Please enable JavaScript.
Coggle requires JavaScript to display documents.
Pentest methodology (Privilege escalation (Linux, Windows), initial…
Pentest methodology
Privilege escalation
Linux
Windows
initial foothold on the system
nmap -sC -sV -oA nmap/nmap ip
enumerate try and find public exploits for the services
Found a public exploit
Which should work but doesnt
Read the exploit see if you can fix the issue or have to give some params to it. burp to intercept and debug the issue
FInd other sources of the exploit and read about it how it works what it effects
Works right away done
Found a vulnerable OS exploit right away
There is a web server running
Enumeration
OWASP Top 10 Vulns
SQl injection
automate via SQL Map also look for manual sql injection
Second order sql injection
SSRF
XXE
LFI
RFI
Broken Auth
Broken Access control
No SQL injection Test
FIle Uploads
Bruteforceing
GoBuster
go buster against all web servers with -x flag for possible extensions such as aspx, php, cgi etc.
Default Credentials
Hashcat with rockyou after identifying username
Other possibilities
Shell shock
Heartbleed
Vendor application exploit's
Wordpress
Joomla
Meganto
Etc.