Offensive Tips¶
Intro¶
Offensive Tips, Exploits

Methodology¶
New Target¶
Port scan
New Service¶
Search for service version
Search related OS info
Search for exploit
New Website¶
Check URLs for other vhosts
Scan dirs (wfuzz/fuff/dirb/gobuster)
Check requests with ZAP/Burp, especialy on user inputs and forms
New Credentials¶
Try it everywhere and with differents protocols (rdp,ssh,smb)
Try password mutation (usr1_srv => usr2_srv)
New System Account¶
Run enumeration scripts
Look for sudo entries and check them on https://gtfobins.github.io/
Search for files ( ~/home and find / -user $(whoami) 2>/dev/null )