This chapter provided a solid introduction to exploitation. By taking advantage of Kioptrix, which is an intentionally vulnerable Linux distribution, we were able to get hands-on practice in locating exploits on Exploit-DB and on Kali, and then correcting any errors we found in that code. We looked at the steps necessary to truly understand the penetration testing exploitation phase such as banner grabbing and transferring files to and from an exploited machine.

We looked at password cracking and brute forcing with John the Ripper, which needs to be understood in depth to prepare for later chapters. Password cracking is not going to go away anytime soon and expertise on this subject can be very beneficial in the long term.

The chapter also covered the steps necessary to transfer files to and from an exploited machine; this included the setup and configuration of the FTP daemon that comes preinstalled with Kali.

Finally, we wrapped up the chapter with a look at Metasploit and how it can be used to simplify the task of penetration testing in many different ways. By performing hands-on exercises, it quickly became clear that although manually finding and compiling exploit code can be beneficial, using Metasploit can significantly increase your overall productivity.

In the next chapter, we will address techniques necessary to test the security of web applications and their underlying infrastructure. This includes detection of load balancers and web application firewalls. Also discussed is the use of tools such as w3af and WebScarab. In addition, our virtual lab is extended greatly with the addition of several machines including pfSense and Kioptrix Level 3.