Hacking Monks: Web Hacking

Metasploit Tutorals

Home
Tutorials
Tech
Metasploit Tutorials
Kali Linux Tutorials
Cross Site Scripting (XSS)
Burp Suite
Web Hacking
Python Tutorials
NMAP Complete tutorial

Web Hacking

Web Penetration testing is a very broad subject. I have made some tutorials which can help you to study this awesome subject.

Local File Inclusion (LFI) Tutorial - 1 (Basics with intro)

Cross Site Scripting (XSS)-8 (DOM based-Tutorial)

The Basic's of XXE - XML External Entity attack.

A Noob's Guide to Web Cache Deception.

Remote Code Execution - 1 (RCE - intro)

Facebook Bug Bounty Guide | API testing

Facebook bug | Page Admins disclosed

Make WORDLISTS to HACK (Kali Linux - Crunch)

Watch Live Cyber War (Hackers playground)

Hack Passwords with PENDRIVE (steal browser passwords) - EVIL USB

Hack everything with Shodan (hackers google)

Hack Password by BRUTEFORCE Kali Linux (Burp) on DVWA

Instagram Content Injection (Text) bug POC

Portforward Router Done,Explained in JIOFI

Remote Code Execution RCE (Kali Linux DVWA)

SEARCHSPLOIT - Kali Linux Offline Exploit DB

HTTP Header Injection (Mannual and Burpsuite)

URL manipulation explained (tutorial)

Facebook bug POC | Who left the Group -_-

Remote Code Injection on DVWA medium

Information gathering using TheHarvester in Kali Linux

Broken Authentication (insecure login, logout management, admin portal bypass)

Open Redirection Vulnerability

Facebook Bug POC - Privilege Escalation | emptiness

PAYTMPromoCode BUG POC

Metasploit Tutorial - 3 (hacking FTP login)

Some google dorks for you

AMAZON Password Reset Bug POC

Google G+1 ClickJacking BUG

Power Fuzzer Website scanning tool in Kali Linux

Uniscan Vulnerability scanner in Kali Linux - Tutorial

NMAP Tutorial - 2 (Agressive scanning-intense)

Facebook trolling Hackers (Funny Header)

Facebook Mail Bombing (rejected POC)

HackerOne bug (Session Management)

NMAP Tutorial-3 (different scans and speed scanning)

NMAP Tutorial - 4 (Verbos scan and Saving scan results in file)

DOS attack using Slowloris in Kali Linux

Find vulnerability of ANDROID apps like FB (easy with steps)

Buffer Overflow with Tutorial

Nikto Vulnerability Scanner (explained with tutorial)

Metasploit Tutorial-10 (drupal site exploitation)

SQL injection (website pen test with sql map-step by step)

Recon-ng tutorial- 1 XSS Vulnerability (the first step for pen tester)

Subdomain Takeover

How to find Subdomains (Tutorial)

WhatsApp Translate Account Takeover BUG POC (slow rate limit)

Shell Upload on Websites(backdoor PHP)

YoutubeUnauthorized Adword Linking BUG POC

Burpsuite - 1 (SQL injection,intercepting)

OSI model explained

Google Blogger ClickJacking Comments bug

Manual SQL injection (step by step)

Create Unlimited Instagram Accounts (unvalidated verification)

Cross Site Scripting (XSS)-1 (basics,ReflectedXSS)

Upload WebShell (bypass filters and intercepting)

Cross Site Scripting-2 (stored, redirected XSS)

Cross Site Scripting (XSS)-3 (XSS stored IFRAME and COOKIE Exploit)

Session Hijacking (MITM for cookies-side jacking)

Cross Site Scripting XSS-4 (hack username and password)

Metasploit Tutorial -11 (e-mail extraction)

Shell Upload with Metasploit(DVWA high security)

Cross Site Scripting (XSS)-5 (medium secured DVWA)

Hacking random home routers (Angry IP scanner)

Web Spidering (Manual and Automated with Burp Suite)

Burp Suite complete Version (Windows installation)

WAF detection (WAFW00F in Kali Linux)

Cross Site Scripting (XSS) - 7 (via image upload)

Website Vulnerability Scanning Burp Suite in Kali Linux

Find Admin Panel Finder (Kali Linux Python script)

Find XSS and Bug Bounty Hunting

XSS bug in Etherscan (HOF plus Ethereum)

Encoding and Decoding (Burp Suite Decoder)

Predict Session ID (Burp sequencer)

Click Jacking (step by step explained)

BurpSuite HTTPS proxy setting (Install CA certificates)

Broken Authentication and Session Management tutrial

Hackbar and Bypassing XSS filters

Expect Header XSS

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

7 comments:

Olu Agbaje20 July 2017 at 20:13
please, how can i view list of files hidden in a https server? i guess it was hidden with aspnethidden tag or is there a way to get all file list with _dopostback
ReplyDelete
Replies
Hue Dam12 July 2018 at 01:57
:)
ReplyDelete
Replies
Sneha Reddy8 August 2018 at 21:27
Thanks For Sharing this Information..

Best Software Training Institute in Chennai

Best Online Training Institute in Chennai
ReplyDelete
Replies
mona martin27 November 2018 at 12:01
Many homework on the continual hunt along with offstage on the road to winning. Definitely not attached, simple to-fall as a result of wayside; And not investigation, afterward into a path travel toward the black. lesmeilleursvpn
ReplyDelete
Replies
jessicasteve29 November 2018 at 17:47
A debt of gratitude is in order for the significant data and experiences you have so given here... diebestenvpn.ch
ReplyDelete
Replies
jessicasteve25 December 2018 at 13:34
I am hoping the same best effort from you in the future as well. In fact your creative writing skills has inspired me. vpn veteran
ReplyDelete
Replies
Michael Smith11 March 2019 at 10:59
Interesting post. I Have Been wondering about this issue. so thanks for posting. Pretty cool post.It 's really very nice and Useful post.Thanks lemigliorivpn.com
ReplyDelete
Replies

Subscribe to: Posts (Atom)

Subscribe me

Search for tutorials here

Contributors

Ashish Rohra
Sai

My Links

Youtube Channel
Facebook Page
Facebook Group

Recent Posts

July 2019 (1)
June 2019 (1)
May 2019 (1)
March 2019 (3)
February 2019 (1)
January 2019 (6)
December 2018 (2)
September 2018 (1)
August 2018 (1)
May 2018 (1)
February 2018 (1)
January 2018 (1)
December 2017 (1)
October 2017 (2)
September 2017 (4)
August 2017 (1)
July 2017 (11)
May 2017 (1)
April 2017 (2)
March 2017 (29)
February 2017 (40)
January 2017 (46)
December 2016 (37)
November 2016 (11)
October 2016 (19)
September 2016 (19)
August 2016 (7)
July 2016 (4)

Featured post

Live Q&A (Bug Bounties And Ask Me)

Hey guys!

Total Pageviews

Hacking Monks. Awesome Inc. theme. Powered by Blogger.