Monty's Pentesting Notes | Obsidian

    Roadmap

    Nmap

    Footprinting

    Foothold:

    Web -> Web Enumeration -> Web Attacks

    Others -> CVE or Brute force password Cracking Network Services

    Priv esc.

    look for cleartext credentials one of the first step ((LOW HANGING Fruit!))

    CREDENTIAL HUNTING!! Linux Credential Hunting and Windows Credential Hunting

    Get a shell?

    RDP?

    Linux
    get password cleartext through /etc/shadow

    Windows/AD
    attacking LSA/SAM/LSASS, get local admin rights, extract NTDS; spray dictionary passwords