Sizing up the Target
Let's say you wanted to get inside a website for evil purposes. It doesn't matter why you want to do this, what matters is how and what you do when you get in.
Firstly, you should identify the website. If you didn't have the name, you could Google for it, ask around, or just surf forums and find it. We'll call our site exampletarget.com. The first thing you want to do is gather as much information about this site as you can.
Here is a list of things you will want to know:
What is the host name?
Where are they hosted (what web host)?
Which operating system do they have?
What is their website built on (Joomla!, Mambo, Drupal, HTML, and so on)?
What are their IP address, name servers, and so on?
What is the "network IP range" of their site (important)?
Which physical machines are active (if applicable)?
Which ports are open, which are filtered, and which are closed?
What services are running?
What are the version levels of all their software (or the vulnerable extension)?
Do you...