What is your methodology?

G0dm0de · March 26, 2020, 9:07pm

So I’m wondering what other people’s methodology is to possibly help improve my own.

Pretend your nmap scan has completed, and you’re presented with a plethora of services (FTP, SSH, RPC, SMB, NBT, DNS, NFS, SNMP, SMTP, HTTP, MySQL, etc), do you have a specific order you go by?

For instance, some people prefer to save HTTP for last since it usually takes the longest to enumerate. Others start with HTTP such as crawling the website, playing with the webapp, etc and then look for vulnerabilities in the FTP or SMB, or RPC services, and so on.

01ph0rie · March 26, 2020, 9:38pm

This is a big question… This really depends on the box and it’s system, the output of your scans (is it a lot? how many potential easy tasks?) and many other things… even the box name can change your approach.

Topic		Replies	Views
Enumeration Tips	2	333	June 29, 2022
What's Your Methodology? Machines	3	1053	June 26, 2019
How to start Off-topic tools , noob , start , pentest	4	1143	January 27, 2020
External Enumeration and Recon Other enumeration , guide	4	939	March 7, 2020
Scan takes long time - can anyone help Machines	3	920	December 5, 2019

What is your methodology?

Related topics