Methodology

Step 1 – Enumeration

Scanning

  • Run NMAP default script on all ports. (nmap -sC -sV --min-rate 100 IP -oN output.txt
  • /opt/nmapautomator FULL, UDP, VULN

Port Enumeration

  • Find service and versions
  • Find known service bugs
  • Find config issues
  • Find vulnerabilities using Searchsploit every service/app available
  • Enumerate each service closely. Look at the header using nc/telnet.
  • Default credentials (admin:admin, admin:secret, admin:pass etc…)

Scanning

  • Nitko scan
  • Feroxbuster/gobuster (Remember -f switch! Remember to try different wordlist)
  • BurpSuite and look at the response.(Headers, URLs, Response, BurpPro to bruteforce)
  • Manually look at each sites request and response.
  • Find software versions
  • FUZZ every parameter

Step 2 – Initial Access

Step 3 – Privilege Escalation

gtfobins

Inspo:

https://guif.re/networkpentest#General%20methodology