Whenever we are in a pentest, there is things we have to take into consideration while infiltrating a machine or exploiting it’s services. there is also different entry points to the target whether it’s a misconfigured access control or a vulnerabilty of some sort.

Moving forward, the first step in a red team pentest is the following:

Information gathering, by that I’ll leverage the tools to gather as much information about the target as possible to later use those info to get access on the system.

Always when we want to see if the target is up and running we send ICMP Requests to see if it’s live and online:

Next for initial scan we scan with nmap :

└─# nmap -sC -sV 192.168.176.28 -oA initial -v

`|_ Supported Methods: GET HEAD POST OPTIONS
|_http-favicon: Unknown favicon MD5: 2D58FC0104110AF4C9BE979DFD8FD83C
|_http-title: PluXml - Blog or CMS, XML powered !
|_http-server-header: Apache/2.4.56 (Debian)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel`

Next, just to make sure I’m not missing any crucial information I’ll run a full scan:

└─# nmap -p- -sC -sV 192.168.176.28 -oA full -v