-
Enumeration Tools kerbrutepython3 /opt/kerbrute/kerbrute.py -domain thinc.local -users /usr/share/seclists/Usernames/Names/names.txt -dc-ip $target Alternative https://github.com/ropnop/kerbrute msf> use auxiliary/gather/kerberos_enumusers Perform ASREPRoast
-
Enumeration Mandatory Grab the banner. Tools Patator (brute force)
-
Enumeration Mandatory Try to access ssh ‑v $target Optional Reuse existing credentials Brute-force with existing usernames (Password-spraying) Try ssh-audit $target Try known usernaes with username as password or other found strings. Privilege Escalation Find .ssh directory on the file system and check all files within. Check sshd_config file. Check SSH version for exploits.
-
Enumeration Check the certificate Perform SSL-Scan Go to Checklist 80 HTTP Optional if vulnerable against heartbleed, use msf> use openssl_heartbleed. Don’t forget to use set ACTION KEYS or similar (see info)
-
Enumeration Mandatory Check anonymous login Try to create AND upload a file: mkdir test put /tmp/test test Check login with at least the following credentials: admin / admin admin / password Optional Download everything with wget and look for .dot files! Check login with newly found users Brute-force login Make sure to check admin / admin and other usual combinations…
-
Enumeration Mandatory Open the site in a Browser. Maybe a CUPS interface is available. Performnmap -p 631 $target --script cups-info Try the PRET Printer Exploitation Toolkit is useful for printer hacking. See also HTB Laser (ippsec)python pret.py $target pcl
-
Enumeration Mandatory Optional Tools
-
Enumeration Mandatory Optional On Windows