General Check List

General Checklist

  • Check default passwords.

  • Check versions of services.

  • Try more than one file while directory brute-forcing (i.e. /usr/share/wordlists/dirb/big.txt, /usr/share/wordlists/dirbuster/apache-user-enum-2.0.txt, /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt)

  • Once inside a CMS or site check every single page.

  • bash vs sh. Try both when doing privesc. One does not mean the other.

  • SEARCH EVERYTHING.....even if it seems silly!!!! (i.e photos) Check even CSS files.

  • Check other exploits too if there are available. Do not stuck on one. It may say version 2.4 and the exploit with version 2.5 will work too.

  • Enumerate subdomains if you are getting nothing.

  • Check the /opt and /var directories.

  • Intercept traffic with BurpSuite if you are stuck.

  • If you believe there is no other way in (i.e. have found one), then just stick with it and search search search for it.

  • Run more than one privesc scripts (LinEnum,, peas etc)

  • If you see run gobuster/dirsearch against it. It may reveal a URL as

  • Read the code. It is on the details what it needs to be done/change. Just read the code!!!

  • Try all of them shell_exec, system, exec to be sure.

  • If credentials are not working and you are sure it should, then revert the box. Might have crashed the box somehow along the way.

  • If you are 100% sure the exploit is the one you are looking and it is not working, try 64 bit or 32 bit. Depends the architecture of the box.

  • If there is a redirection to the page....after installing NoRedirect plugin on Firefox....add the page to NOT redirect it. Also intercept the traffic with BurpSuite to see where this goes.

  • Execute commands manually. Sometimes you miss it when running automate scripts.

  • Search and spend some time with LFI/URL parameters

  • Running out of ideas? Brute-Force may be the last option. (use different lists and not only rockyou.txt)

As a general rule:

One finding leads to the next. (e.g. found a file? this will lead you to the next step)

Last updated