Penetration Testing with Kali Linux | Cybersecurity Lab

LabEx
4 min readOct 7, 2024

--

Cover

Introduction

MindMap

In this lab, you will learn how to perform penetration testing using Kali Linux, a popular Linux distribution designed for security auditing and penetration testing. You will be provided with a Metasploitable2 virtual machine, which is intentionally configured with various security vulnerabilities. The goal of this lab is to familiarize you with the Kali Linux environment, understand the concept of penetration testing, and practice exploiting vulnerabilities on the Metasploitable2 target.

Set up the Kali Linux and Metasploitable2 Environment

In this step, you will learn how to set up the Kali Linux and Metasploitable2 virtual machines provided in the lab environment.

  1. First of all, we need to get the ID of the Kali Linux image, and it could be shown by running the following command:
docker images

Start the Kali Linux container by running the following command, and you should replace image-id with the actual ID of the Kali Linux image:

docker run -ti --network host image-id bash
  1. Verify that the Metasploitable2 target is listed in the /etc/hosts file by running:
cat /etc/hosts

If the line 192.168.122.102 target is not present, add it using the following command:

echo "192.168.122.102 target" >> /etc/hosts
  1. Open a new terminal to start the Metasploitable2 virtual machine on the host machine by running:
sudo virsh start Metasploitable2
  1. Test the network connectivity between Kali Linux and Metasploitable2 by pinging the target (in Kali Linux virtual machine):
ping 192.168.122.102

or:

ping target

You should see the ping responses, indicating a successful network connection, it would take some time, and you can press Ctrl+C to quit.

Perform a TCP port scan

Kali Linux comes pre-installed with numerous security tools, including Nmap (network mapper), John the Ripper (password cracker), and Metasploit Framework (remote exploitation framework).

In this task, we will use Nmap to perform a TCP port scan. Here’s an example code snippet that demonstrates a simple TCP port scan using Nmap, run the following command in the Kali Linux virtual machine set up last step:

nmap -sT -p1-1000 192.168.122.102

This command will perform a TCP connect scan on ports 1 to 1000 of the target host.

Perform a Basic Vulnerability Scan

In this step, you will learn how to perform a basic vulnerability scan on the Metasploitable2 target using Nmap.

  1. Inside the Kali Linux container, run the following command to scan the open ports on the Metasploitable2 target:
nmap -sV -p- 192.168.122.102

This command will perform a TCP connect scan on all ports of the target host and attempt to determine the service/version information for open ports.

  1. Observe the output, which will display a list of open ports and associated services running on the Metasploitable2 target.

Here’s an example of the output you might see:

Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-01 12:34:56 EDT
Nmap scan report for target (192.168.122.102)
Host is up (0.00024s latency).
Not shown: 65533 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.3.4
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
23/tcp open telnet Linux telnetd
25/tcp open smtp Postfix smtpd
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.24 with Suhosin-Patch)
111/tcp open rpcbind 2 (RPC #100000)
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
512/tcp open exec?
513/tcp open login?
514/tcp open shell?
1099/tcp open rmiregistry GNU Classpath grmiregistry
1524/tcp open ingreslock?
2121/tcp open ccproxy-ftp Citrix CacheServer
2123/tcp open gtp-user Citrix Gateway
3306/tcp open mysql MySQL 5.0.51a-3ubuntu5
5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.45 seconds

This output shows various open ports and services running on the Metasploitable2 target, such as FTP, SSH, Telnet, HTTP, MySQL, and PostgreSQL.

Summary

In this lab, you learned about Kali Linux, a popular penetration testing and security auditing distribution, and Metasploitable2, a vulnerable virtual machine designed for practicing exploitation techniques. You set up the lab environment, including the Kali Linux container and the Metasploitable2 target, and performed a basic vulnerability scan using Nmap to identify open ports and services running on the target. This hands-on experience will help you understand the fundamentals of penetration testing and prepare you for more advanced techniques in future labs.

Want to Learn More?

--

--

LabEx

LabEx is an AI-assisted, hands-on learning platform for tech enthusiasts, covering Programming, Data Science, Linux and other areas.