As always in every penetration testing engagements we start by reconnaissance and information gathering, in this step we try to get as much information about the target as possible.

We can achieve that by using various of tools and techniques to obtain foothold on the target, by using enumeration, scanning and other recon techniques.

In this lab we are tasked to pentest this Linux Lab : BlackGate on Offsec’s Proving grounds :

First step will be to check if the target is up and running, we could do so by sending ICMP requests to check if we can communicate with the target by running this command :

ping 192.168.204.24

Next I’ll run the following command with rustscan to quickly scan for open ports :

┌──(root💀CSEC)-[/home/cyborgbytes/Documents/PGWriteupsOffsec/Levram]
└─# rustscan -a 192.168.204.24 --ulimit 5000 

Afterwards we can see the output as follows:

From the scan I can see that there is two open ports :

Port 22 
and 
Port 8000

going to the webpage on port 22 I can find that there is a login page and apparently I can login with default credentials: