Privilege escalation And Username Password

How would i know that i should use linux-exploit-suggester here or using linux or uname or id version through exploit-db or something else to privilege escalation.

One more thing when we found any password and username in Hacking course, sometimes it is used in mysql sometimes in phpadmin or in wordpress or normal login page or in ssh, how would i know where to use it

Getting good at privilege escalation is like training muscle memory. You need to keep looking and building patterns and tools and techniques that fit those patterns.
Suggestion: Start building a cheat sheet for scenarios that you have encountered and the method that worked for that one.

Similarly for credentials. As part of the recon phase you will find open terminals like web admin pages or a machine with ssh open. As you get credentials you will learn to spray them on artifacts or places you have already found before or find later as you explore the network.
Since all companies use different kinds of architecture its hard to predict. Its best if you keep a note of all credentials found and then use them against any authentication terminal you find later on.

1 Like