LabEx
Log InJoin For Free

Perform Penetration Testing with Nmap in Kali Linux

NmapNmapBeginner
Practice Now

Introduction

In this lab, you will learn how to perform penetration testing using Kali Linux, a popular Linux distribution designed for security auditing and penetration testing. You will be provided with a Metasploitable2 virtual machine, which is intentionally configured with various security vulnerabilities. The goal of this lab is to familiarize you with the Kali Linux environment, understand the concept of penetration testing, and practice exploiting vulnerabilities on the Metasploitable2 target.

This is a Guided Lab, which provides step-by-step instructions to help you learn and practice. Follow the instructions carefully to complete each step and gain hands-on experience. Historical data shows that this is a beginner level lab with a 89% completion rate. It has received a 100% positive review rate from learners.

Set up the Kali Linux and Metasploitable2 Environment

In this step, you will learn how to set up the Kali Linux and Metasploitable2 virtual machines provided in the lab environment.

  1. First of all, we need to get the ID of the Kali Linux image, and it could be shown by running the following command:
docker images

Start the Kali Linux container by running the following command, and you should replace image-id with the actual ID of the Kali Linux image:

docker run -ti --network host image-id bash
  1. Verify that the Metasploitable2 target is listed in the /etc/hosts file by running:
cat /etc/hosts

If the line 192.168.122.102 target is not present, add it using the following command:

echo "192.168.122.102 target" >> /etc/hosts
  1. Open a new terminal to start the Metasploitable2 virtual machine on the host machine by running:
sudo virsh start Metasploitable2

Wait for the target machine to start, it may take 1-3 minutes.

  1. Test the network connectivity between Kali Linux and Metasploitable2 by pinging the target (in Kali Linux virtual machine):
ping 192.168.122.102

or:

ping target

You should see the ping responses, indicating a successful network connection, it would take some time, and you can press Ctrl+C to quit.

Perform a TCP port scan

Kali Linux comes pre-installed with numerous security tools, including Nmap (network mapper), John the Ripper (password cracker), and Metasploit Framework (remote exploitation framework).

In this task, we will use Nmap to perform a TCP port scan. Here's an example code snippet that demonstrates a simple TCP port scan using Nmap, run the following command in the Kali Linux virtual machine set up last step:

nmap -sT -p1-1000 192.168.122.102

This command will perform a TCP connect scan on ports 1 to 1000 of the target host.

Perform a Basic Vulnerability Scan

In this step, you will learn how to perform a basic vulnerability scan on the Metasploitable2 target using Nmap.

  1. Inside the Kali Linux container, run the following command to scan the open ports on the Metasploitable2 target:
nmap -sV -p- 192.168.122.102

This command will perform a TCP connect scan on all ports of the target host and attempt to determine the service/version information for open ports.

  1. Observe the output, which will display a list of open ports and associated services running on the Metasploitable2 target.

Here's an example of the output you might see:

Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-01 12:34:56 EDT
Nmap scan report for target (192.168.122.102)
Host is up (0.00024s latency).
Not shown: 65533 closed ports
PORT     STATE SERVICE VERSION
21/tcp   open  ftp     vsftpd 2.3.4
22/tcp   open  ssh     OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
23/tcp   open  telnet  Linux telnetd
25/tcp   open  smtp    Postfix smtpd
80/tcp   open  http    Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.24 with Suhosin-Patch)
111/tcp  open  rpcbind 2 (RPC #100000)
139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
512/tcp  open  exec?
513/tcp  open  login?
514/tcp  open  shell?
1099/tcp open  rmiregistry GNU Classpath grmiregistry
1524/tcp open  ingreslock?
2121/tcp open  ccproxy-ftp Citrix CacheServer
2123/tcp open  gtp-user Citrix Gateway
3306/tcp open  mysql    MySQL 5.0.51a-3ubuntu5
5432/tcp open  postgresql PostgreSQL DB 8.3.0 - 8.3.7

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.45 seconds

This output shows various open ports and services running on the Metasploitable2 target, such as FTP, SSH, Telnet, HTTP, MySQL, and PostgreSQL.

Summary

In this lab, you learned about Kali Linux, a popular penetration testing and security auditing distribution, and Metasploitable2, a vulnerable virtual machine designed for practicing exploitation techniques. You set up the lab environment, including the Kali Linux container and the Metasploitable2 target, and performed a basic vulnerability scan using Nmap to identify open ports and services running on the target. This hands-on experience will help you understand the fundamentals of penetration testing and prepare you for more advanced techniques in future labs.

Related Nmap Courses
Quick Start with Nmap

Quick Start with Nmap

CybersecurityNmap
Beginner