In this chapter, we will identify the methods we use to attack services and servers. The nice thing about this is that we know a server has to have the service running and, more importantly, have the socket in a listening state, ready to accept connections. Moreover, this means that the server sits there and just waits for us to attack it. This is good for us, as we already covered this in Chapter 9, Assessment of Web Servers and Web Applications. The most common attack vector we are going to see is the web applications that are running on a web server. It is not our intention to cover this again here; instead, we will focus on other things that we can attack on the server platforms we encounter. In this chapter, we will be discussing the following topics:
Common protocols and applications for servers
Database assessment
OS platform specifics
This chapter will provide us with information about the ways we can target and hopefully, penetrate the servers that we encounter...