Scenario 1: Mirror environment
Consider yourself a penetration tester who is tasked to carry out a black box penetration test against a single IP in an on-site project. Your job is to make sure that no vulnerabilities are present in the server and on the application running on it.
Understanding the environment
Since we know we are going to perform on an on-site environment, we can summarize the test as shown in the following table:
Number of IPs under scope | 1 |
Test policy | Web applications and server |
IP address |
|
Summary of tests to be performed | Port Scanning Test for Web application vulnerabilities Test for server vulnerabilities Compromising any other network connected to the target host |
Objectives | Gain user level access to the server Escalate privileges to the highest possible level Gain access to the credentials for web and server applications |
Test type | Black box test |
Additionally, let us also keep a diagrammatic view of the entire test to make things easier for us to remember and understand...
