As always in every penetration testing engagements we start by reconnaissance and information gathering, in this step we try to get as much information about the target as possible.

We can achieve that by using various of tools and techniques to obtain foothold on the target, by using enumeration, scanning and other recon techniques.

In this lab we are tasked to pentest this Linux Lab : Codo on Offsec’s Proving grounds :

First step will be to check if the target is up and running, we could do so by sending ICMP requests to check if we can communicate with the target:

Next I’ll start with the initial scan with Rustscan because why not?! to check for open ports:

From the output we can see two open ports :

port 80 running on HTTP and port 22 running on SSH

Afterwards, I’ll navigate to the webpage running on port 80 and while I do that I’ll do two things, First I’ll run a full scan with nmap and second I’ll enumerate for possible web directories on port 80.