Many of the techniques we want to cover in this chapter can be explored by taking on the challenge that the Kioptrix has made available for us. Let's take a look at the steps necessary to gain root on the Kioptrix machine.

In general, we would begin by scanning the server that hosts the web application. This infrastructure testing gives us a lot of information that comes in handy when trying to perform certain web application vulnerabilities. In this case, we know from using our Load Balance Detector that there is some load balancing going on. We also know that the servers are very similar to one another and are not leaving any clues as to what their real IP is. Our next step is to check if there are any noticeable web application firewalls we need to be aware of. If there are, we may need to use certain evasion techniques to bypass these restrictions.

In the real world, these systems are more than likely not even directly accessible, due to firewall restrictions and network segmentation practices. Our goal is to be able to take over one of these servers and then pivot from that server onto the other one to take it out as well. After all, if the systems are completely identical, all we have to do is get the credentials for one and we can take over all copies with said credentials.