Gobuster, dirbuster and sometimes dirb to enumerate the directories on port 80(or any HTTP port)
Burpsuite, to see what happens with the request and play with it and see if there’s anything that could get me somthing
Nikto, sometimes works on some of the boxes, shows some stuff that could be useful but that depends on the machine
Nmap/Masscan/Zenmap - Basically to scan available ports of the machine or to automate half of the enumeration automatically
exploit-db, searchsploit, to find any available exploits for a certain service (say SSHd for example)
Hydra, to bruteforce any login page (even though it’s not that needed, most of the time you will find login creds/hints after enumerating, but there are some machines that include that, so that could be useful to learn as well)
Metasploit/Rapid7, could get you somewhere useful if you’re talking about time, you can get it on your own as well, be sure to read the exploit in Rapid7
For priv esc you can use that: Basic Linux Privilege Escalation - g0tmi1k
pspy, to read crontabs on Linux
Also; https://netsec.ws/?p=309
There’s a lot of ways to do a machine, each machine is unique in it’s own way. The best you can do in my opinion is to get a VIP and work on retired machines, that way if you get stuck - you can read a write up. Also watching Ippsec’s videos could help you with the flow/methodology
Always ask google or any search engine, you can get pretty useful things from there and understand stuff better, because most of the time you will be spending your time there, learning about a new thing that the box will require. Good luck 3: