Wisdom - Universal

Lot of people are talking about the CPTS course, may be worth taking them seriously on that....

Check fucking stupid password and username combinations fucking stupid

Being adaptable can be advantageous. Getting stuck on harder AD boxes after getting the first one, but moving on the the others and making progress there for example. Don't get hung up and demotivated on one.

Scripting is somewhat important, the aim is making sure you understand HOW scripting is working and being able to lightly modify a breadth of scripts. Knowing how to modify for errors, SSL, etc and knowing how to pwn an insecure workflow. Bash and Python probably sit at the top for this.

Bind shells are tricky - they need an open port to work. Reverse shells are easier as it's the compromised system acting as the client and not the server, we have control over the server and open ports on the attacker machine, obvs.

Review weaker areas and work on them. I.e . Web and AD right now...

With all the information in this knowledge base, ask WHY it's there and WHY you're enumerating the way you are.

Look for known filepaths when doing LFI, file read, any kind of file reading vulnerability. It's something you need to do more of I think

Enumeration is methodical, you need the tick them off of a checklist. You have not exhausted all options or you'd be on to the next step. Have you checked other exploits on the same vulng
? Do other tools work for whatever reason?

Don't skip easy wins. Anonymous login on FTP, SMB, etc

Spray the users and passwords textfile and make sure you use usernames as passwords in a third password file. Spray everything, ftp, ssh, wordpress, etc. Add default credentials from services you find into username and password text files.

If there is a metasploit module for it, there's a manual one for it. You don't need metasploit...

Machine is slow to access? STRAIGHT to revert

Standalone machines: 2h foothold 2h privesc. Move on if nothing is found, come back later

AD set: 4h progress