| description |
|---|
What has worked in the past that might work now? |
- Can you port forward anything and expose it to Kali?
- Did you enumerate all possible users?
- username:password(same as username)
ssh eleanor@192.168.81.100
Password: eleanor
- Realize that sometimes you need to go off of the most traveled path to realize that there is another or better way to exploit something
- Remember: it may look overly complex on purpose but what if the developer made a silly mistake somewhere?
- Take note of every service, application, or program
- Searchsploit all of them with and without the version numbers (if applicable)
- Default passwords?
- Google the service for default passwords
- Perform static analysis on web app source code for mistakes, hard-coded credentials, etc.
- Weak passwords?
- Authentication bypass?
- Sensitive information disclosure?
Directory Bruteforcing:
- Run the endpoints through more than one wordlist
Vhost Bruteforcing:
- Run Vhost enumeration on the target
Nikto:
- Be sure to run a Nikto vulnerability scan on all endpoints that you have access to and newly discover
- Check for keywords on ippsec's site
{% embed url="https://ippsec.rocks/?" %} GOAT {% endembed %}