background image

Simulated Penetration Test

253

Not shown: 999 filtered ports
PORT   STATE SERVICE

80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 17.46 seconds

We discover what appears to be a web server running on this server. 

This is typical when attacking Internet-facing systems, most of which will limit 
the ports accessible by Internet users. In this example, we find port 80, the 
standard HTTP port, listening. If we browse to it, we see something similar 
to Figure 17-1.

Figure 17-1: A web application was identified.

Threat Modeling

Having identified port 80 as open, we could enumerate any available additional 
systems, but we’re interested only in the single target. Let’s move on to threat 
modeling and attempt to identify the best route into this system.

The web page we found gives us a chance to enter input in User and 

Password fields. At this point, you, as a penetration tester, should think out-
side the box and try to determine what the best avenue is going to be. When 
you’re performing application security penetration tests, consider using tools 
other than Metasploit, such as the Burp Suite (

http://www.portswigger.net/

when appropriate; don’t feel locked into a single tool set. In the following 
example, we’ll attempt a manual attack by entering 

'TEST

 (notice the leading