Methodology
Table Of Contents
Step 1 – Enumeration
Scanning
- Run NMAP default script on all ports. (
nmap -sC -sV --min-rate 100 IP -oN output.txt
- /opt/nmapautomator FULL, UDP, VULN
Port Enumeration
- Find service and versions
- Find known service bugs
- Find config issues
- Find vulnerabilities using Searchsploit every service/app available
- Enumerate each service closely. Look at the header using nc/telnet.
- Default credentials (admin:admin, admin:secret, admin:pass etc…)
Scanning
- Nitko scan
- Feroxbuster/gobuster (Remember -f switch! Remember to try different wordlist)
- BurpSuite and look at the response.(Headers, URLs, Response, BurpPro to bruteforce)
- Manually look at each sites request and response.
- Find software versions
- FUZZ every parameter
Step 2 – Initial Access
Step 3 – Privilege Escalation
gtfobins
Inspo: