Offensive Tips



The “did you try ?” list

New Target

  • Full TCP port scan

  • Check for SNMP

New Service

  • Search for service version, and google it !! (service xxx v1.2.3 exploit git cve poc)

  • Search related OS info, ALWAYS try to ask google for kernel version exploit !!

New Website

  • Check URLs for other vhosts

  • Scan dirs (wfuzz/fuff/dirb/gobuster)

  • Check requests with ZAP/Burp, especialy on user inputs and forms

  • Default passwords

New Credentials

  • Try it everywhere and with differents protocols (rdp,ssh,smb,rpc,winrm)

  • Try password mutation (usr1_srv => usr2_srv)

New System Account

  • Run enumeration scripts (linpeas/winpeas)

  • Look for sudo entries and check them on

  • ALWAYS check services path for secrets (ex : /var/www/html)