5 Attacking vulnerable web services

This chapter covers

Phase 2: focused penetration
Deploying a malicious web application archive file
Using Sticky Keys as a backdoor
Differences between interactive and non-interactive shells
Operating system command execution with Groovy script

The first phase of an internal network penetration test (INPT) was all about gathering as much information as possible about the target environment. You began by discovering live hosts and then enumerated which network services those hosts were offering. Finally, you discovered vulnerable attack vectors in the authentication, configuration, and patching of those network services.

Phase 2 is all about compromising vulnerable hosts. You may recall that in chapter 1, ...

Get The Art of Network Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Art of Network Penetration Testing by Royce Davis

5 Attacking vulnerable web services

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly