In the Chapter 2, Setting Up a Kali PentestBox on the Cloud, we set up a penetration testing lab as well as the Kali Linux PentestBox configured with remote access. It is time to start performing some scanning and exploitation using the PentestBox on the vulnerable hosts in the lab.

This chapter will focus on the process of automated vulnerability scans using the free version of a commercial tool and then exploiting the found vulnerabilities using Metasploit. These vulnerabilities were baked into the lab environment earlier, on the vulnerable hosts that were configured in Chapter 1, Setting up a Pentesting Lab on AWS, and Chapter 2, Setting up a Kali PentestBox on the Cloud.

The following topics will be covered in this chapter:

• Running automated scans with Nessus and verifying the vulnerabilities that are found
• Exploitation using Metasploit and Meterpreter
• Exploiting vulnerable Linux and Windows virtual machines (VMs)