Bring bugs to light by becoming a bug bounty hunter! You'll be able to hack websites & web applications like black hat hackers and secure them as experts.
What you'll learn
- 90+ Videos (aff) to take you from a beginner to advanced in website (aff) hacking.
- Create a hacking lab & needed software (on Windows, OS X, and Linux).
- Become a bug bounty hunters & discover bug bounty bugs!
- Discover, exploit, and mitigate a number of dangerous web vulnerabilities.
- Exploit these vulnerabilities to hack into web servers.
- Bypass security (aff) & advanced exploitation of these vulnerabilities.
- Advanced post-exploitation – hack other websites on the same server, dump the database, privilege escalation….etc
- Bypass security (aff) & filters.
- Intercept requests using a proxy.
- Adopt SQL queries to discover and exploit SQL injections in secure pages.
- Gain full control over the target server using SQL injections.
- Discover & exploit blind SQL injections.
- Install Kali Linux – a penetration testing operating system.
- Learn Linux commands and how to interact with the terminal.
- Learn Linux basics.
- Understand how websites & web applications work.
- Understand how browsers communicate with websites.
- Gather sensitive information about websites.
- Discover servers, technologies & services used on the target website (aff).
- Discover emails & sensitive data associated with a specific website (aff).
- Find all subdomains associated with a website (aff).
- Discover unpublished directories & files associated with a target website (aff).
- Find all websites hosted on the same server as the target website (aff).
- Discover, exploit, and fix file upload vulnerabilities.
- Exploit advanced file upload vulnerabilities & gain full control over the target website.
- Discover, exploit, and fix code execution vulnerabilities.
- Exploit advanced code execution vulnerabilities & gain full control over the target website.
- Discover, exploit & fix local file inclusion vulnerabilities.
- Exploit local file inclusion vulnerabilities to get a shell.
- Exploit advanced local file inclusion vulnerabilities & gain full control over the target website.
- Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website.
- Discover, fix, and exploit SQL injection vulnerabilities.
- Bypass login forms and login as admin using SQL injections.
- Writing SQL queries to find databases, tables, and sensitive data such as usernames ad passwords using SQL injections
- Bypass filtering, and log in as admin without password using SQL injections.
- Bypass filtering and security (aff) measurements.
- Read / Write files to the server using SQL injections.
- Patch SQL injections quickly.
- Learn the right way to write SQL queries to prevent SQL injections.
- Discover basic & advanced reflected XSS vulnerabilities.
- Discover basic & advanced stored XSS vulnerabilities.
- How to use the BeEF framework.
- Hook users to BeEF using reflected & XSS vulnerabilities.
- Steal credentials from hooked targets.
- Create undetectable backdoors.
- Hack computers using XSS vulnerabilities.
- Fix XSS vulnerabilities & protect yourself from them as a user.
- What do we mean by brute force & wordlist attacks?
- Create a wordlist or a dictionary.
- Launch a wordlist attack and guess the admin's password.
- Discover all of the above vulnerabilities automatically using a web proxy.
- Run system commands on the target webserver.
- Access the file system (navigate between directories, read/write files).
- Download, upload files.
- Bypass security (aff) measurements.
- Access all websites on the same web server.
- Connect to the database and execute SQL queries or download the whole database to the local machine.
- Discover, exploit and mitigate CSRF
- Basic IT Skills.
- No Linux, programming or hacking knowledge required.
- Computer with a minimum of 4GB ram/memory.
- Operating System: Windows / OS X / Linux.
It should be noted that the course materials have not been covered in any of my other courses except for some basics. In one of my other courses, I cover website hacking, but that course only covers the basics. This course covers more techniques, more vulnerabilities, advanced exploitation, advanced post-exploitation, bypassing security (aff), and much more!
It is my pleasure to welcome you to this comprehensive course on Website penetration testing. During this course, you will learn web application hacking and bug bounty hunting! Website Hacking / Penetration Testing & Bug Bounty Hunting assumes no prior knowledge of hacking, and by the end of the course, you'll know how to hack & discover bugs in websites like black-hat hackers and secure them like security (aff) experts!
In this course, you will learn how to set up the necessary software (on Windows, Linux, and Mac OS X) and then we'll take a look at website's basics, the different components of a website, the technologies involved and then we'll jump into website hacking. The rest of the course will be based on discovering vulnerabilities in websites and exploiting them to compromise them, so you won't have to sit through dry lectures filled with theory.
We teach you how to gather comprehensive information about a target website before getting started with hacking. Our Website Hacking / Penetration Testing & Bug Bounty Hunting course is divided into several sections. In each section, you will learn how to discover, exploit, and mitigate a common web application vulnerability; for each vulnerability, you will first learn the basic exploitation, then advanced ways to bypass security, escalate your privileges, access the database, and even hack into other websites on the same server.
Bug bounty programs often feature vulnerabilities like these, and most of the ones covered here are in OWASP's top 10.
Learn how to fix these issues and what to avoid in the process of learning how and why vulnerabilities are exploitable.
Here's a more detailed breakdown of the Website Hacking / Penetration Testing & Bug Bounty Hunting course content:
1. The Information Gathering module explains how to gather information about a target website, such as its DNS information, services used, subdomains, unpublished directories, sensitive files, user emails, sites (aff) on the same server, and even the hosting (aff) provider. Information like this is crucial since it increases the likelihood of successfully gaining access to the target website.
2. Vulnerability Discovery, Exploitation, and Mitigation – This section covers ways to discover, exploit, and mitigate the vulnerability of any given system. There is a number of sub-sections, each covering a specific vulnerability. The first thing you will learn is what the vulnerability is and what can be done with it, then you will learn how to exploit this vulnerability. Last but not least, we will analyze the code that leads to this vulnerability and see how it can be fixed. The following vulnerabilities are covered in the Website Hacking / Penetration Testing & Bug Bounty Hunting course:
- File upload – This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website.
- Code Execution – This vulnerability allow users to execute system code on the target web server, this can be used to execute malicious code and get a reverse shell access which gives the attacker full control over the target web server.
- Local File Inclusion – This vulnerability can be used to read any file on the target server, so it can be exploited to read sensitive files, we will not stop at that though, you will learn two methods to exploit this vulnerability to get a reverse shell connection which gives you full control over the target web server.
- Remote File Inclusion – This vulnerability can be used to load remote files, exploiting this vulnerability properly gives you full control over the target web server.
- SQL Injection – This is one of the most dangerous vulnerabilities, it is everywhere and can be exploited to do all of the things the above vulnerabilities allow us to do and more, so it allows you to login as admin without knowing the password, access the database and get all data stored there such as usernames, passwords, credit cards ….etc, read/write files and even get a reverse shell access which gives you full control over the target server!
- Insecure Session Management- In this section you will learn how to exploit insecure session management in web applications and login to other user accounts without knowing their password, you'll also learn how to discover and exploit CSRF (Cross Site Request Forgery) vulnerabilities to force users to change their password, or submit any request you want.
- Brute Force & Dictionary Attacks- In this section you will learn what are these attacks, the difference between them and how to launch them, in successful cases you will be able to guess the password for a target user.
3. Post Exploitation – In this section you will learn what can you do with the access you gained by exploiting the above vulnerabilities, you will learn how to convert reverse shell access to a Weevely access and vice versa, you will learn how to execute system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the whole database to your local machine. You will also learn how to bypass security and do all of that even if you did not have enough permissions!
The Website Hacking / Penetration Testing & Bug Bounty Hunting course provides 24/7 support, so if you have any questions, you are welcome to post them in the Q&A area. We will call you and respond within 15 hours.
- This course is created for educational purposes only and all the attacks are launched in my own lab or against systems that I have permission to test.
- zSecurity and Zaid Sabih have developed this Website Hacking / Penetration Testing & Bug Bounty Hunting course, and no other organization is involved with it or the certification process. In addition to gaining a certification of course completion from Udemy, you are not directly involved with any other organization at all.
Who this course is for:
- Anybody interested in learning website & web application hacking/penetration testing.
- Anybody interested in becoming a bug bounty hunter.
- Anybody interested in website hacking.
- Anybody interested in learning how to secure websites & web applications from hackers.
- Web developers, so they can create secure web applications & secure their existing ones.
- Web admins, so they can secure their websites.
Created by Zaid Sabih, z Security
Last updated 3/2021
Size: 2.31 GB