Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories)
Completely unprotected functionalities
142. Finding admin panel - https://www.youtube.com/watch?v=r1k2lgvK3s0
143. Finding admin panel and hidden files and directories - https://www.youtube.com/watch?v=Z0VAPbATy1A
144. Finding hidden webpages with dirbusater - https://www.youtube.com/watch?v=--nu9Jq07gA&t=5s
Insecure direct object reference
145. IDOR case 1 - https://www.youtube.com/watch?v=gci4R9Vkulc
146. IDOR case 2 - https://www.youtube.com/watch?v=4DTULwuLFS0
147. IDOR case 3 (zomato) - https://www.youtube.com/watch?v=tCJBLG5Mayo
Privilege escalation
148. What is privilege escalation - https://www.youtube.com/watch?v=80RzLSrczmc
149. Privilege escalation - Hackme bank - case 1 - https://www.youtube.com/watch?v=g3lv__87cWM
150. Privilege escalation - case 2 - https://www.youtube.com/watch?v=-i4O_hjc87Y
Phase 10 – Attacking Input validations (All injections, XSS and mics)
HTTP verb tampering
151. Introduction HTTP verb tampering - https://www.youtube.com/watch?v=Wl0PrIeAnhs
152. HTTP verb tampering demo - https://www.youtube.com/watch?v=bZlkuiUkQzE
HTTP parameter pollution
153. Introduction HTTP parameter pollution - https://www.youtube.com/watch?v=Tosp-JyWVS4
154. HTTP parameter pollution demo 1 - https://www.youtube.com/watch?v=QVZBl8yxVX0&t=11s
155. HTTP parameter pollution demo 2 - https://www.youtube.com/watch?v=YRjxdw5BAM0
156. HTTP parameter pollution demo 3 - https://www.youtube.com/watch?v=kIVefiDrWUw
XSS - Cross site scripting
157. Introduction to XSS - https://www.youtube.com/watch?v=gkMl1suyj3M
158. What is XSS - https://www.youtube.com/watch?v=cbmBDiR6WaY
159. Reflected XSS demo - https://www.youtube.com/watch?v=r79ozjCL7DA
160. XSS attack method using burpsuite - https://www.youtube.com/watch?v=OLKBZNw3OjQ
161. XSS filter bypass with Xenotix - https://www.youtube.com/watch?v=loZSdedJnqc
162. Reflected XSS filter bypass 1 - https://www.youtube.com/watch?v=m5rlLgGrOVA
163. Reflected XSS filter bypass 2 - https://www.youtube.com/watch?v=LDiXveqQ0gg
164. Reflected XSS filter bypass 3 - https://www.youtube.com/watch?v=hb_qENFUdOk
165. Reflected XSS filter bypass 4 - https://www.youtube.com/watch?v=Fg1qqkedGUk
166. Reflected XSS filter bypass 5 - https://www.youtube.com/watch?v=NImym71f3Bc
167. Reflected XSS filter bypass 6 - https://www.youtube.com/watch?v=9eGzAym2a5Q
168. Reflected XSS filter bypass 7 - https://www.youtube.com/watch?v=ObfEI84_MtM
169. Reflected XSS filter bypass 8 - https://www.youtube.com/watch?v=2c9xMe3VZ9Q
170. Reflected XSS filter bypass 9 - https://www.youtube.com/watch?v=-48zknvo7LM
171. Introduction to Stored XSS - https://www.youtube.com/watch?v=SHmQ3sQFeLE
172. Stored XSS 1 - https://www.youtube.com/watch?v=oHIl_pCahsQ
173. Stored XSS 2 - https://www.youtube.com/watch?v=dBTuWzX8hd0
174. Stored XSS 3 - https://www.youtube.com/watch?v=PFG0lkMeYDc
175. Stored XSS 4 - https://www.youtube.com/watch?v=YPUBFklUWLc
176. Stored XSS 5 - https://www.youtube.com/watch?v=x9Zx44EV-Og
SQL injection
177. Part 1 - Install SQLi lab - https://www.youtube.com/watch?v=NJ9AA1_t1Ic&index=23&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
178. Part 2 - SQL lab series - https://www.youtube.com/watch?v=TA2h_kUqfhU&index=22&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
179. Part 3 - SQL lab series - https://www.youtube.com/watch?v=N0zAChmZIZU&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=21
180. Part 4 - SQL lab series - https://www.youtube.com/watch?v=6pVxm5mWBVU&index=20&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
181. Part 5 - SQL lab series - https://www.youtube.com/watch?v=0tyerVP9R98&index=19&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
182. Part 6 - Double query injection - https://www.youtube.com/watch?v=zaRlcPbfX4M&index=18&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
183. Part 7 - Double query injection cont.. - https://www.youtube.com/watch?v=9utdAPxmvaI&index=17&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
184. Part 8 - Blind injection boolean based - https://www.youtube.com/watch?v=u7Z7AIR6cMI&index=16&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
185. Part 9 - Blind injection time based - https://www.youtube.com/watch?v=gzU1YBu_838&index=15&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
186. Part 10 - Dumping DB using outfile - https://www.youtube.com/watch?v=ADW844OA6io&index=14&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
187. Part 11 - Post parameter injection error based -
https://www.youtube.com/watch?v=6sQ23tqiTXY&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=13
188. Part 12 - POST parameter injection double query based -
https://www.youtube.com/watch?v=tjFXWQY4LuA&index=12&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
189. Part 13 - POST parameter injection blind boolean and time based -
https://www.youtube.com/watch?v=411G-4nH5jE&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=10
190. Part 14 - Post parameter injection in UPDATE query -
https://www.youtube.com/watch?v=2FgLcPuU7Vw&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=11
191. Part 15 - Injection in insert query - https://www.youtube.com/watch?v=ZJiPsWxXYZs&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=9
192. Part 16 - Cookie based injection - https://www.youtube.com/watch?v=-A3vVqfP8pA&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=8
193. Part 17 - Second order injection -https://www.youtube.com/watch?v=e9pbC5BxiAE&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=7
194. Part 18 - Bypassing blacklist filters - 1 - https://www.youtube.com/watch?v=5P-knuYoDdw&index=6&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
195. Part 19 - Bypassing blacklist filters - 2 - https://www.youtube.com/watch?v=45BjuQFt55Y&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=5
196. Part 20 - Bypassing blacklist filters - 3 - https://www.youtube.com/watch?v=c-Pjb_zLpH0&index=4&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro
197. Part 21 - Bypassing WAF - https://www.youtube.com/watch?v=uRDuCXFpHXc&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=2
198. Part 22 - Bypassing WAF - Impedance mismatch -
https://www.youtube.com/watch?v=ygVUebdv_Ws&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=3
199. Part 23 - Bypassing addslashes - charset mismatch -
https://www.youtube.com/watch?v=du-jkS6-sbo&list=PLkiAz1NPnw8qEgzS7cgVMKavvOAdogsro&index=1
NoSQL injection
200. Introduction to NoSQL injection - https://www.youtube.com/watch?v=h0h37-Dwd_A
201. Introduction to SQL vs NoSQL - Difference between MySQL and MongoDB with tutorial - https://www.youtube.com/watch?v=QwevGzVu_zk
202. Abusing NoSQL databases - https://www.youtube.com/watch?v=lcO1BTNh8r8
203. Making cry - attacking NoSQL for pentesters - https://www.youtube.com/watch?v=NgsesuLpyOg
Xpath and XML injection
204. Introduction to Xpath injection - https://www.youtube.com/watch?v=2_UyM6Ea0Yk&t=3102s
205. Introduction to XML injection - https://www.youtube.com/watch?v=9ZokuRHo-eY
206. Practical 1 - bWAPP - https://www.youtube.com/watch?v=6tV8EuaHI9M
207. Practical 2 - Mutillidae - https://www.youtube.com/watch?v=fV0qsqcScI4
208. Practical 3 - webgoat - https://www.youtube.com/watch?v=5ZDSPVp1TpM
209. Hack admin panel using Xpath injection - https://www.youtube.com/watch?v=vvlyYlXuVxI
210. XXE demo - https://www.youtube.com/watch?v=3B8QhyrEXlU
211. XXE demo 2 - https://www.youtube.com/watch?v=UQjxvEwyUUw
212. XXE demo 3 - https://www.youtube.com/watch?v=JI0daBHq6fA
LDAP injection
213. Introduction and practical 1 - https://www.youtube.com/watch?v=-TXFlg7S9ks
214. Practical 2 - https://www.youtube.com/watch?v=wtahzm_R8e4
OS command injection
215. OS command injection in bWAPP - https://www.youtube.com/watch?v=qLIkGJrMY9k
216. bWAAP- OS command injection with Commiux (All levels) - https://www.youtube.com/watch?v=5-1QLbVa8YE
Local file inclusion
217. Detailed introduction - https://www.youtube.com/watch?v=kcojXEwolIs
218. LFI demo 1 - https://www.youtube.com/watch?v=54hSHpVoz7A
219. LFI demo 2 - https://www.youtube.com/watch?v=qPq9hIVtitI
Remote file inclusion
220. Detailed introduction - https://www.youtube.com/watch?v=MZjORTEwpaw
221. RFI demo 1 - https://www.youtube.com/watch?v=gWt9A6eOkq0
222. RFI introduction and demo 2 - https://www.youtube.com/watch?v=htTEfokaKsM
HTTP splitting/smuggling
223. Detailed introduction - https://www.youtube.com/watch?v=bVaZWHrfiPw
224. Demo 1 - https://www.youtube.com/watch?v=mOf4H1aLiiE