Enumeration

Enumeration - Nmap

• [x] Scan all TCP Ports

  nmap $IP -Pn -n --open --min-rate 3000 -p-
  nmap $IP -sC -sV -p $PORTS
  

• [x] Scan UDP Ports

  nmap $IP -sU --top-ports 10
  

Enumeration - Services

• [ ] Check all of the Network Protocols from the Nmap scans
• [ ] For other ports, interact with them directly with nc or telnet
  • [ ] Send random strings to see if the port responds.
  • [ ] Send common command strings such as help or ls
  • [ ] Send GET / HTTP 1.1 and send Host: test
  • [ ] Try curl or wget
  • [ ] Google the particular port

Enumeration - Web

• [ ] For PHP apps, if phpinfo() is present, check DOCUMENT_ROOT and DISABLE_FUNCTIONS
• [ ] Check .git directory
• [ ] Check WebDAV
• [ ] Try switching between different HTTP request methods.

Exploitation

Exploitation

Privilege Escalation

Linux Privilege Escalation

Windows Privilege Escalation