Basic Overview of Kali Linux

The Linux Terminal and Basic LInux command

Configuring Metasploitable and Lab Network Settings

What is a Website?

How to Hack a Website ?

Gathering information Using Whois Lookup

Discovering Technologies Used on the website

Gathering Comprehensive DNS Information

Discovering Websites On The Same Server

Discovering Subdomains

Discovering Sensitive Files

Analyzing Discovered Files

Maltego Discovering Servers, Domains and Files

Maltego – Discovering Websites, Hosting Provider & Emails

What are they? How to discover and Exploit Basic File Upload Vulnerabilities

HTTP Requests GET and POST

Intercepting HTTP Requests

Exploiting Advanced File Upload Vulnerabilities

Exploiting More Advanced File upload Vulnerabilities

[Security] Fixing File Upload Vulnerabilities

What are they? & How To Discover & Exploit Basic Code Execution Vulnerabilities

Exploiting Advanced Code Execution Vulnerabilities

[Security] – Fixing Code Execution Vulnerabilities

What are they? And How To Discover & Exploit Them

Gaining Shell Access From LFI Vulnerabilities – Method 1

Gaining Shell Access From LFI Vulnerabilities – Method 2

Remote File Inclusion Vulnerabilities – Configuring PHP Settings

Remote File Inclusion Vulnerabilities – Discovery & Exploitation

Exploiting Advanced Remote File Inclusion Vulnerabilities

[Security] Fixing File Inclusion Vulnerabilities

What is SQL?

Dangers of SQL Injections

Discovering SQL Injections In POST

Bypassing Logins Using SQL Injection Vulnerability

Bypassing More Secure Logins Using SQL Injections

[Security] Preventing SQL Injections In Login Pages

Discovering SQL Injections in GET

Reading Database Information

Finding Database Tables

Extracting Sensitive Data Such As Passwords

Discovering & Exploiting Blind SQL Injections

Discovering a More Complicated SQL Injection

Extracting Data (passwords) By Exploiting a More Difficult SQL Injection

Bypassing Filters

Bypassing Security & Accessing All Records

[Security] Quick Fix To Prevent SQL Injections

Reading & Writing Files On The Server Using SQL Injection Vulnerability

Getting A Reverse Shell Access & Gaining Full Control Over The Target Web Server

Discovering SQL Injections & Extracting Data Using SQLmap

Getting a Direct SQL Shell using SQLmap

[Security] – The Right Way To Prevent SQL Injection

Introduction – What is XSS or Cross Site Scripting?

Discovering Basic Reflected XSS

Discovering Advanced Reflected XSS

Discovering An Even More Advanced Reflected XSS

Discovering Stored XSS

Discovering Advanced Stored XSS

Discovering Dom Based XSS

Hooking Victims To BeEF Using Reflected XSS

Hooking Victims To BeEF Using Stored XSS

BeEF – Interacting With Hooked Victims

BeEF – Running Basic Commands On Victims

BeEF – Stealing Credentials/Passwords Using A Fake Login Prompt

Bonus – Installing Veil 3

Bonus – Veil Overview & Payloads Basics

Bonus – Generating An Undetectable Backdoor Using Veil 3

Bonus – Listening For Incoming Connections

Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10

BeEF – Gaining Full Control Over Windows Target

[Security] Fixing XSS Vulnerabilities

Logging In As Admin Without a Password By Manipulating Cookies

Discovering Cross Site Request Forgery Vulnerabilities (CSRF)

Exploiting CSRF Vulnerabilities To Change Admin Password Using a HTML File

Exploiting CSRF Vulnerabilities To Change Admin Password Using Link

[Security] The Right Way To Prevent CSRF Vulnerabilities

What Are Brute Force & Dictionary Attacks?

Creating a Wordlist

Launching a Wordlist Attack & Guessing Login Password Using Hydra

Scanning Target Website For Vulnerabilities

Analysing Scan Results

Post Exploitation Introduction

Interacting With The Reverse Shell Access Obtained In Previous Lectures

Escalating Reverse Shell Access To Weevely Shell

Weevely Basics – Accessing Other Websites, Running Shell Commands …etc

Bypassing Limited Privileges & Executing Shell Commands

Downloading Files From Target Webserver

Uploading Files To Target Webserver

Getting a Reverse Connection From Weevely

Accessing The Database