One you’ve found a target and it’s time to dig in a little more to find a way in, start with scanning. Try to Follow these steps: Determine if the system alive Try using ping sweeps, nmap offers this with the -sP option ICMP Queries offer a wide range of information about a target Determine which services are running/listening Sending packets to TCP / UDP ports to see what is listening There are a variety of tools, nmap, netcat, and strobe are examples Determine the Operating System Get content info from FTP, HTTP, or others.

Footprinting is gathering information about a target before attempting to hack them. There are a few ways to do it but the important part is getting the right details, What kind of servers are in use, What kind of operating system is in use, What is the deployment and version control systems in place… Things like these will lead you to what vulnerabilities to use to get into the system