Why is Information Gathering very important in Pentesting?
Often this is one of the highly ignored steps by beginners or amateur hackers. In pentesting, especially black box pentesting, gathering information is highly important. One needs to know everything about a target before attacking the target. Successful attack happens when you farther and not faster.
To gather information first Identify your target. Then collect surface information about the target as where the target is, what type of target it is, who owns it, what platform it is on, etc...
Next step is to find all possible ways to enter the target. Find out if any security mechanisms are present. If present analyse ways to bypass them or escape them. Next enumerate possible ways to gain access to the target. For that you need to find out vulnerabilities in the target. If any found search on exploit db if any exploits are already available. Else try your payloads if possible or use metasploit for that step.
Once you are able to exploit the target, try to gain super user access and own the system.
Sounds easy huh? Now you need to have a good detailed background info about a target to do all this. Hope you understand why this step is crucial.
If you can perform all these steps perfectly, you can pass one of the premium certificate OSCP by Offensive Security. Penetration Testing Training with Kali Linux