Offensive Tips
Intro
Offensive Tips, Exploits
Sources ❤️ :
Methodology
The “did you try ?” list
New Target
Full TCP port scan
Check for SNMP
New Service
Search for service version, and google it !! (service xxx v1.2.3 exploit git cve poc)
Search related OS info, ALWAYS try to ask google for kernel version exploit !!
New Website
Check URLs for other vhosts
Scan dirs (wfuzz/fuff/dirb/gobuster)
Check requests with ZAP/Burp, especialy on user inputs and forms
Default passwords
New Credentials
Try it everywhere and with differents protocols (rdp,ssh,smb,rpc,winrm)
Try password mutation (usr1_srv => usr2_srv)
New System Account
Run enumeration scripts (linpeas/winpeas)
Look for sudo entries and check them on https://gtfobins.github.io/
ALWAYS check services path for secrets (ex : /var/www/html)