4.8 out of 5
4.8
2359 reviews on Udemy

Network Hacking Continued – Intermediate to Advanced

Learn advanced techniques to hack into WiFi & wired networks & write own python scripts to implement custom MITM attacks
Instructor:
Zaid Sabih
35,873 students enrolled
English [Auto] More
80+ detailed videos on ADVANCED network hacking
2 methods to hack WPA2 enterprise networks
3 methods to hack captive portals (hotels & airport networks)
Steal WPA/WPA2 password using evil twin attack.
Crack WPA/WPA2 faster using GPU.
Write custom scripts to implement your attack ideas.
Bypass router-side security & run ARP spoofing attack without raising alarms.
Unlock WPS on some routers even if its locked
Disconnect multiple or all clients from their networks without knowing the key
Bypass MAC filtering (both black & white lists).
Discover & connect to hidden networks
Crack more secure WEP implementation when SKA is used.
Exploit WPS on more secure routers to get the WPA/WPA2 key.
Understand how WPA/WPA2 enterprise work.
Understand how a fake access points work
Manually create fake access points
Generate SSL certificates & use it to support HTTPS on apache2.
Create a fake captive portal that acts exactly like a normal captive portal.
Use huge wordlists to crack WPA/WPA2 without taking up disk space.
Save WPA / WPA2 cracking progress.
Bypass HTTPS & capture data manually.
Analyse data flows and build own attacks.
Run attacks against HTTPS websites.
Inject Javascript / HTML code in HTTPS pages.
Create trojans - combine any file (image/pdf) with an evil file.
Replace files downloaded on the network with trojans.
Write script to replace downloads with trojans on the fly.

Welcome to this advanced network hacking course, this course is designed to build up on what you already know about network hacking, therefore I recommend finishing the network hacking section of my general ethical hacking course or finishing my network hacking course before starting this one.

Just like all of my other courses, this course is highly practical, but it will not neglect the theory, since this is an advanced course we will be breaking each attack into its smaller components and understand how each of these components work, therefore by the end of the course you will be able to mix these attacks and adopt them to suit different situations and different scenarios, you will also be able to write your own man in the middle scripts to implement your own attacks.

Because this course builds on what you learn in the courses mentioned above, the main sections here have similar titles to the main sections in these courses, but the topics covered here are more advanced.

This course is divided into three main sections:

  1. Pre-Connection Attacks – in this section you will learn how to extend the pre-connection attacks you already know, for example you will learn how to run these attacks against networks and clients that use 5Ghz and extend the deauthentication attack to target multiple clients and multiple networks at the same time.

  2. Gaining Access – In this section you will learn a number of advanced techniques to gain access to various network configurations and various network encryptions. First you will learn how to overcome some security features that would prevent you from even trying any attacks, you will learn how to discover and target hidden networks and bypass mac filtering whether it is implemented using a black-list or a white-list. As you go through all of the lectures in this section, you will learn how to manually configure and create a fake access point, you will understand exactly how it works and the services it relies on, therefore by the end of this section you will be able to create custom fake access points to suit your needs, so you will be able to create fake captive portals, steal WPA/WPA2 passwords or use it to spy on clients that connect to it. This section is divided into a number of subsections each covering a specific topic:

    1. Captive Portals – captive portals are open networks that require users to login after connecting to it, they are usually used in hotels and airports. In this subsection you will learn three methods to hack captive portals.

    2. WEP Cracking – Even though this is an old and weak encryption, this is still used in some networks and you can not call yourself a hacker if you can not crack it, by now you should know how to rack WEP if OPEN authentication is used, in this section you will learn how to gain access to WEP networks that use Shared Key Authentication (SKA) as all of the methods that you learned so far will NOT work against SKA.

    3. WPA & WPA2 cracking – In this section you will learn more advanced techniques to gain access to WPA & WPA2 networks, this section is divided into even smaller subsections:

      1. Exploiting WPS – in this subsection you will learn how to debug reaver’s output and exploit the WPS feature on more routers using reaver’s advanced options, you will also learn how to unlock some routers if they lock after a number of failed attempts.

      2. Advanced Wordlist Attacks – in this subsection you will learn how to run more advanced wordlist attacks, this will increase your chances of cracking the key; you will learn how to use huge wordlists without wasting storage, save the cracking progress so that you can pause and resume and crack the key much faster using the GPU instead of the CPU.

      3. Evil Twin Attack – Finally if none of the above methods work, the last resort is to use social engineering to get the key, in this subsection you will learn how to get the password for a target WPA/WPA2 network using social engineering, without guessing and without using a wordlist.

    4. WPA & WPA2 Enterprise – These networks are usually used in companies and colleges, these are secure networks that use WPA or WPA2 but also require users to login with a username and password after connecting, in this subsection you will understand how they work and how to hack them.

  3. Post-Connection Attacks – In this section you will learn a number of advanced attacks that you can run after connecting to a network, all of the attacks in this subsection work against WiFi and ethernet networks, you will learn how to manually bypass HTTPS and capture sensitive data, you will be able to use this method regardless of how you became the man in the middle so you will be able to use it with any scenario or situation when interesting data is flowing through your computer, you will also learn how to inject javascript/HTML in HTTPS websitesbypass router-side security and run ARP poisoning attacks without raising any alarms. You will also learn how to manually analyse data flows and build your own MITM attack ideas, not only that but I will also teach you how to write your own scripts to execute your own MITM attacks. By the end of this section you will learn the right methodology of building your own attack, you’ll learn how to analyse network flows, run a simple test, translate that into a working script that implements your attack, and finally test that script against a remote computer.

Finally at the end of the course you will learn how to protect yourself and your systems from these attacks.

All the attacks in this course are practical attacks that work against real computers, in each technique you will understand the theory behind it and how it works, then you’ll learn how to use that technique in a real life scenario, so by the end of the course you’ll be able to modify these techniques or combine them to come up with more powerful attacks and adopt them to different scenarios and different operating systems.

With this course you’ll get 24/7 support, so if you have any questions you can post them in the Q&A section and we’ll respond to you within 15 hours.

Notes:

  • This course is created for educational purposes only and all the attacks are launched in my own lab or against devices that I have permission to test.

  • This course is totally a product of Zaid Sabih & zSecurity, no other organization is associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANIZATION IS INVOLVED.

Introduction

1
Teaser - Converting Downloads To Trojans On The Fly & Hacking Windows 10

This is a teaser lecture, the goal here is to show you what you'll be able to do by the end of the course.

You'll see one of the scripts that you'll learn how to build in action, this script will replace any file downloaded by a target with a trojan that will open the file the target request and run evil code in the background allowing us to gain access to the target computer and fully control it.

As this is a teaser lecture, it won't cover how this is done, you'll learn how to do this as you go through the course, right now just sit back, enjoy the lecture, and you'll learn how to do this by the end of the course.

2
Course Overview

This lecture will introduce you to the main topics covered in the course.

Back To Basics/Pre-Connection Attacks

1
Pre-connection Attacks Overview

This lecture will give you an overview of what you'll learn in this section.

2
Spoofing Mac Address Manually

This lecture teaches how to manually change the mac address of any network interface, this can be useful to bypass security measurements, hide your identity and more.

3
Targeting 5 GHz Networks

In this lecture you will learn how to use airodump-ng to sniff data from networks and clients that use run on 5GHz.

4
Deauthenticating a Client From Protected WiFi Networks

This lecture will teach you how to disconnect any device from any WiFi network even if the network uses encryption like WPA or WPA2.

5
Deauthenticating Multiple Clients From Protected WiFi Networks

In this lecture you will learn how to disconnect a number of devices simultaneously from their network even if their network uses a password.

6
Deauthenticating All Clients From Protected WiFi Network

In this lecture you will learn how to run a deauthentication attack and disconnect all clients in a network, without connecting to the network and even if the network uses encryptions such as WPA/WPA2.

7
Deauthenticating Same Client From Multiple Bands or Networks

Sometimes devices are configured to connect to more than one wifi network, therefore they'll automatically connecting to other networks or other bands (eg. 5Ghz) if you de-authenticate them from their current network.

This lecture teaches you how to deauthenticate the same client from multiple networks.

Gaining Access

1
Gaining Access Overview

This lecture will give you an overview of what you'll learn in this section.

2
Discovering Hidden Networks

This lecture will teach you how to discover hidden networks around you and find their name/ESSID.

3
Connecting To Hidden Networks

This lecture shows you how to connect to hidden network once you figure out the name.

4
Bypassing Mac Filtering (Blacklists & Whitelists)

This lecture will teach you what MAC filtering is, how it works, and how to bypass it whether it is implemented using a black list or using a white list.

5
Cracking SKA WEP Networks

The traditional methods of cracking will NOT work if the target network uses SKA authentication .

This lecture will teach you how to crack WEP networks that use SKA.

6
Securing Systems From The Above Attacks

This lecture will teach you how to prevent the above attacks and protect networks from them.

Gaining Access - Captive Portals

1
Sniffing Captive Portal Login Information In Monitor Mode

This lecture will teach you how to use monitor mode to steal login info entered by users to bypass captive portals.

2
Sniffing Captive Portal Login Information Using ARP Spoofing

This lecture will cover another method to bypass captive portals, in this method you will learn how to steal the login info by ARP-spoofing clients in the network.

3
Creating a Fake Captive Portal - Introduction

In this lecture and the next few lectures you will learn how to manually create a fake access point, and configure it to work as a captive portal, so we can steal login info entered by users that connect to it.

4
Creating Login Page - Cloning a Login Page

This lecture will teach you how to clone any web page from the internet, as an example we will be cloning a login page used by my target captive portal.


5
Creating Login Page - Fixing Relative Links

This lecture will teach you how to fix the resources used by the cloned web page so that it looks and works like the real one.

6
Creating Login Page - Adding Form Tag

In this lecture we will be modifying the source code used in the cloned page to make sure that it contains a form tag, this will make sure that the info will get posted using HTTP POST which makes it easy for it to sniff this info.

7
Creating Login Page - Adding Submit Button

In this lecture we will finish working on the cloned page by adding a submit button to the form to make sure that the data will get submitted via HTTP POST when the user enter their details.

8
Preparing Computer To Run Fake Captive Portal

This lecture will teach you how to prepare your computer to launch a fake access point.

9
Starting The Fake Captive Portal

In this lecture you will learn how to configure and start all the components needed to launch a fake access point, this includes a DHCP server, a DNS server, and host apd.

10
Redirecting Requests To Captive Portal Login Page

This lecture will teach you how to setup redirect rules to redirect all users to the cloned login page as soon as they connect to the fake captive portal.

11
Generating Fake SSL Certificate

In this lecture you will learn how to generate an SSL certificate, the generated certificate can be used in any scenario or with any application that might require a SSL certificate.

12
Enabling SSL/HTTPS On Webserver

In this lecture we will use the SSL certificate we generated in the previous lecture to add HTTPS/SSL support to your web server, as a bonus this will allow us to support HTTPS/SSL on our fake access point.

13
Sniffing & Analysing Login Credentials

Finally in this lecture you will learn how to sniff & analyse data from the fake access point we created, the same method can be used to sniff data from any open network even if it was not a fake access point.

Gaining Access - WPA & WPA2 Cracking - Exploiting WPS

1
Exploiting WPS - Introduction

This lecture will introduce you to the main objectives of this subsection.

2
Bypassing "Failed to associate" Issue

This lecture will teach you how to bypass the "Failed to associate" warning that you might get when using reaver.

3
Bypassing 0x3 and 0x4 Errors

In this lecture you will learn how to debug reaver's output, as an example you will learn how to bypass the 0x3 and 0x2 error messages thrown by some routers.

4
WPS Lock - What Is It & How To Bypass It

In this lecture we will have a look on WPS lock, what is it and discuss some ideas on how to bypass it.

5
Unlocking WPS

In this lecture you will learn how to force some routers to automatically unlock their WPS.

Gaining Access - WPA & WPA2 Cracking - Advanced Wordlist Attack

1
Advanced Wordlist Attacks - Introduction

This lecture will give you an overview of what you'll learn in this section.

2
Saving Cracking Progress

In this lecture you will learn how to save your cracking progress with aircrack-ng, this will allow you to pause the cracking process, and start from where you left the next time instead of the default behaviour where you would start from 0.

3
Using Huge Wordlists Without Wasting Storage

In this lecture you will learn how to pipe crunch's output to aircrack-ng on the fly, this allows you to use huge wordlists to crack WPA and WPA2 without taking up disk space.

4
Saving Cracking Progress When Using Huge Wordlists Without Wasting Storage

In this lecture we will combine the 2 methods we learned in the previous lectures, this will allow us to:

1. Use huge wordlists to crack WPA and WPA2 without taking up disk space.

2. Store the cracking progress so we can pause and resume anytime we want.

5
Cracking WPA/WPA2 Much Faster Using GPU - Part 1

In this lecture you will learn how to crack WPA/WPA2 much faster using the GPU instead of the CPU.

This is part 1 where you will learn how to install the needed software and prepare the handshake.

6
Cracking WPA/WPA2 Much Faster Using GPU - Part 2

In this lecture you will learn how to crack WPA/WPA2 much faster using the GPU instead of the CPU.

This is part 2 - here you will learn how to start the cracking process and get the password.

Gaining Access - WPA & WPA2 Cracking - Evil Twin Attack

1
What is It & How it Works

In an evil attack we create a network that is identical to the target network, disconnect clients from their original network and steal the password when they connect to the identical fake network (the evil twin).

In this lecture we will discuss the idea of an evil twin attack, and how it can be used to get the WPA/WPA2 key.

2
Installing Needed Software

You will learn how to install a tool called Fluxion in this lecture, since we already covered all the steps to generate a fake access point manually, in this lecture and the next one you will learn how to use Fluxion to automatically run an evil twin attack.

3
Stealing WPA & WPA2 Key Using Evil Twin Attack Without Guessing

In this lecture you will learn how to use Fluxion to run an evil twin attack automatically and steal the WPA/WPA2.

4
Debugging & Fixing Login Interface Issues

In this lecture you will learn the right way to debug and fix issues that you might face with automation tools like Fluxion, as an example you will learn how to fix a common issue with the login interface displayed to users.

Gaining Access - WPA & WPA2 Cracking - WPA/WPA2 Enterprise

1
What is WPA & WPA2 Enterprise & How it Works

In this lecture we will have a look on a WPA Enterprise, what is it and how it works.

WPA enterprise is another form of authentication, all of the methods you learned so far only work against networks that use PSK authentication, in this lecture and next few lectures you will learn how to get the WPA/WPA2 key if the target network uses WPA Enterprise.

2
2 Methods To Hack WPA & WPA2 Enterprise

In this lecture we will discuss 2 methods to get the key for WPA Enterprise networks.

3
Stealing Login Credentials

In this lecture you will learn how to steal login credentials used to login to WPA & WPA2 Enterprise networks.

4
Cracking Login Credentials

Finally in this lecture you will learn how to crack the hash that you stole in the previous lecture.

5
Securing Systems From The Above Attacks

This lecture will teach you how to secure systems from all of the gaining access attacks shown in this course.

Post Connection Attacks

1
Post Connection Attacks Overview

This lecture will give you an overview of what you'll learn in this section.

2
Ettercap - Basic Overview

This lecture will give you a basic overview on Ettercap, what it is and how to interact with its interactive command prompt.


3
Ettercap - ARP Spoofing & Sniffing Sensitive Data Such As Usernames & Passwords

In this lecture you will learn how to use Ettercap to become the man in the middle using an arp spoofing attack, you will also learn how to sniff sensitive data such as passwords from poisoned computers.

4
Setting Up SSLstrip Manually To Bypass HTTPS & Sniff Data From HTTPS Websites

This lecture will teach you how to use SSLstrip manually to bypass HTTPS, this manual method is very useful because it can be used to bypass HTTPS whenever you are the man in the middle, regardless of how you became the man in the middle.

5
Automatically ARP Poisoning New Clients

In this lecture you will learn how to use Ettercap plugins.

Ettercap has a number of useful plugins that allow us to do various things, as an example, in this lecture you will learn how to use a plugin to automatically poison clients that connect to the network.

6
DNS Spoofing Using Ettercap

In this lecture you will learn how to use a more complex Ettercap plugin, this plugin will allow you to run a DNS spoofing attack allowing you to redirect DNS requests to any IP you want.

7
Bypassing Router-Side Security & Poisoning Target Without Triggering Alarms

In this lecture you will learn how to bypass router-side security by only poisoning and sniffing data in one way using Ettercap.

Post Connection Attacks - Analysing Data Flows & Running Custom Attacks

1
Introduction to MITMproxy

This course will introduce you to MITMproxy and teach you how to install it on Kali Linux.

2
Using MITMproxy In Explicit Mode

This lecture will teach you MITMproxy basics, its modes, how to start it in explicit mode and how to configure the browser to use it.

3
Analysing (Filtering & Highlighting) Flows

In this lecture you will learn how to filter and highlight flows in MITMproxy using regex.

4
Intercepting Network Flows

This lecture will teach you how to intercept data flows in MITMproxy based on regex expressions.

5
Modifying Responses & Injecting Javascript Manually

In this lecture you will learn how to manually edit the response body in flows, as an example you will learn how to inject javascript code and get it to be executed on the target browser.

6
Intercepting & Modifying Responses In Transparent Mode

In this lecture you will learn how to use MITMproxy in its transparent mode when you're the MITM, as an example you will learn how to use MITMproxy with an ARP spoofing attack.

7
Editing Responses & Injecting BeEF's Code On The Fly

In this lecture you will learn how to use everything you learned so far in a real life scenario, you will learn how to inject javascript code in the response sent to a remote computer connected to the same network, instead of injecting a simple javascript we will inject BeEF's hook code to hook the remote computer to BeEF.

8
Editing Responses Automatically Based On Regex

This lecture will teach you how to use another tool that comes with MITMproxy, you will learn how to use MITMdump to replace flows based on regex rules automatically.

9
[Bonus] - Stealing Login Info Using Fake Login Prompt

This is a bonus lecture taken from my ethical hacking course, this lecture shows BeEF's basics and how to use it to steal credentials from a remote computer using a fake login prompt.

10
[Bonus] - Hacking Windows 10 Using A Fake Update

This is a bonus lecture taken from social engineering course, it shows how to use BeEF to show the target a fake update message and hack their system after they install the update.

Post Connection Attacks - Writing Custom Scripts To Execute Own Attacks

1
Introduction to MITM Scripts?

MITMproxy scripts allow us to use Python with MITMproxy to implement our own attack ideas.

This lecture will introduce you to MITMproxy scripts, why learn how to write them, and what can they be used for.

2
Capturing & Printing Requests/Responses

In this lecture you will build your first MITMproxy script, you will learn how to build a very basic MITMproxy script to print all requests/responses that pass through it.

3
Filtering Flows & Extracting Useful Data

In this lecture you will learn how to access useful data flowing through MITMproxy, as an example you will learn how to get your script to print the request URLs.

4
Using Conditions To Execute Code On Useful Flows

In this lecture you will learn how to use a basic 'if' statement to filter data and execute code on useful parts of the flows.

5
Generating Custom HTTP Responses

Now that you know how to write a script to filter data and execute code on the useful parts of the flows, this lecture will teach you how to create custom responses and forward them to the right destination, as an example you will learn how to create a custom response to download requests and redirect the user to a different URL, allowing you to replace any file that any person requests with any other file.

6
Testing Script Locally

In this lecture you will learn how to test the script that we have been building so far and fix some un-anticipated  issues.

7
Generating Trojans - Installing The Trojan Factory

This lecture will teach you how to download and install a tool called The Trojan Factory, this tool will allow you to convert suspicious malware to torjans that look and behave like normal files.

8
Generating Trojans - Converting Any File (eg:image) To a Trojan

In this lecture you will learn how to use The Trojan Factory to convert files into trojans.

9
Testing Script On Remote Computer To Replace Downloads With a Generic Trojan

In this lecture you will learn how to use the script that you made to replace files downloaded by computers connected to the same network with trojans made using the trojan factory.

10
Executing Bash Commands & Calling Trojan Factory From Our Script

In this lecture you will learn how to enhance the script that you made so far so that instead of replacing downloads with a generic trojan, it would convert the file that the target person is downloading to a trojan on the fly as the person downloads it.

In this part you will learn how to run shell commands and call The Trojan Factory from a python script.

11
Using Variables & More Complex Conditions

In this lecture you will learn how to enhance the script that you made so far so that instead of replacing downloads with a generic trojan, it would convert the file that the target person is downloading to a trojan on the fly as the person downloads it.

In this part you will learn how to use variables in python scripts.

12
Converting Downloads To Trojans On The Fly

In this lecture we will test the script that we made so far against a remote computer to replace any file the target downloads with a trojan that is made out of that file.

13
Configuring The Trojan Factory's MITMproxy Script

The Trojan Factory has a mitmproxy script, it is similar to the script that we built, but it is a bit more advanced, it can be used to target multiple file types automatically, it also automatically changes the trojan name to the original file name, adds an appropriate icon, and spoofs the trojan extension.

In this lecture you will learn how to configure this script.

14
Using The Trojan Factory MITMproxy Script

In this lecture you will learn how to use The Trojan Factory's MITMproxy script to replace any file downloaded in the network with a trojan with the right file name, right extension, and right icon.

Post-Connection Attacks - Doing All Of The Above On HTTPS Websites

1
Bypassing HTTPS With MITMproxy

In this lecture you will learn how to use more complex MITMproxy scripts, as an example we will use a script that allows us to bypass HTTPS.

2
Replacing HTTPS Downloads

In this lecture you will learn how to run our own script against HTTPS websites so that we can convert files downloaded from HTTPS websites into trojans.

3
Injecting Data (Javascript, HTML elements ...etc) In HTTPS Websites

This lecture will teach you how to modify the response body even if the target website uses HTTPS, as an example we will inject BeEF's hook code in a HTTPS website.

4
Securing Systems From The Above Post Connection Attacks

This lecture will teach you how to protect yourself from all of the post connection attacks shown in this course.

Bonus Section

1
Bonus Lecture - What's Next?
You can view and review the lecture materials indefinitely, like an on-demand channel.
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don't have an internet connection, some instructors also let their students download course lectures. That's up to the instructor though, so make sure you get on their good side!
4.8
4.8 out of 5
2359 Ratings

Detailed Rating

Stars 5
1598
Stars 4
592
Stars 3
128
Stars 2
27
Stars 1
11
30-Day Money-Back Guarantee

Includes

10 hours on-demand video
1 article
Full lifetime access
Access on mobile and TV
Certificate of Completion
Network Hacking Continued – Intermediate to Advanced
Price:
$198.98 $159

Community

For Professionals

For Businesses

We support Sales, Marketing, Account Management and CX professionals. Learn new skills. Share your expertise. Connect with experts. Get inspired.

Community

Partnership Opportunities

Layer 1
samcx.com
Logo
Register New Account
Compare items
  • Total (0)
Compare
0