O'Reilly logo

Penetration Testing with Perl by Swizec Teller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Summary

The intelligence-gathering process can usually make or break a successful penetration test. With this in mind, it's easy to see how important it is to not overlook simple metadata forensics while testing. Forensic metadata extraction can help us reach beyond public-facing images or other files. For instance, if we have found a successful SQL injection or a LFI vulnerability, and successfully leverage that exploit to read the general system message log, for example, /var/log/messages, we can use a simple regular expression to compile a statistical geolocation map of IP addresses that upload files to the web server. As previously stated, this data can then be used in a social engineering attack, and this is exactly what we will be learning ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required