Methodology

Table Of Contents

Step 1 – Enumeration
Step 2 – Initial Access
Step 3 – Privilege Escalation

Step 1 – Enumeration

Scanning

Run NMAP default script on all ports. (nmap -sC -sV --min-rate 100 IP -oN output.txt
/opt/nmapautomator FULL, UDP, VULN

Port Enumeration

Find service and versions
Find known service bugs
Find config issues
Find vulnerabilities using Searchsploit every service/app available
Enumerate each service closely. Look at the header using nc/telnet.
Default credentials (admin:admin, admin:secret, admin:pass etc…)

Scanning

Nitko scan
Feroxbuster/gobuster (Remember -f switch! Remember to try different wordlist)
BurpSuite and look at the response.(Headers, URLs, Response, BurpPro to bruteforce)
Manually look at each sites request and response.
Find software versions
FUZZ every parameter

Step 2 – Initial Access

Step 3 – Privilege Escalation

gtfobins

Inspo:

https://guif.re/networkpentest#General%20methodology