Section 1 : Chapter 1
|
Lecture 1 | INTRODUCTION TO BRAINMEASURES PROCTOR SYSTEM |
Section 2 : Preparation - Creating a Penetration Testing Lab
|
Lecture 1 | Lab Overview & Needed Software | 00:07:49 Duration |
|
Lecture 2 | Installing Kali 2020 As a Virtual Machine Using a Ready Image | 00:11:13 Duration |
|
Lecture 3 | About Proctor Testing | |
|
Lecture 4 | Installing Windows As a Virtual Machine | 00:03:22 Duration |
|
Lecture 5 | INTRODUCTION TO BRAINMEASURES PROCTOR SYSTEM | |
|
Lecture 6 | Installing Metasploitable As a Virtual Machine | 00:04:10 Duration |
Section 3 : Preparation - Linux Basics
|
Lecture 1 | Basic Overview Of Kali Linux | 00:05:10 Duration |
|
Lecture 2 | The Linux Terminal & Basic Linux Commands | 00:11:21 Duration |
|
Lecture 3 | Configuring Metasploitable & Lab Network Settings | 00:05:38 Duration |
Section 4 : Website Basics
|
Lecture 1 | What is a Website | 00:04:14 Duration |
|
Lecture 2 | How To Hack a Website | 00:05:31 Duration |
Section 5 : Information Gathering
|
Lecture 1 | Gathering Information Using Whois Lookup | 00:04:41 Duration |
|
Lecture 2 | Discovering Technologies Used On The Website | 00:06:04 Duration |
|
Lecture 3 | Gathering Comprehensive DNS Information | 00:10:23 Duration |
|
Lecture 4 | Discovering Websites On The Same Server | 00:03:43 Duration |
|
Lecture 5 | Discovering Subdomains | 00:05:06 Duration |
|
Lecture 6 | Discovering Sensitive Files | |
|
Lecture 7 | Analysing Discovered Files | 00:04:18 Duration |
|
Lecture 8 | Maltego - Discovering Servers, Domains & Files | |
|
Lecture 9 | Maltego - Discovering Websites, Hosting Provider & Emails | 00:04:49 Duration |
Section 6 : File Upload Vulnerabilities
|
Lecture 1 | How To Discover & Exploit Basic File Upload Vulnerabilities to Hack Websites | 00:06:44 Duration |
|
Lecture 2 | HTTP Requests - GET & POST | 00:04:13 Duration |
|
Lecture 3 | Intercepting HTTP Requests | 00:06:45 Duration |
|
Lecture 4 | Exploiting Advanced File Upload Vulnerabilities To Hack Websites | 00:04:37 Duration |
|
Lecture 5 | Exploiting More Advanced File Upload Vulnerabilities | 00:04:22 Duration |
|
Lecture 6 | [Security] Fixing File Upload Vulnerabilities | 00:06:22 Duration |
Section 7 : Code Execution Vulnerabilities
|
Lecture 1 | How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites | 00:07:26 Duration |
|
Lecture 2 | Exploiting Advanced Code Execution Vulnerabilities | 00:06:06 Duration |
|
Lecture 3 | [Security] - Fixing Code Execution Vulnerabilities | 00:05:48 Duration |
Section 8 : Local File Inclusion Vulnerabilities (LFI)
|
Lecture 1 | What are they And How To Discover & Exploit Them | 00:05:49 Duration |
|
Lecture 2 | Gaining Shell Access From LFI Vulnerabilities - Method 1 | 00:07:11 Duration |
|
Lecture 3 | Gaining Shell Access From LFI Vulnerabilities - Method 2 | 00:10:38 Duration |
Section 9 : Remote File Inclusion Vulnerabilities (RFI)
|
Lecture 1 | Remote File Inclusion Vulnerabilities - Configuring PHP Settings | 00:03:46 Duration |
|
Lecture 2 | Remote File Inclusion Vulnerabilities - Discovery & Exploitation | 00:05:44 Duration |
|
Lecture 3 | Exploiting Advanced Remote File Inclusion Vulnerabilities To Hack Websites | 00:02:49 Duration |
|
Lecture 4 | [Security] Fixing File Inclusion Vulnerabilities | 00:05:55 Duration |
Section 10 : SQL Injection Vulnerabilities
|
Lecture 1 | What is SQL | |
|
Lecture 2 | Dangers of SQL Injections | 00:02:54 Duration |
Section 11 : SQL Injection Vulnerabilities - SQLi In Login Pages
|
Lecture 1 | Discovering SQL Injections In POST | 00:07:56 Duration |
|
Lecture 2 | Bypassing Logins Using SQL Injection Vulnerability | 00:04:49 Duration |
|
Lecture 3 | Bypassing More Secure Logins Using SQL Injections | 00:06:25 Duration |
|
Lecture 4 | [Security] Preventing SQL Injections In Login Pages | 00:07:44 Duration |
Section 12 : SQL injection Vulnerabilities - Extracting Data From The Database
|
Lecture 1 | Discovering SQL Injections in GET | 00:07:02 Duration |
|
Lecture 2 | Reading Database Information | 00:05:26 Duration |
|
Lecture 3 | Finding Database Tables | 00:03:34 Duration |
|
Lecture 4 | Extracting Sensitive Data Such As Passwords | 00:04:29 Duration |
Section 13 : SQL injection Vulnerabilities - Advanced Exploitation
|
Lecture 1 | Discovering & Exploiting Blind SQL Injections | 00:05:54 Duration |
|
Lecture 2 | Discovering Complex SQL Injection Vulnerabilities | 00:07:22 Duration |
|
Lecture 3 | Exploiting an advanced SQL Injection Vulnerability to Extract Passwords | 00:04:48 Duration |
|
Lecture 4 | Bypassing Filters | 00:04:49 Duration |
|
Lecture 5 | Bypassing Security & Accessing All Records | 00:08:36 Duration |
|
Lecture 6 | [Security] Quick Fix To Prevent SQL Injections | 00:06:44 Duration |
|
Lecture 7 | Reading & Writing Files On The Server Using SQL Injections | 00:05:58 Duration |
|
Lecture 8 | Getting A Shell & Controlling The Target Server Using an SQL Injection | 00:08:27 Duration |
|
Lecture 9 | Discovering SQL Injections & Extracting Data Using SQLmap | 00:06:48 Duration |
|
Lecture 10 | Getting a Direct SQL Shell using SQLmap | 00:02:58 Duration |
|
Lecture 11 | [Security] - The Right Way To Prevent SQL Injection Vulnerabilites | 00:04:58 Duration |
Section 14 : XSS Vulnerabilities
|
Lecture 1 | Introduction - What is XSS or Cross Site Scripting | 00:03:09 Duration |
|
Lecture 2 | Discovering Basic Reflected XSS | 00:03:47 Duration |
|
Lecture 3 | Discovering Advanced Reflected XSS | 00:04:35 Duration |
|
Lecture 4 | Discovering An Even More Advanced Reflected XSS | 00:07:05 Duration |
|
Lecture 5 | Discovering Stored XSS | 00:02:57 Duration |
|
Lecture 6 | Discovering Advanced Stored XSS | 00:03:36 Duration |
|
Lecture 7 | About Proctor Testing |
Section 15 : XSS Vulnerabilities - Exploitation
|
Lecture 1 | Hooking Victims To BeEF Using Reflected XSS | 00:05:42 Duration |
|
Lecture 2 | Hooking Victims To BeEF Using Stored XSS | 00:04:09 Duration |
|
Lecture 3 | Interacting With Hooked Targets | 00:03:56 Duration |
|
Lecture 4 | Running Basic Commands On Victims | 00:04:24 Duration |
|
Lecture 5 | Stealing CredentialsPasswords Using A Fake Login Prompt | 00:02:17 Duration |
|
Lecture 6 | Bonus - Installing Veil Framework | |
|
Lecture 7 | Bonus - Veil Overview & Payloads Basics | 00:07:20 Duration |
|
Lecture 8 | Bonus - Generating An Undetectable Backdoor Using Veil 3 | 00:09:44 Duration |
|
Lecture 9 | Bonus - Listening For Incoming Connections | 00:07:19 Duration |
|
Lecture 10 | Bonus - Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10 | 00:07:12 Duration |
|
Lecture 11 | Gaining Full Control Over Windows Target | 00:03:40 Duration |
|
Lecture 12 | [Security] Fixing XSS Vulnerabilities |
Section 16 : Insecure Session Management
|
Lecture 1 | Logging In As Admin Without a Password By Manipulating Cookies | 00:06:06 Duration |
|
Lecture 2 | Discovering Cross Site Request Forgery Vulnerabilities (CSRF) | 00:06:46 Duration |
|
Lecture 3 | Exploiting CSRF To Change Admin Password Using a HTML File | 00:07:00 Duration |
|
Lecture 4 | Exploiting CSRF Vulnerabilities To Change Admin Password Using Link | 00:05:41 Duration |
|
Lecture 5 | [Security] The Right Way To Prevent CSRF Vulnerabilities | 00:09:20 Duration |
Section 17 : Brute Force & Dictionary Attacks
|
Lecture 1 | Introduction to Brute Force & Dictionary Attacks | 00:03:45 Duration |
|
Lecture 2 | Creating a Wordlist | 00:06:35 Duration |
|
Lecture 3 | Guessing Login Password Using a Wordlist Attack With Hydra | 00:13:32 Duration |
Section 18 : Discovering Vulnerabilities Automatically Using Owasp ZAP
|
Lecture 1 | Scanning Target Website For Vulnerabilities | 00:04:19 Duration |
|
Lecture 2 | Analysing Scan Results | 00:04:11 Duration |
Section 19 : Post Exploitation
|
Lecture 1 | Post Exploitation Introduction | 00:03:59 Duration |
|
Lecture 2 | Executing System Commands On Hacked Web Servers | 00:06:59 Duration |
|
Lecture 3 | Escalating Reverse Shell Access To Weevely Shell | 00:07:53 Duration |
|
Lecture 4 | Weevely Basics - Accessing Other Websites, Running Shell Commands | 00:06:32 Duration |
|
Lecture 5 | Bypassing Limited Privileges & Executing Shell Commands | 00:04:54 Duration |
|
Lecture 6 | Downloading Files From Target Webserver | 00:04:40 Duration |
|
Lecture 7 | Uploading Files To Target Webserver | 00:07:53 Duration |
|
Lecture 8 | Getting a Reverse Connection From Weevely | 00:07:46 Duration |
|
Lecture 9 | Accessing The Database | 00:08:53 Duration |