As always in every penetration testing engagements we start by reconnaissance and information gathering, in this step we try to get as much information about the target as possible.

We can achieve that by using various of tools and techniques to obtain foothold on the target, by using enumeration, scanning and other recon techniques.

In this lab we are tasked to pentest this Linux Lab : Astronaut on Offsec’s Proving grounds :

First step will be to check if the target is up and running, we could do so by sending ICMP requests to check if we can communicate with the target:

ping 192.168.193.98

Next I’ll scan the target by using nmap :

nmap -sC -sV 192.168.132.12 -oA initial -Pn -v

We can see that there is two open ports on the target, next I’d initiate a full scan on the target, just to make sure we are not missing anything important.

nmap -p- -sC -sV 192.168.132.12 -oA full -Pn -v

However something worth mentioning port 80 is the web-directory : 2021–03–17 17:46 grav-admin/

The webpage is running Grav-CMS, the next step is to identify the version number.