- scan all with unicorn
- list all services and versions
- search for dependencies
- You're already lost, so take your time
- You don't have time to search vuln in a non custom application
- Know app -> know exploit
- If you have login form on known app, search on the web defaults credentials!
- enumerate all before exploit. Are you sure you don't miss something? Can you verify if the exploit work BEFORE executing it?
- There are someway several versions of an exploit
- You can read by web traversal, can't you execute some file?
- for login, always try a cewl or think about context. The name of your target is not in all the seclist dictionnaries
- if an edb don't work, try google to find better exploit.