During a PenTest you generally follow these six steps:

1. Pre-Engagement: Planning & Scope
2. Recon: Information Gathering
3. Scanning
4. Exploitation
5. Post-Exploitation
6. Post-Engagement: Report

Most important out of the six:

1. Recon (info gathering)
2. Scanning & Enumeration

If you do those two right and well, you should have no problem getting to where you need to go.

Therefore, if you are having problems getting to where you need to go, you probably missed something in your scanning and enumeration.

Enumeration: All enumeration means is “build a list.” You enumerate throughout this process, and it is essential for a successful hack.

VulnHub has a lot of practice machines you can download.

• VulnHub machines are virtual machines (VMs) and are built for VMWare.
• Debian 10 (Buster) runs VMWare Workstation fine. Debian 11 (Bullseye)… not so much.

List of VulHub machines similar to OSCP:

• https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms

• backup_zim_2020-10-04_2114.tar.gz
• backup_zim_2020-10-03_1751.tar.gz
• backup_zim_2020-10-07_0616.tar.gz
• backup_zim_2020-10-08_2127.tar.gz
• backup_zim_2020-11-05_2121.tar.gz
• backup_zim_2020-11-07_1937.7z