Host systems are an authorized source that access web applications. Compromising an authorized resource could give a Penetration Tester approved access to a targeted web application. This concept is sometimes overlooked when Penetration Testing web applications.

In this chapter, we covered various methods to gain unauthorized access to host systems. The focus is using social engineering, identifying vulnerable hosts, and cracking passwords. There are many textbooks available that focus on hacking host systems, which could be useful when leveraged with the topics covered in this book. We limited the scope of this chapter to targeting hosts specifically that access web applications.

The next chapter will cover attacking how hosts authenticate ...