Breadth-first search
- Note everything down that comes to your mind when discovering the challenge (names, ports, services, nothing is done randomly and a lot of those are actual hints).
- Scan everything.
- Google every known protocol or port and version identified (you might find very easily exploitable processes).
- Once you are certain you have covered everything that’s open, start digging more deeply.
- Follow your intuition (that little bell that rings at the end of the first scan, saying “hoo this is open ??? nice.”) and try the leads you thought were the best ones initially.
- If or once you have proven your intuition wrong, you can start proceeding by elimination and go through all potential leads, one by one. [1]
Relevant Note(s):