Web Exploitation - Full Course (9+ Hours)

Поділитися
Вставка

КОМЕНТАРІ • 128

  • @amortalbeing
    @amortalbeing 2 місяці тому +7

    TIMESTAMPS
    ######### Web 00 - Introduction
    00:00:00 Web Exploitation Course
    ######### Web 01 - Introduction to Web Exploitation
    00:03:17 Introduction
    00:05:37 Clients and Servers
    00:07:37 The HTTP Protocol
    00:11:47 HTML
    00:17:00 CSS
    00:18:57 JavaScript and the DOM
    00:23:00 Web Applications
    00:29:07 Overview so far
    00:30:47 HTTP is stateless
    00:32:57 On Malicious HTTP requests
    00:35:39 Introduction to BurpSuite
    00:40:03 Using BurpSuite
    00:48:02 A first vulnerability
    00:52:42 Conclusion
    ######### Web 02 - Getting Used to BurpSuite
    00:54:32 Introduction
    00:55:52 Initial Setup
    01:07:57 Installing PortSwigger CA certificate
    01:12:12 Starting the web application
    01:13:02 Configuring the scope
    01:19:22 Proxy interception
    01:23:27 Repeater
    01:28:12 Decoder
    01:30:32 Comparer
    01:31:32 Analyzing cookie structure
    01:36:32 Intruder
    01:40:28 Sequencer
    01:41:32 Dashboard
    01:43:22 Extensions
    01:45:32 Conclusion
    ######### Web 03 - SQL Injection
    01:47:03 Introduction
    01:50:18 Databases and Structured Query Language (SQL)
    02:03:43 Simple queries
    02:09:33 Interpreters
    02:14:18 Injections
    02:17:45 Example 1 - PHP Snippet
    02:25:33 Example 2 - DVWA easy
    02:37:13 Example 3 - DVWA medium
    02:40:47 Example 4 - SecureBank
    ######### Web 04 - Directory Traversal
    02:48:08 Introduction
    02:49:53 Tomcat Setup
    02:57:48 Static Web Application
    03:02:08 Dynamic Web Application with JSP
    03:03:48 Fuzzing with wfuzz to discover parameter
    03:07:48 Analyzing the disclosed stacktrace
    03:10:53 A simple Directory Traversal
    03:16:03 A more complex Directory Traversal
    03:20:58 Directory Traversal in SecureBank
    03:26:58 Conclusion
    ######### Web 05 - File Inclusion
    03:28:03 Introduction
    03:29:55 Example 1 - LFI with JSP
    03:46:13 Example 2 - LFI with php
    03:57:53 Example 3 - RFI with php
    04:03:03 Example 4 - DVWA challenges
    04:12:53 Example 5 - Leak source code with php filters
    ######### Web 06 - File Upload Vulnerabilities
    04:17:49 Introduction
    04:19:29 Explanation of lab
    04:24:11 POST request to upload a file
    04:29:29 Reading php code
    04:37:49 Solving level 1
    04:43:41 Solving level 2
    04:47:14 Solving level 3
    04:56:31 PortSwigger Academy lab 1
    05:00:56 PortSwigger Academy lab 2
    05:02:33 PortSwigger Academy lab 3
    05:08:27 Conclusion
    ######### Web 07 - Command Injections
    05:09:31 Introduction
    05:10:46 Some Intuition on Command Injections
    05:16:36 DVWA level low
    05:32:06 DVWA level medium
    05:38:46 DVWA level high
    05:40:34 DVWA level impossible
    05:45:26 Port Swigger Lab 1
    05:49:26 Port Swigger Lab 2
    05:53:26 Port Swigger Lab 3
    05:59:06 Conclusion
    ######### Web 08 - Cross Site Scripting
    06:00:07 Introduction
    06:03:07 Client-side attacks
    06:06:42 Stored XSS - Intuition
    06:18:07 Stored XSS - Leaking session cookie
    06:25:47 Reflected XSS - Intuition
    06:30:27 Reflected XSS - Leaking session cookie
    06:33:37 DOM XSS
    06:41:32 Review so far
    06:43:12 Conclusion
    ######### Web 09 - Enumeration of Files and Directories
    06:45:54 Introduction
    06:48:54 Docker lab setup
    06:50:34 Intuition on Web Enumeration
    06:58:59 Using gobuster
    07:02:49 Scenario 1 - Directory Enumeration
    07:05:41 Scenario 2 - Files Enumeration
    07:09:54 Review so far
    07:12:37 Scenario 3 - Custom 404 page
    07:18:39 Conclusion
    ######### Web 10 - Enumeration of Virtual Hosts
    07:21:11 Introduction
    07:21:56 Docker lab setup
    07:24:44 Intuition on virtual hosts
    07:30:11 Host header in HTTP requests
    07:34:11 Enumeration of virtual hosts
    07:38:04 Using gobuster
    07:40:21 How to access virtual hosts
    07:46:41 Differences between Virtual Hosts and Domain Names
    07:49:11 Conclusion
    ######### Web 11 - Enumeration of Parameters
    07:51:16 Introduction
    07:53:06 Docker lab
    07:56:51 Wfuzz scenario 1 - discovery of parameter name
    08:12:26 Wfuzz scenario 2 - discovery of debug parameter
    08:15:21 Wfuzz scenario 3 - discovery of parameter value
    08:21:46 Insecure Direct Object Reference (IDOR)
    08:24:16 Wfuzz scenario 4 - sending requests to burpsuite
    08:26:31 Wfuzz scenario 4 - discovery of POST data
    08:28:00 Conclusion
    ######### Web 12 - Brute Force Attacks
    08:28:26 Introduction
    08:30:50 Scenario 1 - Brute Forcing SSH
    08:43:42 Scenario 2 - Brute Forcing FTP
    08:48:01 Scenario 3 - Brute Forcing HTTP Basic Auth
    08:50:56 Scenario 4 - Brute Forcing DVWA login
    08:57:26 Conclusion
    ######### Web 11 - DNS Zone Transfer Attacks
    08:58:16 Introduction
    09:01:26 Difference between VHOST and DNS
    09:06:11 What is a DNS zone transfer?
    09:07:51 DNS zone transfer in practice
    09:12:31 Final Overview
    09:14:16 Conclusion
    copied from description for ease of use!

    • @hexdump1337
      @hexdump1337  2 місяці тому +3

      Thank you so much, in the following days I will take the time to fix the timestamps so that they can be used directly within the player.
      Appreciate this!

  • @chamodmalshan4708
    @chamodmalshan4708 7 місяців тому +51

    Never stop doing these videos because i learn so much from you. Thank you

    • @hexdump1337
      @hexdump1337  7 місяців тому +10

      Oh no worries, this is just the start!

    • @musprodev
      @musprodev 2 місяці тому

      Fr

    • @HarshYadav-jv7nr
      @HarshYadav-jv7nr 2 місяці тому

      @@hexdump1337 great bro! killer video on youtube !

  • @nullbit69
    @nullbit69 16 годин тому

    Thank God i found this channel, it's pure gold.
    Thank you soo much ❤

  • @dgt.diaries
    @dgt.diaries 2 місяці тому +6

    Sir, im only 35minutes in and you officially are my first mentor... the way you explain things so simply to beginners is MAGICAL ... although i already knew some things before but you reintroduced them to me in a new amazing way.... please never stop teaching us ur ways we need people like you !!

    • @hexdump1337
      @hexdump1337  2 місяці тому +2

      Thank you, this means a lot to me!
      I will do my best to help you.

  • @SaidElnaffar
    @SaidElnaffar 7 місяців тому +11

    Quality video -- This will be my summer study plan!

  • @mongstyt9946
    @mongstyt9946 6 місяців тому +9

    The hero we needed

  • @Mary-le5db
    @Mary-le5db 2 місяці тому +10

    This is what I NEED, a real pentest on a test website.
    NOT those long 2hours live then they're just doing recon.

    • @hexdump1337
      @hexdump1337  2 місяці тому +4

      Thank u for letting me know!
      In the future will try to bring even more full WAPTs (that is web pentests) on vulnerable apps 👍🏻

    • @Kanny-b9v
      @Kanny-b9v 2 місяці тому

      You Also need the 33hours cyber sec courses too my friend they are good for more stability in cyber. Yeah this one is short and sweet

    • @Mary-le5db
      @Mary-le5db 2 місяці тому +1

      @@Kanny-b9v where to watch?

  • @romass1955
    @romass1955 7 місяців тому +5

    It's a gold mine! Amazing content as always.

  • @hakeem1340
    @hakeem1340 2 місяці тому +1

    The world is better place with people like you, thank you for sharing this informative course

  • @plashless3406
    @plashless3406 3 місяці тому +1

    Woh woh woh, wait a sec, this is so awesome. Thank you soo soo much.

  • @omoregiestephen2949
    @omoregiestephen2949 7 місяців тому +6

    A thousand and one likes man. I love the pace if your teaching. I'm a complete newbie, but your coverage of the concepts, has drawn me to study with this course.
    +1 Sub

  • @dummydummy-o7g
    @dummydummy-o7g 2 місяці тому

    GODDDD THANKYOU I WILL WATCH IT ALLL !

  • @shaca1856
    @shaca1856 2 місяці тому +1

    I haven't watched it but I subscribed and liked this vid. Hoping to watch this on my free time. Thank you for this stuff 😊

    • @hexdump1337
      @hexdump1337  2 місяці тому +1

      Thanks for the trust, I’m sure it’s gonna be useful, in case let me know your feedback!

  • @rana_g
    @rana_g 2 місяці тому +1

    loved it .. learned a lot ... thank you !

  • @golgappa3430
    @golgappa3430 2 місяці тому

    Terrific , amazing, hats off to your efforts 💢❤💥💫

  • @MrWeb4live
    @MrWeb4live 2 місяці тому

    I love the video so much. Thanks a lot for sharing

  • @accessgroup06
    @accessgroup06 4 місяці тому

    Great stuff mate. Cheers for some nice videos!

  • @twistedtruth.
    @twistedtruth. 25 днів тому

    im having a difficult time trying to access some of the web explotation tools
    but so far it's going fine thanks for asking

    • @hexdump1337
      @hexdump1337  25 днів тому

      You mean links to the material on github?

  • @drelaylo
    @drelaylo 2 місяці тому

    just getting started with this course. i will let keep you updated

    • @drelaylo
      @drelaylo 2 місяці тому

      what text editor do you use to take notes??

    • @hexdump1337
      @hexdump1337  2 місяці тому

      Emacs

  • @elguero933
    @elguero933 6 місяців тому

    Very good presentation my man! You are a superb teacher

  • @carlosrofts5230
    @carlosrofts5230 3 місяці тому

    This is great man, thanks a lot. You have a new follow now 💚

  • @StudiofrogPl
    @StudiofrogPl 7 місяців тому

    Rly nice content, you are very good teacher, very clear and concise explanations. I learn a lot. Thank You for your work.

  • @derletztetiger6860
    @derletztetiger6860 7 місяців тому

    Sick content brah! Keep it coming

  • @tylerfarrell8748
    @tylerfarrell8748 6 місяців тому

    Great video! Keep up the good work. Subscribed.

  • @JohnAlli-tn3vy
    @JohnAlli-tn3vy 7 місяців тому +1

    I always enjoy your content. They all amazing. I wish you could make a video on how to create a custom wordlist for directory and file brute-forcing.

    • @hexdump1337
      @hexdump1337  7 місяців тому

      I will take not of the idea and maybe make something in the future! Thanks for the suggestion.

  • @maalalahanin0876
    @maalalahanin0876 Місяць тому

    Great video man

  • @ajaxmaxxer
    @ajaxmaxxer 7 місяців тому

    Amazign content Pr Leonardo ! Thank you so much for what you do :)

  • @carlalexander3343
    @carlalexander3343 7 місяців тому

    Amazing stuff, many thanks, keep going, best regards

  • @sohrabch
    @sohrabch 20 днів тому

    thanks for great content man

  • @MRROBOT-fc5ny
    @MRROBOT-fc5ny 2 місяці тому

    3:29:57 Hi I am not able to find the php dir in your repo
    3:30:27 Also couldn't find app dir

    • @hexdump1337
      @hexdump1337  2 місяці тому

      Update repository, thanks for telling me!

  • @thariachanz9298
    @thariachanz9298 7 місяців тому

    Simply amazing ❤

  • @dub161
    @dub161 3 місяці тому

    Thanks this was really helpful.

  • @giftebenezer2040
    @giftebenezer2040 Місяць тому

    @hexdump do you have videos on webshells, convering samurai & mutillidae among other tools used for webshell detection, mitigation and prevention?

    • @hexdump1337
      @hexdump1337  Місяць тому +1

      not yet, however I will take your suggestions for future material, thank you very much for askin!

    • @giftebenezer2040
      @giftebenezer2040 Місяць тому

      @@hexdump1337 Much appreciated for your swift response. Would you refer me to someone who can help me prepare for a technical test in webshells?

  • @ashajyothimallya8202
    @ashajyothimallya8202 2 місяці тому

    great work..Thank you

  • @Mr.Legend_9
    @Mr.Legend_9 5 місяців тому +1

    Love your video

  • @Jayseeram03
    @Jayseeram03 3 місяці тому

    Bro this is gold 🥇🥇🥇🥇🥇🥇🥇🥇🥇

  • @Jamaal_Ahmed
    @Jamaal_Ahmed 14 днів тому

    Thanks bro ❤ .

  • @Some-z2p
    @Some-z2p 2 місяці тому

    what are the pre-requites for this video? I don't have knowledge in networking

    • @hexdump1337
      @hexdump1337  2 місяці тому

      For following this series it is required to have a basic understanding of network protocols.
      In the future content like that is planned, as of right now however I’m focusing on the windows privilege escalation series

  • @EsTeh_Manis2
    @EsTeh_Manis2 5 місяців тому

    thanks for education sir🙏

  • @djawadboutemine7522
    @djawadboutemine7522 2 місяці тому

    i can't find the repo of the securebank to clone and run localy , any help ?

    • @hexdump1337
      @hexdump1337  2 місяці тому

      Should be this one, there is a docker deployment
      github.com/ssrdio/SecureBank

    • @djawadboutemine7522
      @djawadboutemine7522 2 місяці тому

      The Goat​@@hexdump1337

  • @nonenone2760
    @nonenone2760 7 місяців тому

    Great great great 🔥🔥😍

  • @ayaswanthsaisimhareddy2791
    @ayaswanthsaisimhareddy2791 2 місяці тому

    I can't able see localhost in http history in burpsuite

    • @hexdump1337
      @hexdump1337  2 місяці тому

      its probably a configuration of your browser. Typically they dont proxy traffic from localhost. You can either disable it with the appropriate command line (I show this at the beginning of the web exploitation series where I talk about burpsuite), or you can configure a custom entry in your /etc/hosts that points to 127.0.0.1, like say “example 127.0.0.1”, so that when you go to example it will actually proxy the traffic

  • @sabuein
    @sabuein 3 місяці тому

    Thank you.

  • @nico3006
    @nico3006 Місяць тому

    bro 9 hours this is a goldmine

    • @hexdump1337
      @hexdump1337  Місяць тому

      I tried to fill all these hours with meaningful content, I hope you get something out of it!

  • @JohnAlli-tn3vy
    @JohnAlli-tn3vy 7 місяців тому

    Its just amazing

  • @angryadi8682
    @angryadi8682 18 днів тому

    how to download the tomcat directory you have

    • @hexdump1337
      @hexdump1337  17 днів тому

      From here archive.apache.org/dist/tomcat/

  • @EthioFkir
    @EthioFkir 6 місяців тому

    why this video have only 21K views.....very awesome lecture bro pls keep doing

    • @hexdump1337
      @hexdump1337  6 місяців тому

      Thanks!
      Hopefully more people will be able to learn from it!

  • @ahmed_bembo
    @ahmed_bembo 5 місяців тому

    Hi hexdump I really want to setup my tomcat like yours but I can't and files are different coz you are using tomcat version 8 and it's version 10 can you make video of how to setup version 10

    • @hexdump1337
      @hexdump1337  5 місяців тому

      Did you try "wget dlcdn.apache.org/tomcat/tomcat-10/v10.1.26/bin/apache-tomcat-10.1.26.tar.gz" ? The directory structure seems similar to me.

  • @x7dl8p
    @x7dl8p 7 місяців тому +1

    nice video, learned docker thanks to you !, suggest best free cyber security certification.

  • @matthewlawry5785
    @matthewlawry5785 3 місяці тому

    Hey Leo, awesome video!!
    What is your terminal setup? Is this like a terminal emulator extension of Emacs or something?

    • @hexdump1337
      @hexdump1337  3 місяці тому

      Yes, it is called vterm, it is a library which is integrated within an emacs lisp package!
      Thanks for the feedback

  • @alpeshrprajapati5159
    @alpeshrprajapati5159 7 місяців тому

    What app using to show this notes in terminal please answer

    • @hexdump1337
      @hexdump1337  7 місяців тому

      Emacs! I made a video about it already

  • @jackal_sniperr
    @jackal_sniperr 3 місяці тому +1

    sir is this course for complete beginners?
    is this an web exploitation same as web penetration testing ?

    • @hexdump1337
      @hexdump1337  3 місяці тому +2

      I would say it requires minimal knowledge of the web and the http protocol, but in terms of penetration testing concepts yea, complete beginners can follow

    • @jackal_sniperr
      @jackal_sniperr 3 місяці тому

      @@hexdump1337 thankyou so much ❤

  • @sang4005
    @sang4005 2 місяці тому

    Cool one

  • @praweewongsa
    @praweewongsa 2 місяці тому

    thumpsup! 😃

  • @ferasalfarsi897
    @ferasalfarsi897 7 місяців тому

    Thank you for the video
    I have a question, please
    Are these topics cover some certifications content?
    Like what you did with OSCP?!

    • @hexdump1337
      @hexdump1337  7 місяців тому +1

      sort of yeah, if u study well all these concepts, then you are ready for OSCP in terms of the web part. I specifically considered OSCP requirements while making this series.
      And for the rest, well, this plays as a very strong foundation, so if you study all the modules well, then you can learn the stuff that is not here much much easier because of a strong background.

  • @microcodes6887
    @microcodes6887 5 місяців тому +1

    started today

  • @yasincomps2056
    @yasincomps2056 3 місяці тому

    I need my certification please

  • @praneysingh1817
    @praneysingh1817 6 місяців тому

    when will u upload the notes on ur github?

    • @hexdump1337
      @hexdump1337  6 місяців тому

      The material is all online, you can find it at the following repo
      github.com/LeonardoE95/yt-en
      For each lecture theres a link to the material.
      I need to copy it over into the OSCP repository. But technically its already online, just on the yt-en repo.
      Btw, you have to check the materials of the individual videos of the series (those with Web Exploitation in the playlist, the full video right now has no material).

    • @praneysingh1817
      @praneysingh1817 6 місяців тому

      @@hexdump1337 thnx

  • @beddiafmohammed6011
    @beddiafmohammed6011 7 місяців тому

    what os are you using, and how you move between workspace ❤ love your videos 😊

    • @hexdump1337
      @hexdump1337  7 місяців тому

      Using Arch as Linux distro, with Emacs running as main editor and tiling window manager with exwm. This means that most windows you see are from Emacs.

  • @GilligansTravels
    @GilligansTravels 7 місяців тому

    cheers!

  • @JohnAlli-tn3vy
    @JohnAlli-tn3vy 7 місяців тому

    I wish you could do one on how to create custom wordlist

  • @КвадратныйГоблин
    @КвадратныйГоблин 2 місяці тому

    Is this beginner-friendly?

    • @hexdump1337
      @hexdump1337  2 місяці тому +1

      some basic knowledge of networking is required, but other than that I try to build intuition over all the various idea that go into web exploitation.
      I’m particularly interested in beginners feedback, so if you find something too complex just write in the comments and I will take a note, so maybe in the future I can explain things better
      Good luck!

    • @КвадратныйГоблин
      @КвадратныйГоблин 2 місяці тому

      @@hexdump1337 I'm good at intermediate CTF and network exploitation but I didn't go deep into the web application pentesting and trying to learn at least essentials and then practice.

  • @twistedtruth.
    @twistedtruth. 2 місяці тому

    Let's see how it goes i've just started the video

  • @martinlastname8548
    @martinlastname8548 7 місяців тому

    Gold

  • @mashoodaliali6552
    @mashoodaliali6552 7 місяців тому

    keep it up

  • @UgandanMeance
    @UgandanMeance 6 місяців тому

    Man i love your accent am trying to concentrate but the accent i love it 🤣🤣🤣🤣🤣🤣🤣🤣

    • @hexdump1337
      @hexdump1337  6 місяців тому +1

      Hope its not too distracting 👍🏻

    • @ДмитрийКузнецов-я4д
      @ДмитрийКузнецов-я4д 6 місяців тому

      ​@hexdump1337 as a non-native speaker your accent is perfect for me , you spell very clearly and with good pace , I understand every word that you are saying and enjoy this at the same time, thank you and keep going

  • @x7dl8p
    @x7dl8p 7 місяців тому +3

    well I am here just for your accent !

    • @hexdump1337
      @hexdump1337  7 місяців тому +1

      Can you tell I am italian? 😂

    • @x7dl8p
      @x7dl8p 7 місяців тому +1

      @@hexdump1337 🤣😂 yes, well I am Indian, and we are known for our bad accent, so I will learn some other accent and that would be the Italian accent, American accent is bull shit.

    • @umniways
      @umniways 7 місяців тому

      @@hexdump1337 yeah, it's obvious

    • @trungpham-gx2yg
      @trungpham-gx2yg 7 місяців тому

      @@hexdump1337 dont know why i feel the 2 accent kind of similar 😂

  • @SphereofTime
    @SphereofTime 7 місяців тому

    2:05:18

  • @Isidoosododockxkxkididid
    @Isidoosododockxkxkididid 7 місяців тому

    Parli inglese da dio! Ce l hai anche in ita il corso?

    • @hexdump1337
      @hexdump1337  7 місяців тому

      Here you can find it in italian: ua-cam.com/video/GOMR5bS3c2w/v-deo.html

  • @AdamCruz-o8k
    @AdamCruz-o8k 2 місяці тому

    Jeramie Inlet

  • @arupde6320
    @arupde6320 7 місяців тому

    be regular

  • @spdnova9012
    @spdnova9012 2 місяці тому

    porcoddio se si sente l’accento 😂

    • @spdnova9012
      @spdnova9012 2 місяці тому

      Ovviamente qualità assurda grande bro 🇮🇹🇮🇹🇮🇹🇮🇹

    • @hexdump1337
      @hexdump1337  2 місяці тому

      cant hide where you come from 🤣

  • @viresh222
    @viresh222 5 місяців тому

    Sir i am not abel to understand your voice please talk slowly

    • @hexdump1337
      @hexdump1337  5 місяців тому

      Where specifically, can you give me a timestamp?

    • @mcstza
      @mcstza 5 місяців тому +1

      bro decrease the playback speed...

    • @BhargavSushant
      @BhargavSushant 3 місяці тому +1

      Bhai pranayam Kara kar
      Isse slow bolega to janta so jaegi

  • @AdolfRizzler41
    @AdolfRizzler41 7 місяців тому

    Perfect video for advance dev