Restart the box - wait 2+ minutes until it comes back and all services have started
https://coggle.it/diagram/XepDvoXedGCjPc1Y/t/enumeration-mindmap
http://packetlife.net/media/library/23/common_ports.pdf
- Find service and version
- Find known service bugs
- Find configuration issues
- Run nmap port scan / banner grabbing
- Every error message
- Every URL path
- Every parameter to find versions/apps/bugs
- Every version exploit db
- Every version vulnerability
- User enumeration
- Password bruteforce
- Default credentials google search
nmap --script exploit -Pn $ip
- Nikto
- dirb
- dirbuster
- wpscan
- dotdotpwn/LFI suite
- view source
- davtest/cadeavar
- droopscan
- joomscan
- LFI\RFI test
- snmpwalk -c public -v1 $ip 1
- smbclient -L //$ip
- smbmap -H $ip
- rpcinfo
- Enum4linux
- nmap scripts
- hydra
- MSF Aux Modules
- Download software....uh'oh you're at this stage
- Gather version numbers
- Searchsploit
- Default Creds
- Creds previously gathered
- Download the software
- linux-local-enum.sh
- linuxprivchecker.py
- linux-exploit-suggestor.sh
- unix-privesc-check.py
- wpc.exe
- windows-exploit-suggestor.py
- windows_privesc_check.py
- windows-privesc-check2.exe
- access internal services (portfwd)
- add account
- List of exploits
- sudo su
- KernelDB
- Searchsploit
- Screenshot of IPConfig/WhoamI
- Copy proof.txt
- Dump hashes
- Dump SSH Keys
- Delete files
- Reset Machine