root@rumais:~# enumerate --surface web

root@rumais:~# inspect basicpentesting

Basic Pentesting

Linux room covering service enumeration, initial access, and privilege escalation. This page combines the local notes, supporting artifacts, and a cleaned-up summary of the room path.

Room Details

Built from supporting notes and artifacts. This room is grouped under Linux and PrivEsc.

Linux and PrivEsc 1 docx note 1 command artifact

Summary

Basic Pentesting usually walks through classic Linux enumeration: discover SMB and web services, recover clues or usernames, brute-force or reuse credentials for SSH, then enumerate the user context to collect the final proof material.

SMB and web enumeration username discovery SSH credential attack post-login enumeration

Notes

Recon

  • Basic Pentesting is best approached through structured enumeration rather than noisy exploitation.
  • The early workflow usually centers on SMB and web enumeration, username discovery, which exposes the route into the room.

Initial Access

  • The intended foothold comes from following the attack path described in the room flow and validating the exposed service behavior.
  • In practice, this means converting the discovered clues into working access through SMB and web enumeration and adjacent enumeration findings.

Privilege Escalation

  • After the first foothold, the room shifts into post-exploitation and local review.
  • The key escalation themes are SSH credential attack, post-login enumeration, which complete the move to the final proof material.

Security Notes

  • Basic Pentesting reinforces how small exposure points compound when enumeration is disciplined and service relationships are understood.
  • The defensive lesson is to reduce credential reuse, remove unnecessary trust paths, and harden secondary services before they become the pivot.

    Collected Output

nmap-initial

# Nmap 7.91 scan initiated Thu Jun 17 11:40:49 2021 as: nmap -sC -sV -O -oN ./nmap-initial 10.10.116.252
Nmap scan report for 10.10.116.252
Host is up (0.46s latency).
Not shown: 963 closed ports, 31 filtered ports
PORT     STATE SERVICE     VERSION
22/tcp   open  ssh         OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 db:45:cb:be:4a:8b:71:f8:e9:31:42:ae:ff:f8:45:e4 (RSA)
|   256 09:b9:b9:1c:e0:bf:0e:1c:6f:7f:fe:8e:5f:20:1b:ce (ECDSA)
|_  256 a5:68:2b:22:5f:98:4a:62:21:3d:a2:e2:c5:a9:f7:c2 (ED25519)
80/tcp   open  http        Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).
139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp  open  netbios-ssn Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP)
8009/tcp open  ajp13       Apache Jserv (Protocol v1.3)
| ajp-methods: 
|_  Supported methods: GET HEAD POST OPTIONS
8080/tcp open  http        Apache Tomcat 9.0.7
|_http-favicon: Apache Tomcat
|_http-title: Apache Tomcat/9.0.7
Aggressive OS guesses: Linux 3.10 - 3.13 (95%), Linux 5.4 (95%), ASUS RT-N56U WAP (Linux 3.4) (95%), Linux 3.16 (95%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), Sony Android TV (Android 5.0) (92%), Android 5.0 - 6.0.1 (Linux 3.4) (92%), Android 5.1 (92%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 4 hops
Service Info: Host: BASIC2; OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host script results:
|_clock-skew: mean: 1h20m00s, deviation: 2h18m36s, median: 0s
|_nbstat: NetBIOS name: BASIC2, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| smb-os-discovery: 
|   OS: Windows 6.1 (Samba 4.3.11-Ubuntu)
|   Computer name: basic2
|   NetBIOS computer name: BASIC2\x00
|   Domain name: \x00
|   FQDN: basic2
|_  System time: 2021-06-17T02:15:14-04:00
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   chall