Now that you’ve identified your target network’s attack surface, it’s time to begin compromising vulnerable hosts. This part of the book starts with chapter 5, which walks you through various methods of compromising vulnerable web applications such as Jenkins and Apache Tomcat. You’ll learn how to deploy custom-built backdoor web shells and upgrade them to fully interactive reverse command shell access to compromised targets.
Chapter 6 introduces you to the process of attacking an unsecured database server. In this chapter, you’ll also learn about Windows account password hashes, why they are useful to you as an attacker, and how to obtain them from a compromised system. Finally, this chapter covers some interesting methods for retrieving loot from compromised Windows hosts, which can be particularly useful when you’re limited to a non-interactive shell.
In chapter 7, you get your first taste of the coveted exploitation process and achieve push-button remote access to a vulnerable server that’s missing a Microsoft Security Update. It doesn’t get much easier than this in terms of penetrating network systems and gaining access to otherwise restricted targets.