You go through each of these five stages during ever pentest you do.

1. Reconnaissance (active vs. passive)
   1. Active: Actually engage the target
   2. Passive: Googling, etc. (not directly against the target)
2. Scanning & Enumeration (Nmpa, Nessus, Nikto, etc.)
3. Exploitation (gaining access)
4. Maintaining Access
5. Covering Your Tracks (clean up what you did, create, broke, etc.)

Lather, rinse, repeat…

Most important out of the five:

1. Recon (info gathering)
2. Scanning & Enumeration

If you do those two right and well, you should have no problem getting to where you need to go.

Therefore, if you are having problems getting to where you need to go, you probably missed something in your scanning and enumeration.

VulnHub has a lot of practice machines you can download.

• VulnHub machines are virtual machines (VMs) and are built for VMWare.
• Debian 10 (Buster) runs VMWare Workstation fine. Debian 11 (Bullseye)… not so much.

List of VulHub machines similar to OSCP:

• https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms

• backup_zim_2020-10-04_2114.tar.gz
• backup_zim_2020-10-03_1751.tar.gz
• backup_zim_2020-10-07_0616.tar.gz
• backup_zim_2020-10-08_2127.tar.gz
• backup_zim_2020-11-05_2121.tar.gz