From time to time, we find a server with vulnerabilities in its operating system, in a library the web application uses, or in an active service, or there may be another security issue that is not exploitable from the browser or the web proxy.

If the project's scope allows us to do so and no disruption is caused to the server, we can try and exploit such vulnerabilities and get access to the underlying operating system of our target application.

In this chapter, we will start from the point where we already found a vulnerability on the web server or operating system, then we will find an exploit for such a vulnerability and execute it against the target and, once the exploitation is successful, we will build our path up to gain administrative access, and to become capable of moving laterally around the network.