Initial Attack Vectors

Initial Internal Attack Strategy

Begin the day with MITM6 or Responder, responder is safer as it won’t cause any network outage. The best time to run Responder is in the morning or after lunch as most users are trying to login to their computers.
Use mitm6 for a short amount of time around 5-10mins as it may cause an outage.
If there’s less traffic, you can generate by running scans (Nmap, Nessus).
If scans are taking too long (No responder/mitm6 traffic):
- Look for websites in scope (http_version - Metasploit)
Look for default credentials on web logins:
- Printers, Jenkins, Admin portal, iDrac, etc.

Think outside the box.

Always multi-task. You are not always going to have responder traffic or mitm6 traffic. Look for websites, default credentials, etc.

If you are stuck on a pentest, no initial attack, good patching, etc. You can ask the client for credentials to be created. Sometimes client might say no. We are on a limited time and what if in a real scenario an account gets compromised later on? If they were able to create an account for us, we can then do further enumeration.

PreviousPort Scan NextLLMNR Poisoning

Last updated 1 year ago

Initial Attack Vectors

Initial Internal Attack Strategy

Begin the day with MITM6 or Responder, responder is safer as it won’t cause any network outage. The best time to run Responder is in the morning or after lunch as most users are trying to login to their computers.
Use mitm6 for a short amount of time around 5-10mins as it may cause an outage.
If there’s less traffic, you can generate by running scans (Nmap, Nessus).
If scans are taking too long (No responder/mitm6 traffic):
- Look for websites in scope (http_version - Metasploit)
Look for default credentials on web logins:
- Printers, Jenkins, Admin portal, iDrac, etc.

Think outside the box.

Always multi-task. You are not always going to have responder traffic or mitm6 traffic. Look for websites, default credentials, etc.

PreviousPort Scan NextLLMNR Poisoning

Last updated 1 year ago