What is your methodology?

So I’m wondering what other people’s methodology is to possibly help improve my own.

Pretend your nmap scan has completed, and you’re presented with a plethora of services (FTP, SSH, RPC, SMB, NBT, DNS, NFS, SNMP, SMTP, HTTP, MySQL, etc), do you have a specific order you go by?

For instance, some people prefer to save HTTP for last since it usually takes the longest to enumerate. Others start with HTTP such as crawling the website, playing with the webapp, etc and then look for vulnerabilities in the FTP or SMB, or RPC services, and so on.

This is a big question… This really depends on the box and it’s system, the output of your scans (is it a lot? how many potential easy tasks?) and many other things… even the box name can change your approach.