I can’t explain how frustrating it is to spend hours on a box just to realized that you missed something small. This was a huge problem for me starting out, but as I got more experience it became a lot easier. I wrote a basic external enumeration and recon guide for people new to HTB. Hope it gives you at least a starting point.
https://c0nd4.com/external-recon-and-enumeration-guide/
Also, feel free to add your own tips in this thread. I know what I wrote surely wasn’t all encompassing.
All good info, thanks for sharing
@VbScrub My pleasure. Just paying it forward.
@Conda looks pretty awesome to me.
Only things I’d consider:
Run nikto against sites - its always worth a background scan while you do other things as it may find some oddities and can return directories faster than dirb/gobuster/dirbuster etc.
Check SSL/TLS certs - the details may give clues about usernames or subdomains.
Depending on the level of detail, if a DB server comes up in the NMAP scan its worth digging in deeped.
@TazWake Appreciate the feedback. I’ll definitely add those things. Great points!