During a penetration test or capture the flag (CTF), it is incredibly important to enumerate all hosts, host services, and each of the host's publicly accessible files as much as possible. The included cheat sheets will show us common tools and syntax used often for enumeration of the target system.
- If any service lendss any usernames, test the usernames as a file with
hydra
for the users and password. Some folks like to have the password the same a sthe username. Then, test it files that you make withCeWL
. After which, try files from SecLists, then finally, withrockyou.txt
.