In this video I demonstrate how to perform a command injection attack, where the response of the injected command is returned to the user.

In this video I demonstrate how to brute-force passwords, username enumeration (comparison of responses and time-based analysis), and the different tools that can be used to perform this type of attack.

In this video I demonstrate how to upload files containing PHP code to a vulnerable form, which does not check the file extension against a list of acceptable file types for example.

In this video I demonstrate how to perform a Cross-Site Request Forgery (i.e. CSRF or C-Surf) attack.

In this video I demonstrate how to perform basic Local File Inclusion (i.e. LFI) attacks.

In this video I demonstrate how to conduct an automated password guessing attack, against the (Damn Vulnerable Web Application) login screen at the “impossible” level.