Learn Website Hacking / Penetration Testing From Scratch

April 28, 2018
  • Set up a lab environment to practice hacking
    • Install Kali Linux - a penetration testing operating system
    • Install windows & vulnerable operating systems as virtual machines for testing
    • Learn linux commands and how to interact with the terminal
    • Learn linux basics
    • Understand how websites & web applications work
    • Understand how browsers communicate with websites
    • Gather sensitive information about websites
    • Discover servers, technologies and services used on target website
    • Discover emails and sensitive data associated with a specific website
    • Find all subdomains associated with a website
    • Discover unpublished directories and files associated with a target website
    • Find all websites hosted on the same server as the target website
    • Discover, exploit and fix file upload vulnerabilities
    • Exploit advanced file upload vulnerabilities & gain full control over the target website
    • Intercepting requests using a proxy
    • Discover, exploit and fix code execution vulnerabilities
    • Exploit advanced code execution vulnerabilities & gain full control over the target website
    • Discover, exploit & fix local file inclusion vulnerabilities
    • Exploit advanced local file inclusion vulnerabilities & gain full control over the target website
    • Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website
    • Discover, fix, and exploit SQL injection vulnerabilities
    • Bypass login forms and login as admin using SQL injections
    • Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections
    • Bypass filtering, and login as admin without password using SQL injections
    • Adopt SQL queries to discover and exploit SQL injections in more secure pages
    • Bypass filtering and security measurements
    • Discover & exploit blind SQL injections
    • Read / Write files to the server using SQL injections
    • Gain full control over the target server using SQL injections
    • Patch SQL injections quickly
    • Learn the right way to write SQL queries to prevent SQL injections
    • Discover basic & advanced reflected XSS vulnerabilities
    • Discover basic & advanced stored XSS vulnerabilities
    • Discover DOM-based XSS vulnerabilities
    • How to use BeEF framwork
    • Hook victims to BeEF using reflected, stored and DOM based XSS vulnerabilities
    • Steal credentials from hooked victims
    • Run javascript code on hooked victims
    • Create an undetectable backdoor
    • Hack into hooked computers and gain full control over them
    • Fix XSS vulnerabilities & protect yourself from them as a user
    • What do we mean by brute force & wordlist attacks
    • Create a wordlist or a dictionary
    • Launch a wordlist attack and guess admin's password
    • Discover all of the above vulnerabilities automatically using a web proxy
    • Run system commands on the target webserver
    • Access the file system (navigate between directories, read/write files)
    • Download, upload files
    • Bypass security measurements
    • Access all websites on the same webserver
    • Connect to the database and execute SQL queries or download the whole database to the local machine
    Grab it before it expires

    Leave a Comment

    No comments

    Subscribe to: Post Comments ( Atom )
    Powered by Blogger.