7.1. How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites

Website Hacking / Penetration Testing & Bug Bounty Hunting

What you will learn:
Install hacking lab & needed software (works on Windows, OS X and Linux).
Discover, exploit and mitigate a number of dangerous vulnerabilities.
Use advanced techniques to discover and exploit these vulnerabilities.
Bypass security measurements and escalate privileges.
Intercept requests using a proxy.
Hack all websites on same server.
Bypass filters and client-side security
Adopt SQL queries to discover and exploit SQL injections in secure pages
Gain full control over target server using SQL injections
Discover & exploit blind SQL injections
Install Kali Linux – a penetration testing operating system
Install windows & vulnerable operating systems as virtual machines for testing
Learn linux commands and how to interact with the terminal
Learn linux basics
Understand how websites & web applications work
Understand how browsers communicate with websites
Gather sensitive information about websites
Discover servers, technologies and services used on target website
Discover emails and sensitive data associated with a specific website
Find all subdomains associated with a website
Discover unpublished directories and files associated with a target website
Find all websites hosted on the same server as the target website
Discover, exploit and fix file upload vulnerabilities
Exploit advanced file upload vulnerabilities & gain full control over the target website
Discover, exploit and fix code execution vulnerabilities
Exploit advanced code execution vulnerabilities & gain full control over the target website
Discover, exploit & fix local file inclusion vulnerabilities
Exploit advanced local file inclusion vulnerabilities & gain full control over the target website
Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website
Discover, fix, and exploit SQL injection vulnerabilities
Bypass login forms and login as admin using SQL injections
Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections
Bypass filtering, and login as admin without password using SQL injections
Bypass filtering and security measurements
Read / Write files to the server using SQL injections
Patch SQL injections quickly
Learn the right way to write SQL queries to prevent SQL injections
Discover basic & advanced reflected XSS vulnerabilities
Discover basic & advanced stored XSS vulnerabilities
Discover DOM-based XSS vulnerabilities
How to use BeEF framwork
Hook victims to BeEF using reflected, stored and DOM based XSS vulnerabilities
Steal credentials from hooked victims
Run javascript code on hooked victims
Create an undetectable backdoor
Hack into hooked computers and gain full control over them
Fix XSS vulnerabilities & protect yourself from them as a user
What do we mean by brute force & wordlist attacks
Create a wordlist or a dictionary
Launch a wordlist attack and guess admin’s password
Discover all of the above vulnerabilities automatically using a web proxy
Run system commands on the target webserver
Access the file system (navigate between directories, read/write files)
Download, upload files
Bypass security measurements
Access all websites on the same webserver
Connect to the database and execute SQL queries or download the whole database to the local machine

Requirements:

Basic IT Skills
No Linux, programming or hacking knowledge required.
Computer with a minimum of 4GB ram/memory
Operating System: Windows / OS X / Linux

Who this course is for:

Anybody who is interested in learning website & web application hacking / penetration testing
Anybody who wants to learn how hackers hack websites
Anybody who wants to learn how to secure websites & web applications from hacker
Web developers so they can create secure web application & secure their existing ones
Web admins so they can secure their websites