11.1.1 Review the results of your application mapping exercises to identify the web server and other technologies in use that may contain accessible administrative interfaces.
11.1.2 Perform a port scan of the web server to identify any administrative interfaces running on a different port than the main target application.
11.1.3 For any identified interfaces, consult the manufacturer's documentation and common default password listings to obtain default credentials.
11.1.4 If the default credentials do not work, use the steps listed in section 4 to attempt to guess valid credentials.
11.1.5 If you gain access to an administrative interface, review the available functionality and determine whether it can be used to further compromise the host and attack the main application.
11.2.1 Review the results of your Nikto scan (step 1.4.1) to identify any default content that may be present on the server but that is not an integral part of the application.
11.2.2 Use search engines and other resources such as www.exploit-db.com and www.osvdb.org to identify default content and functionality included within the technologies you know to be in use. If feasible, carry out a local installation of these, and review them for any default ...