fix it and secure the website from it, the following vulnerabilities are covered in the course:

  •   File upload :  This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website .
  • Code Execution - This vulnerability allow users to run system code on the target web server, this can be used to execute malicious code and get a reverse shell access which gives the attacker full control over the target web server.
  • Local File inclusion - This vulnerability can be used to read any file on the target derver, this can exploited to read sensitive files, we will not stop at that though, you will learn two methods to escalate this vulnerability and get a reverse shell connection which gives you full control over the target web server.
  • Remote File inclusion - This vulnerability can be load remote files on the target web server, exploiting this vulnerability properly gives you full control over the target web server.
  • SQL Injection- This is one of the biggest sections on the course, this is because this is one of the most dangerous vulnerabilities ever, it is found everywhere, not only that but it can be exploited to do all of the things the above vulnerabilities allow us to and more, so it allows you to login as admin without knowing the password, access the database and get all data stored there such as usernames, passwords, credit cards ....etc, read files stored in the server, write files to the server and even get a reverse shell access which gives you full control over the web server!
  • XSS - This vulnerability can be used to run javascript code on users who access the vulnerable pages, we won't stop at that, you will learn how to steal credentials from users (such as facebook or youtube passwords) and even gain full access to their computer. You will learn all three types (reflected, stored and DOM-based).
  • Insecure Session Management - In this section you will learn how to exploit insecure session management in web applications and login to other user accounts without knowing their password, you'll also learn how to discover and exploit CSRF (Cross Site Reguest Forgery.
  • Brute Force & Dictionary Attacks - In this section you will learn what are these attacks, what is the difference between them and how to launch them, in successful cases you will be able to guess the password for your target login.

3. Post Exploitation - In this section you will learn what can you do with the access you gained from exploiting the above vulnerabilities, you will learn how to convert reverse shell access to a Weevely access and vice versa, you will also learn how to run system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the whole database to your local machine, you will learn how to bypass security and do all of that even if you did not have permissions to do that! 

All the attacks in this course are practical attacks that work against any real websites, in each vulnerability you will learn the basic exploitation, then you will learn advanced methods that will give you more privileges or allow you to bypass security measurements -- You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid casing them.


NOTE: This course is created for educational purposes only and all the attacks are launched in my own lab or against devices that I have permission to test.

NOTE: This course is totally a product of Zaid Sabih and no other organization is associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANIZATION IS INVOLVED.

Who is the target audience?
  • Anybody who is interested in learning website & web application hacking / penetration testing
  • Anybody who wants to learn how hackers hack websites
  • Anybody who wants to learn how to secure websites & web applications from hacker
  • Web developers so they can create secure web application & secure their existing ones
  • Web admins so they can secure their websites
Students Who Viewed This Course Also Viewed
Curriculum For This Course
95 Lectures
09:05:09
+
Course Introduction
1 Lecture 02:13

Hello & welcome to this course, this lecture will give you an overview of the structure of the course, and what you'll learn in it.

Preview 02:13
+
Preparation - Creating a Penetration Testing Lab
4 Lectures 19:29

This lecture will give you an overview of the lab that we will need to set up for this course.

Preview 03:25

This lecture will give you an overview of what software you need to install for this course, and how it can be installed.

You will also see how to install Kali as a virtual machine.

Installing Kali 2017 As a Virtual Machine Using a Ready Image
08:32

In this lecture you will learn how to install a vulnerable operating system (Metasploitable) as a virtual machine so we can use it to practice penetration testing in future lectures.

Installing Metasploitable As a Virtual Machine
04:10

In this lecture you will learn how to set up a windows virtual machine so that we can try and hack into it to practice penetration testing.

Installing Windows As a Virtual Machine
03:22
+
Preparation - Linux Basics
3 Lectures 19:20

In this lecture we will have a basic look on Kali linux just to get you comfortable with using it.

Basic Overview Of Kali Linux
04:37

In this lecture you will learn how to interact with the linux terminal and run linux commands.

The Linux Terminal & Basic Linux Commands
09:06

In this lecture you will learn how to configure the network settings for the lab machines and how to access the websites that we will try to hack from the Kali machine.

Configuring Metasploitable & Lab Network Settings
05:37
+
Website Basics
2 Lectures 09:44

This lecture will explain to you what is a website, what it contains and how it works.

Preview 04:13

In this lecture you will learn the various methods and approaches that can be used to hack into a website.

How To Hack a Website ?
05:31
+
Information Gathering
9 Lectures 49:44

In this lecture you will learn how to gather information about the website/ domain name owner, server IP address, hosting company and more.

Gathering Information Using Whois Lookup
04:41

In this lecture we will use Netcraft to discover the technologies used on the target website, such as the web server used, installed web applications and more!

Discovering Technologies Used On The Website
06:04

This lecture will show you how to gather detailed DNS information about the target website such as it DNS records, resources it shares with other websites and more!

Gathering Comprehensive DNS Information
05:58

This lecture will show you how to discover websites on the same server as your target website, this is very useful as these websites can be used to gain access to your target website.

Discovering Websites On The Same Server
03:43

In this lecture we will use a tool called knock to discover subdomains on the target website, this is useful as these subdomains could contain beta web applications, private web applications or login pages.

Discovering Subdomains
05:05

In this lecture you will learn how to use a tool called dirb to discover files on the target website, this can be helpful is it might reveal files that contain sensitive data.

Discovering Sensitive Files
07:25

In this lecture we will analyse the files we discovered in the previous lecture and see the information they contain.

Analysing Discovered Files
04:17

Maltego is a great information gathering tool that can be used to gather information just about anything (people, websites, computers, servers ...etc).

In this lecture we will have an overview on the tool and some basic use, you will learn how to discover domains, websites, servers and emails associated with your target.

Maltego - Discovering Servers, Domains & Files
07:42

In this lecture we will dive deeper into Maltego, you will learn how to discover more info about the target such as admin's email, hosting company, servers and lay out this information nicely.

Preview 04:49
+
File Upload Vulnerabilities
6 Lectures 32:59

This lecture will teach you how to discover and exploit file upload vulnerabilities to gain full control over the target server.

What are they? And How To Discover & Exploit Basic File Upload Vulnerabilites
06:43

In this lecture you will learn more about how websites work, how the browser communicate with web server, http request types, and how to exploit this method of communication.

Preview 04:12

In this lecture you will learn how to use Burp Suit to intercept GET & POST requests and how to modify them.

Intercepting HTTP Requests
06:44

Now that ou know how to intercept HTTP requests, you will learn how to exploit a more secure file upload vulnerability and gain full control over the target web server.

Preview 04:37

In this lecture we will have a look on an even more secure upload page, and you'll learn how to exploit this file upload functionality and gain full control over the target web server

Exploiting More Advanced File Upload Vulnerabilities
04:22

In this lecture we shall have a look on the code causing the above vulnerabilities, you will learn why the above vulnerabilities are exploitable, how to fix these pages and prevent file upload vulnerabilities.

[Security] Fixing File Upload Vulnerabilities
06:21
+
Code Execution Vulnerabilities
3 Lectures 19:18

This lecture will teach you how to discover and exploit code execution vulnerabilities to get a reverse shell and gain full control over the target server.

What are they? & How To Discover & Exploit Basic Code Execution Vulnerabilities
07:25

This lecture will teach you how to exploit more secure code execution vulnerabilities to get a reverse shell and gain full control over the target server.

Exploiting Advanced Code Execution Vulnerabilities
06:06

In this lecture we shall have a look on the code causing the above vulnerabilities, you will learn why the above vulnerabilities are exploitable, how to fix these vulnerabilities and secure pages from file code execution vulnerabilities.

[Security] - Fixing Code Execution Vulnerabilities
05:47
+
Local File Inclusion Vulnerabilities (LFI)
3 Lectures 23:36

This lecture will teach you how to discover and exploit local file inclusion vulnerabilities to read any file on the target server.

What are they? And How To Discover & Exploit Them
05:49

In this lecture you will learn how to use local file inclusion to get reverse shell and gain full control over the target web server.

Preview 07:10

Here you will learn another method to use local file inclusion to get reverse shell and gain full control over the target web server.

Gaining Shell Access From LFI Vulnerabilities - Method 2
10:37
+
Remote File Inclusion Vulnerabilities (RFI)
4 Lectures 18:13

This lecture will teach you how to configure php setting to allow remote file inclusion, so we can practice a remote file inclusion vulnerability in the next lecture.

Remote File Inclusion Vulnerabilities - Configuring PHP Settings
03:46

This lecture will teach you how to discover and exploit remote file inclusion vulnerabilities to get a reverse shell and gain full control over the target server.

Remote File Inclusion Vulnerabilities - Discovery & Exploitation
05:44

This lecture will teach you how to exploit more secure remote file inclusion vulnerabilities to get a reverse shell and gain full control over the target server.

Exploiting Advanced Remote File Inclusion Vulnerabilities
02:49

In this lecture we shall have a look on the code causing the above vulnerabilities (Both local and remote file inclusion), you will learn why the above vulnerabilities are exploitable, how to fix these vulnerabilities and secure pages from file inclusion vulnerabilities.

[Security] Fixing File Inclusion Vulnerabilities
05:54
+
SQL Injection Vulnerabilities
2 Lectures 08:41

This lecture will explain what is SQL is and what is it used for, this is important to understand before we dive into sql injection vulnerabilities.

Preview 05:48

This lecture highlights why SQL injections are considered one of the most dangerous vulnerabilities and what it can be used for.

Dangers of SQL Injections
02:53
10 More Sections
About the Instructor
Zaid Sabih
4.6 Average rating
11,650 Reviews
82,539 Students
8 Courses
Ethical Hacker, Pentester & Computer Scientist

My name is Zaid Al-Quraishi , I am an ethical hacker, pentester and a computer scientist. I just love hacking and breaking the rules, but don’t get me wrong as I said I am an ethical hacker. 

I have a very good experience in ethical hacking. I started making video tutorials since 2009 in an ethical hacking website (iSecuri1ty), I received very good feedback for my tutorials which lead to promoting me as an editor in the website. I also work in the penetration testing team of iSecur1ty.

In 2013 I started teaching my first course online in the training center in iSecur1ty, again this course received amazing feedback for learners, which motivated me to create an English version of this course.

The english course was the most popular and the top paid course in Udemy for almost a year, again the feedback was amazing, therefore I decided to make more courses on ethical hacking, so I released a number of other courses which are doing just as good as that one.

My method of teaching is mostly by example, so I usually start by explaining the theory behind each technique, then I show you how it actually works in a real life situation.