This chapter takes us away from the usual network devices that we're accustomed to exploiting and instead focuses on checking for vulnerabilities in web applications and servers.
Being a penetration tester is a pretty cool job as you are being paid to hack or break into someone else's network and systems, but legally.
Being a penetration tester also means developing and expanding your skill set to various domains; there will always be situations where you'll be required to perform a vulnerability assessment or penetration test on a client's web server. This chapter will begin by teaching you how to discover the underlying technologies that are being used on a target website and how to discover other websites that are hosted on the same server. Furthermore, you will learn how to perform multiple exploitations on a target web server by uploading and executing a malicious file and leveraging Local File Inclusion (LFI) on a vulnerable server.
In this chapter, we will be covering the following topics:
- Information gathering
- Cryptography
- File upload and file inclusion vulnerabilities
- Exploiting file upload vulnerabilities
- Exploiting code execution vulnerabilities
- Exploiting LFI vulnerabilities
- Preventing vulnerabilities
Let's dive in!