Pentration

Testing,
Beginners
To
Expert!

Note - Some of the links may get 404 in future. It would be helpful if you can provide the
replacement of those broken links in the issue section.
Content List:
Phase 1 – History
Phase 2 – Web and Server Technology
Phase 3 – Setting up the lab with BurpSuite and bWAPP
Phase 4 – Mapping the application and attack surface
Phase 5 – Understanding and exploiting OWASP top 10 vulnerabilities
Phase 6 – Session management testing
Phase 7 – Bypassing client-side controls
Phase 8 – Attacking authentication/login
Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories)
Phase 10 – Attacking Input validations (All injections, XSS and mics)
Phase 11 – Generating and testing error codes
Phase 12 – Weak cryptography testing
Phase 13 – Business logic vulnerability

Web Application Penetration Testing

Phase 1 – History
History of the Internet - [Link]

Phase 2 – Web and Server Technology

Basic concepts of web applications, how they work and the HTTP protocol -
[Link]

HTML basics part 1 - [Link]

HTML basics part 2 - [Link]

Difference between static and dynamic website -

[Link]

HTTP protocol Understanding - [Link]

Parts of HTTP Request -[Link]

Parts of HTTP Response - [Link]

Various HTTP Methods - [Link]

Understanding URLS - [Link]

Intro to REST - [Link]

HTTP Request & Response Headers - [Link]

What is a cookie - [Link]

HTTP Status codes - [Link]

HTTP Proxy - [Link]

Authentication with HTTP - [Link]

HTTP basic and digest authentication - [Link]

What is “Server-Side” - [Link]

Server and client side with example - [Link]

What is a session - [Link]

Introduction to UTF-8 and Unicode - [Link]

URL encoding - [Link]

HTML encoding - [Link]

Base64 encoding - [Link]

Hex encoding & ASCII - [Link]

Phase 3 – Setting up the lab with BurpSuite and bWAPP

Setup lab with bWAPP -

[Link]
U3_1YGzV

Set up Burp Suite -

[Link]
V&index=2

Configure Firefox and add certificate -

[Link]
U3_1YGzV
Mapping and scoping website -
[Link]
U3_1YGzV

Spidering -
[Link]
zV&index=5

Active and passive scanning -

[Link]
tU3_1YGzV

Scanner options and demo -

[Link]
3_1YGzV

Introduction to password security -

[Link]
zV&index=8

Intruder -
[Link]
zV&index=9

Intruder attack types -

[Link]
35tU3_1YGzV

Payload settings -
[Link]
U3_1YGzV

Intruder settings -
[Link]
GzV&index=12

OTHER SECURITY LAB

No.1 Penetration testing tool -
[Link]
egQA&index=1
Environment Setup -
[Link]
uSHEN7egQA

General concept -
[Link]
QA&index=3

Proxy module -
[Link]
7egQA&index=4

Repeater module -
[Link]
gQA&index=5

Target and spider module -

[Link]
egQA&index=6

Sequencer and scanner module -

[Link]
gQA&index=7

Phase 4 – Mapping the application and attack surface

Spidering -
[Link]
zV&index=5

Mapping application using [Link] - [Link]

Discover hidden contents using dirbuster - [Link]

Dirbuster in detail - [Link] 1

Discover hidden directories and files with intruder -

[Link]

Directory bruteforcing 1 - [Link]

Directory bruteforcing 2 - [Link]

Identify application entry points - [Link]

Identify application entry points -

[Link]

Identify client and server technology - [Link]

Identify server technology using banner grabbing (telnet) -

[Link]

Identify server technology using httprecon - [Link]

Pentesting with Google dorks Introduction - [Link]

Fingerprinting web server -

[Link]
qp&index=10

Use Nmap for fingerprinting web server - [Link]

Review webs servers metafiles for information leakage -

[Link]

Enumerate applications on web server - [Link]

Identify application entry points -

[Link]
WwlM

Map execution path through application - [Link]

Fingerprint web application frameworks - [Link]

Phase 5 – Understanding and exploiting OWASP top 10 vulnerabilities

A closer look at all owasp top 10 vulnerabilities -
[Link]

IBM
Injection -
[Link]
PpawuQ28d

Broken authentication and session management -

[Link]
PpawuQ28d

Cross-site scripting -
[Link]
pawuQ28d

Insecure direct object reference -

[Link]
d&index=4

Security misconfiguration -
[Link]
&index=5

Sensitive data exposure -

[Link]
pawuQ28d

Missing functional level access controls -

[Link]
28d&index=7

Cross-site request forgery -

[Link]
28d&index=8

Using components with known vulnerabilities -

[Link]
pawuQ28d

Unvalidated redirects and forwards -

[Link]
PpawuQ28d

F5 CENTRAL
Injection -
[Link]
DrKwP9H_jD

Broken authentication and session management -

[Link]
yDrKwP9H_jD

Insecure deserialisation -
[Link]
DrKwP9H_jD

Sensitive data exposure -

[Link]
DrKwP9H_jD

Broken access control -

[Link]
_jD&index=5

Insufficient logging and monitoring -

[Link]
yDrKwP9H_jD

XML external entities -

[Link]
_jD&index=4

Using components with known vulnerabilities -

[Link]
yDrKwP9H_jD

Cross-site scripting -
[Link]
rKwP9H_jD

Security misconfiguration -
[Link]
yDrKwP9H_jD

LUKE BRINER
Injection explained -
[Link]
5lgaDqKa0X

Broken authentication and session management -

[Link]
0X&index=2

Cross-site scripting -
[Link]
lgaDqKa0X

Insecure direct object reference -

[Link]
X&index=4

Security misconfiguration -
[Link]
lgaDqKa0X

Sensitive data exposure -

[Link]
0X&index=6

Missing functional level access control -

[Link]
0X&index=7

Cross-site request forgery -

[Link]
a0X&index=8

Components with known vulnerabilities -

[Link]
0X&index=9

Unvalidated redirects and forwards -

[Link]
X&index=10

Phase 6 – Session management testing

Bypass authentication using cookie manipulation -
[Link]

Cookie Security Via httponly and secure Flag - OWASP -

[Link]

Penetration testing Cookies basic - [Link]

Session fixation 1 - [Link]

Session fixation 2 - [Link]

Session fixation 3 - [Link]

Session fixation 4 - [Link]

CSRF - Cross site request forgery 1 - [Link]

CSRF - Cross site request forgery 2 - [Link]

CSRF - Cross site request forgery 3 - [Link]

CSRF - Cross site request forgery 4 - [Link]

CSRF - Cross site request forgery 5 - [Link]

Session puzzling 1 - [Link]

Admin bypass using session hijacking - [Link]

Phase 7 – Bypassing client-side controls

What is hidden forms in HTML - [Link]

Bypassing hidden form fields using tamper data -

[Link]

Bypassing hidden form fields using Burp Suite (Purchase application) -

[Link]

Changing price on eCommerce website using parameter tampering -

[Link]
Understanding cookie in detail -
[Link]
K93Wi&index=18

Cookie tampering with tamper data- [Link]

Cookie tamper part 2 - [Link]

Understanding referer header in depth using Cisco product -

[Link]

Introduction to [Link] viewstate - [Link]

[Link] viewstate in depth - [Link]

Analyse sensitive data in [Link] viewstate -

[Link]

Cross-origin-resource-sharing explanation with example -

[Link]

CORS demo 1 - [Link]

CORS demo 2 - [Link]

Security headers - [Link]

Security headers 2 - [Link]

Phase 8 – Attacking authentication/login

Attacking login panel with bad password - Guess username password for the website
and try different combinations

Brute-force login panel - [Link]

Username enumeration - [Link]

Username enumeration with bruteforce password attack -

[Link]
Authentication over insecure HTTP protocol - [Link]

Authentication over insecure HTTP protocol - [Link]

Forgot password vulnerability - case 1 - [Link]

Forgot password vulnerability - case 2 - [Link]

Login page autocomplete feature enabled -

[Link]

Testing for weak password policy -

[Link]

Insecure distribution of credentials - When you register in any website or you request for a
password reset using forgot password feature, if the website sends your username and
password over the email in cleartext without sending the password reset link, then it is a
vulnerability.

Test for credentials transportation using SSL/TLS certificate -

[Link]

Basics of MySQL - [Link]

Testing browser cache - [Link]

Bypassing login panel -case 1 - [Link]

Bypass login panel - case 2 - [Link]

Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories)
Completely unprotected functionalities
Finding admin panel - [Link]

Finding admin panel and hidden files and directories -

[Link]

Finding hidden webpages with dirbusater -

[Link]
Insecure direct object reference
IDOR case 1 - [Link]

IDOR case 2 - [Link]

IDOR case 3 (zomato) - [Link]

Privilege escalation
What is privilege escalation - [Link]

Privilege escalation - Hackme bank - case 1 - [Link]

Privilege escalation - case 2 - [Link]

Phase 10 – Attacking Input validations (All injections, XSS and mics)

HTTP verb tampering
Introduction HTTP verb tampering - [Link]

HTTP verb tampering demo - [Link]

HTTP parameter pollution

Introduction HTTP parameter pollution - [Link]

HTTP parameter pollution demo 1 - [Link]

HTTP parameter pollution demo 2 - [Link]

HTTP parameter pollution demo 3 - [Link]

XSS - Cross site scripting

Introduction to XSS - [Link]

What is XSS - [Link]

Reflected XSS demo - [Link]

XSS attack method using burpsuite - [Link]

XSS filter bypass with Xenotix - [Link]

Reflected XSS filter bypass 1 - [Link]

Reflected XSS filter bypass 2 - [Link]

Reflected XSS filter bypass 3 - [Link]

Reflected XSS filter bypass 4 - [Link]

Reflected XSS filter bypass 5 - [Link]

Reflected XSS filter bypass 6 - [Link]

Reflected XSS filter bypass 7 - [Link]

Reflected XSS filter bypass 8 - [Link]

Reflected XSS filter bypass 9 - [Link]

Introduction to Stored XSS - [Link]

Stored XSS 1 - [Link]

Stored XSS 2 - [Link]

Stored XSS 3 - [Link]

Stored XSS 4 - [Link]

Stored XSS 5 - [Link]

SQL injection
Part 1 - Install SQLi lab -
[Link]
avvOAdogsro
Part 2 - SQL lab series -
[Link]
KavvOAdogsro

Part 3 - SQL lab series -

[Link]
ogsro&index=21

Part 4 - SQL lab series -

[Link]
MKavvOAdogsro

Part 5 - SQL lab series -

[Link]
avvOAdogsro

Part 6 - Double query injection -

[Link]
avvOAdogsro

Part 7 - Double query injection cont… -

[Link]
avvOAdogsro

Part 8 - Blind injection boolean based -

[Link]
KavvOAdogsro

Part 9 - Blind injection time based -

[Link]
KavvOAdogsro

Part 10 - Dumping DB using outfile -

[Link]
MKavvOAdogsro

Part 11 - Post parameter injection error based -

[Link]
sro&index=13

Part 12 - POST parameter injection double query based -

[Link]
KavvOAdogsro
Part 13 - POST parameter injection blind boolean and time based -
[Link]
sro&index=10

Part 14 - Post parameter injection in UPDATE query -

[Link]
gsro&index=11

Part 15 - Injection in insert query -

[Link]
gsro&index=9

Part 16 - Cookie based injection -

[Link]
sro&index=8

Part 17 - Second order injection

-[Link]
gsro&index=7

Part 18 - Bypassing blacklist filters - 1 -

[Link]
avvOAdogsro

Part 19 - Bypassing blacklist filters - 2 -

[Link]
sro&index=5

Part 20 - Bypassing blacklist filters - 3 -

[Link]
vvOAdogsro

Part 21 - Bypassing WAF -

[Link]
ogsro&index=2

Part 22 - Bypassing WAF - Impedance mismatch -

[Link]
gsro&index=3

Part 23 - Bypassing addslashes - charset mismatch -

[Link]
o&index=1
NoSQL injection
Introduction to NoSQL injection - [Link]

Introduction to SQL vs NoSQL - Difference between MySQL and MongoDB with tutorial -
[Link]

Abusing NoSQL databases - [Link]

Making cry - attacking NoSQL for pentesters - [Link]

Xpath and XML injection

Introduction to Xpath injection - [Link]

Introduction to XML injection - [Link]

Practical 1 - bWAPP - [Link]

Practical 2 - Mutillidae - [Link]

Practical 3 - webgoat - [Link]

Hack admin panel using Xpath injection - [Link]

XXE demo - [Link]

XXE demo 2 - [Link]

XXE demo 3 - [Link]

LDAP injection
Introduction and practical 1 - [Link]

Practical 2 - [Link]
OS command injection
OS command injection in bWAPP - [Link]

bWAAP- OS command injection with Commiux (All levels) -

[Link]

Local file inclusion

Detailed introduction - [Link]

LFI demo 1 - [Link]

LFI demo 2 - [Link]

Remote file inclusion

Detailed introduction - [Link]

RFI demo 1 - [Link]

RFI introduction and demo 2 - [Link]

HTTP splitting/smuggling
Detailed introduction - [Link]

Demo 1 - [Link]

Phase 11 – Generating and testing error codes

Generating normal error codes by visiting files that may not exist on the server - for example
visit [Link] or [Link] file on any website and it may redirect you to [Link] or
[Link] or their customer error page. Check if an error page is generated by default web
server or application framework or a custom page is displayed which does not [Link] any
sensitive information. Use BurpSuite fuzzing techniques to generate stack trace error codes -

[Link]

Phase 12 – Weak cryptography testing

SSL/TLS weak configuration explained - [Link]

Testing weak SSL/TLS ciphers - [Link]

Test SSL/TLS security with Qualys guard - [Link]

Sensitive information sent via unencrypted channels -

[Link]

Phase 13 – Business logic vulnerability

What is a business logic flaw -
[Link]

The Difficulties Finding Business Logic Vulnerabilities with Traditional Security Tools -
[Link]
FI&index=2

How To Identify Business Logic Flaws -

[Link]
I&index=3

Business Logic Flaws: Attacker Mindset -

[Link]
FI&index=4

Business Logic Flaws: Dos Attack On Resource -

[Link]
LIFI&index=5

Business Logic Flaws: Abuse Cases: Information Disclosure -

[Link]
LIFI&index=6
Business Logic Flaws: Abuse Cases: iPod Repairman Dupes Apple -
[Link]
FI&index=7

Business Logic Flaws: Abuse Cases: Online Auction -

[Link]
I&index=8

Business Logic Flaws: How To Navigate Code Using ShiftLeft Ocular -

[Link]
I&index=9

Business Logic Security Checks: Data Privacy Compliance -

[Link]
&index=10

Business Logic Security Checks: Encryption Compliance -

[Link]
&index=11

Business Logic Security: Enforcement Checks -

[Link]
FI&index=12

Business Logic Exploits: SQL Injection -

[Link]
&index=13

Business Logic Exploits: Security Misconfiguration -

[Link]
FI&index=15

Business Logic Exploits: Data Leakage -

[Link]
I&index=16

Demo 1 - [Link]

Demo 2 - [Link]

Demo 3 - [Link]

Demo 4 - [Link]
Demo 5 - [Link]

Demo 6 - [Link]

ENJOY & HAPPY LEARNING! ♥

Follow :

[Link]

[Link]