Beginner needs some tips (Payloads, Metasploit, Reverse Shells, Getting User)

I am currently in the learning process,
I have grasped a few basics of general pentesting,
using stuff like burpsuite to intecept, nmap to enumerate, nikto dirbuster,
The general idea behind enumerating data is grasped for the most part for me, however once that part is done, i end up stuck,

Anyone can share their tips, as to how to upload payloads to
a machine , once the Information gathering is done ?
Which is important to look for, during the Information gathering process,
to then end up using msfvenom, msfconsole, reverse shells, etc (to get user / root)

The main problem is probably, How do you recognise, how is the system vulnerable to one particular technique, and then how to apply that.

I’ve seen a few techniques already, but it seems like there are A TON of them
Any tips, maybe common examples to look out for, would be appreciated ! :slight_smile:

I suggest that you watch ippsec videos on retired boxes. Once you done, try to replicate it without watching ippsec and try to get the same result. While watching the videos, try to ask yourself, why he did that and that, if you don’t know why, google the term, the technique, the CVE, everything that you dont know… I recommend ippsec because he demonstrated multiple ways to attack the boxes. At first, it seems pretty vague , like, “how did he know that” , “why that and why not that”, but at first it’s try and error based on pure curiosity, but you’ll end up having your own methodology to create an attack vector. Sometimes, i’ts okay if you have tried your best but you still can’t get it done, consider this as continuous process of learning. You can’t find direct solution, its all about try and error. Learn and keep learning. :slight_smile:

yeah i’ve actually been watching him quite a bit, noting down his commands, some of his comments, etc.
Thanks for the answer ! :wink:

No probs, I wish you good luck on your journey. If you’re stuck , don’t feel bad looking for hints in the forum. If someone said “enumerate more or try harder” , check back your enumeration, whether you are forgetting something or overlooked something.

Another fun case is when there’s too much information, like on the Carrier box, Really got me to ask myself, as to what i should look for haha