Offensive Tips



New Target

  • Port scan

New Service

  • Search for service version

  • Search related OS info

  • Search for exploit

New Website

  • Check URLs for other vhosts

  • Scan dirs (wfuzz/fuff/dirb/gobuster)

  • Check requests with ZAP/Burp, especialy on user inputs and forms

New Credentials

  • Try it everywhere and with differents protocols (rdp,ssh,smb)

  • Try password mutation (usr1_srv => usr2_srv)

New System Account

  • Run enumeration scripts

  • Look for sudo entries and check them on

  • Search for files ( ~/home and find / -user $(whoami) 2>/dev/null )