.

Pen testing a Cent OS

<<

ashksh1991

User avatar

Newbie
Newbie

Posts: 2

Joined: Wed May 28, 2014 2:06 pm

Post Wed May 28, 2014 2:25 pm

Pen testing a Cent OS

Hello All,
I am new to hacking. I am curious to know how a server for a web application is pen tested as in what are the steps and how to go about do the code review . It will be great if some one can shed some light on that. Any lead will be really appreciated.
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed May 28, 2014 7:33 pm

Re: Pen testing a Cent OS

These will give you a general idea of the overall penetration testing process:
http://www.vulnerabilityassessment.co.u ... 0Test.html
http://www.pentest-standard.org/index.php/Main_Page

In terms of the web application, OWASP has a section for code review, along with a ton of other resources for attacks, safeguards, tools, etc.:
https://www.owasp.org/index.php/Categor ... ew_Project
https://www.owasp.org
The day you stop learning is the day you start becoming obsolete.
<<

ashksh1991

User avatar

Newbie
Newbie

Posts: 2

Joined: Wed May 28, 2014 2:06 pm

Post Tue Jun 10, 2014 6:43 pm

Re: Pen testing a Cent OS

Hello Dynamik
Thanks a lot for those links. They are highly resourceful.

But I have one more question. If a web application server resides in a third party infrastructure , how can one hack it? Any input will be useful.

Thanks.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1704

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Jun 13, 2014 4:48 pm

Re: Pen testing a Cent OS

Are you referring to a hosted app server, rather than a dedicated webserver, or what do you mean, specifically, by 'resides in a third party infrastructure' ?

Regardless of where it resides, if you have access to it, the testing / hacking methodologies are the same, except that there may be additional permissions you need to secure, to test the server, if it's owned by a third party. (Heck, they might not allow you to test it, but...) You might encounter web application firewalls, or have to avoid shared configurations, etc, so as not to breach ethics by hitting someone else's site / applications.

But if permissions are obtained from ALL parties, the general testing is the same.

Now, if you mean it's an internal webserver, and is not accessible to the outside, then you either need a way to access it (aka, by pwning a client machine or other box you CAN reach, that in some way, shape or form can access it), or physically get access to it.

If I'm missing your idea, please feel free to elaborate.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software