Website Hacking / Penetration Testing & Bug Bounty Hunting
IT, Technology and Software
No. of Attendant
Acquired Skills/Covered Subjects
- Become a bug bounty hunters & discover bug bounty bugs!
- Exploit these vulnerabilities to hack into web servers.
- Advanced post exploitation - hack other websites on the same server, dump the database, privilege escalation....etc
- Learn linux commands and how to interact with the terminal.
|About The Provider||
Udemy.com is an online learning platform aimed at professional adults and students.
Udemy, a portmanteau of you + academy, has more than 30 million students and 50,000 instructors teaching courses in over 60 languages. There have been over 245 million course enrollments. Students and instructors come from 190+ countries and 2/3 of students are located outside of the U.S. Udemy also has over 4,000 enterprise customers and 80% of Fortune 100 companies use Udemy for employee upskilling (Udemy for Business). Students take courses largely as a means of improving job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.
Udemy serves as a platform that allows instructors to build online courses on topics of their choosing. Using Udemy's course development tools they can upload video, PowerPoint presentations, PDFs, audio, zip files and live classes to create courses. Instructors can also engage and interact with users via online discussion boards.
Courses are offered across a breadth of categories, including business and entrepreneurship, academics, the arts, health and fitness, language, music, and technology. Most classes are in practical subjects such as Excel software or using an iPhone camera. Udemy also offers Udemy for Business, enabling businesses access to a targeted suite of over 3,000 training courses on topics from digital marketing tactics to office productivity, design, management, programming, and more. With Udemy for Business, organizations can also create custom learning portals for corporate training.
This course is highly practical but it won't neglect the theory, first you'll learn how to install the needed software (on Windows, Linux and Mac OS X) and then we'll start with websites basics, the different components that make a website, the technologies used, and then we'll dive into website hacking straight away. From here onwards you'll learn everything by example, by discovering vulnerabilities and exploiting them to hack into websites, so we'll never have any dry boring theoretical lectures.
Before jumping into hacking, you'll first learn how to gather comprehensive information about the target website, then the course is divided into a number of sections, each section covers how to discover, exploit and mitigate a common web application vulnerability, for each vulnerability you will first learn the basic exploitation, then you will learn advanced techniques to bypass security, escalate your privileges, access the database, and even use the hacked websites to hack into other websites on the same server.
All of the vulnerabilities covered here are very common in bug bounty programs, and most of them are part of the OWASP top 10.
You will learn how and why these vulnerabilities are exploitable, how to fix them and what are the right practices to avoid causing them.
Here's a more detailed breakdown of the course content:
1. Information Gathering - In this section you'll learn how to gather information about a target website, you'll learn how to discover its DNS information, the services used, subdomains, un-published directories, sensitive files, user emails, websites on the same server and even the hosting provider. This information is crucial as it increases the chances of being able to successfully gain access to the target website.
2. Discovery, Exploitation & Mitigation - In this section you will learn how to discover, exploit and mitigate a large number of vulnerabilities, this section is divided into a number of sub-sections, each covering a specific vulnerability, firstly you will learn what is that vulnerability and what does it allow us to do, then you will learn how to exploit this vulnerability and bypass security, and finally we will analyse the code causing this vulnerability and see how to fix it, the following vulnerabilities are covered in the course:
File upload - This vulnerability allow attackers to upload executable files on the target web server, exploiting these vulnerabilities properly gives you full control over the target website.
Code Execution - This vulnerability allow users to execute system code on the target web server, this can be used to execute malicious code and get a reverse shell access which gives the attacker full control over the target web server.
Local File Inclusion - This vulnerability can be used to read any file on the target server, so it can be exploited to read sensitive files, we will not stop at that though, you will learn two methods to exploit this vulnerability to get a reverse shell connection which gives you full control over the target web server.
Remote File Inclusion - This vulnerability can be used to load remote files, exploiting this vulnerability properly gives you full control over the target web server.
SQL Injection - This is one of the most dangerous vulnerabilities, it is everywhere and can be exploited to do all of the things the above vulnerabilities allow us to do and more, so it allows you to login as admin without knowing the password, access the database and get all data stored there such as usernames, passwords, credit cards ....etc, read/write files and even get a reverse shell access which gives you full control over the target server!
Insecure Session Management - In this section you will learn how to exploit insecure session management in web applications and login to other user accounts without knowing their password, you'll also learn how to discover and exploit CSRF (Cross Site Request Forgery) vulnerabilities to force users to change their password, or submit any request you want.
Brute Force & Dictionary Attacks - In this section you will learn what are these attacks, the difference between them and how to launch them, in successful cases you will be able to guess the password for a target user.
3. Post Exploitation - In this section you will learn what can you do with the access you gained by exploiting the above vulnerabilities, you will learn how to convert reverse shell access to a Weevely access and vice versa, you will learn how to execute system commands on the target server, navigate between directories, access other websites on the same server, upload/download files, access the database and even download the whole database to your local machine. You will also learn how to bypass security and do all of that even if you did not have enough permissions!
The Quantum Internet and Quantum Computers: How Will They Change the World?