This chapter takes us away from the usual network devices that we're accustomed to exploiting and instead focuses on checking for vulnerabilities in web applications and servers.

Being a penetration tester is a pretty cool job as you are being paid to hack or break into someone else's network and systems, but legally.

Being a penetration tester also means developing and expanding your skill set to various domains; there will always be situations where you'll be required to perform a vulnerability assessment or penetration test on a client's web server. This chapter will begin by teaching you how to discover the underlying technologies that are being used on a target website and how to discover other websites that are hosted on the same server. Furthermore, you will learn how to perform multiple exploitations on a target web server by uploading and executing a malicious file and leveraging Local File Inclusion (LFI) on a vulnerable server.

In this chapter, we will be covering the following topics:

• Information gathering
• Cryptography
• File upload and file inclusion vulnerabilities
• Exploiting file upload vulnerabilities
• Exploiting code execution vulnerabilities
• Exploiting LFI vulnerabilities
• Preventing vulnerabilities

Let's dive in!