Hello together.

I need your help. Im a junior Pentester.

Tomorrow I need to pentest a Macintosh workstation but I have no idea where to start. Users can login via LDAP and I will do a white box pentest.

Any suggestions where to start?

Shouldn’t you have learned that?

Umm penetrating without knowing how to pentest?

@C0D4 ikr. Did he sleep during classes?

C'mon now guys, maybe he just don't really know it. I have better question tho: why take something you don't know?

Yea guys pretty nice answers...

I'm still learning but thanks.

And yea I took it for the challenge and for learning purposes.

Do my homework :/

Do some nmap scans and search for LDAP vulns.

Rather than posting here search Google for commonly known exploits for that Mac os version. Setup the Mac os in your local computer practice on it. Other than this best of luck

@HampusMa @C0D4 I've done years of pentesting (hobby) but mostly in the web stack, this field is so wide!

I'd have no clue how to do that myself (mac), I'd say search for local vulns indeed, is social engineering allowed?

Good luck!

Thank you guys for your constructive help!

You're not like the other trolls.

It's always about learning in penetration testing.

I suggest running a nmap port scan scan for services to perform a banner grab provided that they aren't using ids like snort or anything banner grabs are noisy. Next if you can find the server version search to see if it had any vulnerabilities that allow rce i suggest looking in the online cve database or exploitdb

I suppose a screwdriver is out of the question?

Anyway. Start with nmap, scrape versions wherever you can, look for vulnerabilities.

Thanks guys! Helped me out a lot:)