https://book.ghanim.no/index.php?action=history&feed=atom&title=Methodology
Methodology - Revision history
2026-04-21T14:46:20Z
Revision history for this page on the wiki
MediaWiki 1.45.1
https://book.ghanim.no/index.php?title=Methodology&diff=1115&oldid=prev
imported>Aghanim at 08:03, 8 June 2022
2022-06-08T08:03:10Z
<p></p>
<p><b>New page</b></p><div>== Step 1 - Enumeration ==<br />
<br />
<br />
=== Scanning ===<br />
<br />
<br />
* Run NMAP default script on all ports. (<code>nmap -sC -sV --min-rate 100 IP -oN output.txt</code>* /opt/nmapautomator FULL, UDP, VULN<br />
<br />
<br />
=== Port Enumeration ===<br />
<br />
<br />
* Find service and versions* Find known service bugs* Find config issues* Find vulnerabilities using '''Searchsploit''' every service/app available* Enumerate each service closely. Look at the header using nc/telnet.* Default credentials (admin:admin, admin:secret, admin:pass etc...)<br />
<br />
<br />
=== Scanning ===<br />
<br />
<br />
* Nitko scan* Feroxbuster/gobuster (Remember -f switch! '''Remember to try different wordlist)'''* BurpSuite and look at the response.(Headers, URLs, Response, BurpPro to bruteforce)* Manually look at each sites request and response.* Find software versions* '''FUZZ''' every parameter<br />
<br />
<br />
== Step 2 - Initial Access ==<br />
<br />
<br />
== Step 3 - Privilege Escalation ==<br />
<br />
<br />
gtfobins<br />
<br />
<br />
Inspo:<br />
<br />
<br />
[https://guif.re/networkpentest#General%20methodology https://guif.re/networkpentest#General%20methodology]<br />
<br />
[[Category:Offensive Security]]</div>
imported>Aghanim