During a PenTest you generally follow these six steps:

1. Pre-Engagement: Planning & Scope
2. Recon: Information Gathering
3. Scanning
4. Exploitation
5. Post-Exploitation
6. Post-Engagement: Report

Most important out of the six:

1. Recon (info gathering)
2. Scanning & Enumeration

• If you do those two right and well, you should have no problem getting to where you need to go.
• Therefore, if you are having problems getting to where you need to go, you probably missed something in your scanning and enumeration.

Enumeration: All enumeration means is “build a list.” You enumerate throughout this process, and it is essential for a successful hack.

VulnHub has a lot of practice machines you can download.

• VulnHub machines are virtual machines (VMs) and are built for VMWare.
• Debian 10 (Buster) runs VMWare Workstation fine. Debian 11 (Bullseye)… not so much.

List of VulHub machines similar to OSCP:

• https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms

• backup_zim_2020-10-04_2114.tar.gz
• backup_zim_2020-10-03_1751.tar.gz
• backup_zim_2020-10-07_0616.tar.gz
• backup_zim_2020-10-08_2127.tar.gz
• backup_zim_2020-11-05_2121.tar.gz
• backup_zim_2020-11-07_1937.7z