This video shows the process of gaining root access to a web server by hacking the web application, performed by Aerstone’s lead penetration tester Curt Stapleton.  The demo covers discovery, mapping the app, defeating the login, elevating privileges, and gaining root access on the web server.

Web Application Testing Techniques demonstrated:

Port scanning

Web App Vuln scanning

Info Gathering and Recon

SQL Injection

Remote Execution of Commands

Good Ole’ Fashion Creativity

Note: The attack/test was performed on a target image in a controlled environment.