After this lesson, you will be able to: Enumerate services in depth, versions, configs, vulnerabilities.
Scanning shows what's open. Enumeration shows what's exploitable. This lesson goes deep on service-specific enumeration: SMB shares, web directories, SSH banners, SNMP communities.
Web (80/443), gobuster/feroxbuster for hidden paths, nikto for known issues. SMB (139/445), `smbclient -L //target -N` lists shares. SSH (22), banner reveals version → search exploit-db. SNMP (161), `snmpwalk` with `public` community often spills configs. FTP (21), anonymous login often allowed in CTFs.
Find hidden admin pages, backup files, configs:
# Gobuster (most common in CTFs)gobuster dir -u http://10.10.10.10 -w /usr/share/wordlists/dirb/common.txt# With extensionsgobuster dir -u http://10.10.10.10 -w wordlist.txt -x php,html,bak,old
1. Map every service to a version.
2. Search exploit-db, GitHub, CVE database for that version.
3. Check default credentials (admin/admin, root/toor).
4. Look for misconfigurations (anonymous FTP, public SMB shares).
5. Document everything before exploiting.
Pick.
Sign in and purchase access to unlock this lesson.