quick-notes.md

Reminder

• Take screenshots
• Log terminals
• State changes you've made to tools/payloads/exploits
• whoami && cat /full/path/flag.txt && ip addr

---

Info

• Platform (e.g. TryHackMe/HackTheBox/Proving Grounds)
• Box Name
• Box IP

---

Notes

OS Detection

21 TCP

• searchsploit
• hacktricks
• google
• anonymous login
• weak credentials
• default credentials
• reuse credentials
• file uploading

22 TCP

• searchsploit
• hacktricks
• google
• weak credentials
• reuse credentials

53 TCP

• searchsploit
• hacktricks
• google
• dig
• zone transfer

80/443 TCP

• searchsploit
• hacktricks
• google
• robots.txt
• sitemap.xml
• nikto
• gobuster

135 TCP

• searchsploit
• hacktricks
• google
• rpcdump.py $RHOST -p 135

139 TCP

• searchsploit
• hacktricks
• google
• nmap scripts

445 TCP

• searchsploit
• hacktricks
• google
• nmap scripts (especially smb-vuln*)
• enum4linux
• anonymous login
• weak credentials
• default credentials
• reuse credentials
• file uploading

PORT TCP/UDP Service Version

• searchsploit
• hacktricks
• google

---

Flags

user.txt

FLAG{}

root.txt

FLAG{}

---

Quick Walkthrough

Enumeration

Foothold

Privilege Escalation

Post-Exploitation

---

Mitigations

---

Reference

• MITRE/NVD
• Official Security Bulletin (e.g. Microsoft)
• Details of the vulns (e.g. how and why it works)
• OWASP Top 10/cheatsheet
• Details of mitigation/protection
• Link to payload/wordlist/exploit used