Simulated Penetration Test
253
Not shown: 999 filtered ports
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 17.46 seconds
We discover what appears to be a web server running on this server.
This is typical when attacking Internet-facing systems, most of which will limit
the ports accessible by Internet users. In this example, we find port 80, the
standard HTTP port, listening. If we browse to it, we see something similar
to Figure 17-1.
Figure 17-1: A web application was identified.
Threat Modeling
Having identified port 80 as open, we could enumerate any available additional
systems, but we’re interested only in the single target. Let’s move on to threat
modeling and attempt to identify the best route into this system.
The web page we found gives us a chance to enter input in User and
Password fields. At this point, you, as a penetration tester, should think out-
side the box and try to determine what the best avenue is going to be. When
you’re performing application security penetration tests, consider using tools
other than Metasploit, such as the Burp Suite (
http://www.portswigger.net/
)
when appropriate; don’t feel locked into a single tool set. In the following
example, we’ll attempt a manual attack by entering
'TEST
(notice the leading