Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Kali Linux 2 ??? Assuring Security by Penetration Testing

You're reading from   Kali Linux 2 ??? Assuring Security by Penetration Testing Achieve the gold standard in penetration testing with Kali using this masterpiece, now in its third edition!

Arrow left icon
Product type Paperback
Published in Sep 2016
Publisher Packt
ISBN-13 9781785888427
Length 572 pages
Edition 3rd Edition
Arrow right icon
Authors (4):
Arrow left icon
Tedi Heriyanto Tedi Heriyanto
Author Profile Icon Tedi Heriyanto
Tedi Heriyanto
Gerard Johansen Gerard Johansen
Author Profile Icon Gerard Johansen
Gerard Johansen
Lee Allen Lee Allen
Author Profile Icon Lee Allen
Lee Allen
Shakeel Ali Shakeel Ali
Author Profile Icon Shakeel Ali
Shakeel Ali
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Beginning with Kali Linux FREE CHAPTER 2. Penetration Testing Methodology 3. Target Scoping 4. Information Gathering 5. Target Discovery 6. Enumerating Target 7. Vulnerability Mapping 8. Social Engineering 9. Target Exploitation 10. Privilege Escalation 11. Maintaining Access 12. Wireless Penetration Testing 13. Kali Nethunter 14. Documentation and Reporting A. Supplementary Tools B. Key Resources Index

Installing a vulnerable server

In this section, we will install a vulnerable virtual machine as a target virtual machine. This target will be used in several chapters of the book, when we explain particular topics. The reason we chose to set up a vulnerable server in our machine instead of using vulnerable servers available on the Internet is because we don't want you to break any laws. We should emphasize that you should never pen test other servers without written permission. Another purpose of installing another virtual machine would be to improve your skills in a controlled manner. This way, it is easy to fix issues and understand what is going on in the target machine when attacks do not work.

In several countries, even port scanning a machine that you don't own can be considered a criminal act. Also, if something happens to the operating system using a virtual machine, we can repair it easily.

The vulnerable virtual machine that we are going to use is Metasploitable 2. The famous HD Moore of Rapid7 creates this vulnerable system.

Note

There are other deliberately vulnerable systems besides Metasploitable 2 that you can use for your penetration testing learning process, as can be seen on the following site: http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/.

Metasploitable 2 has many vulnerabilities in the operating system, network, and web application layers.

Note

Information about the vulnerabilities contained in Metasploitable 2 can be found on the Rapid7 site at https://community.rapid7.com/docs/DOC-1875.

To install Metasploitable 2 in Virtual Box, you can perform the following steps:

  1. Download the Metasploitable 2 file from http://sourceforge.net/projects/metasploitable/files/Metasploitable2/.
  2. Extract the Metasploitable 2 ZIP file. After the extraction process is completed successfully, you will find five files:
    Metasploitable.nvram
    Metasploitable.vmdk
    Metasploitable.vmsd
    Metasploitable.vmx
    Metasploitable.vmxf
  3. Create a new virtual machine in VirtualBox. Set Name to Metasploitable2, operating system to Linux, and Version to Ubuntu.
  4. Set the memory to 1024MB.
  5. In the Virtual Hard Disk setting, select Use existing hard disk. Choose the Metasploitable files that we have already extracted in the previous step:
  6. Change the network setting to Host-only adapter to make sure that this server is accessible only from the host machine and the Kali Linux virtual machine. The Kali Linux virtual machine's network setting should also be set to Host-only adapter for pen-testing local VMs.
  7. Start the Metasploitable 2 virtual machine. After the boot process is finished, you can log in to the Metasploitable 2 console using the following credentials:
    • Username: msfadmin
    • Password: msfadmin

The following is the Metasploitable 2 console after you have logged in successfully:

Installing a vulnerable server
You have been reading a chapter from
Kali Linux 2 ??? Assuring Security by Penetration Testing - Third Edition
Published in: Sep 2016
Publisher: Packt
ISBN-13: 9781785888427
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime