In this chapter, we will cover:
- Scanning and identifying services with Nmap
- Identifying a web application firewall
- Watching the source code
- Using Firebug to analyze and alter basic behavior
- Obtaining and modifying cookies
- Taking advantage of robots.txt
- Finding files and folders with DirBuster
- Password profiling with CeWL
- Using John the Ripper to generate a dictionary
- Finding files and folders with ZAP
Every penetration test, be it for a network or a web application, has a workflow; it has a series of stages that should be completed in order to increase our chances of finding and exploiting every possible vulnerability affecting our targets, such as:
- Reconnaissance
- Enumeration
- Exploitation
- Maintaining access
- Cleaning tracks
In a network penetration testing scenario, reconnaissance is the phase where testers must identify all the assets in the network, firewalls, and intrusion detection systems. They also gather the maximum information about the company, the network, and the employees. In our case, for a web application penetration test, this stage will be all about getting to know the application, the database, the users, the server, and the relation between the application and us.
Reconnaissance is an essential stage in every penetration test; the more information we have about our target, the more options we will have when it comes to finding vulnerabilities and exploiting them.