This video shows the process of gaining root access to a web server by hacking the web application, performed by Aerstone’s lead penetration tester Curt Stapleton. The demo covers discovery, mapping the app, defeating the login, elevating privileges, and gaining root access on the web server.
Web Application Testing Techniques demonstrated:
Port scanning
Web App Vuln scanning
Info Gathering and Recon
SQL Injection
Remote Execution of Commands
Good Ole’ Fashion Creativity
Note: The attack/test was performed on a target image in a controlled environment.