In Chapter 3, Exploitation on the Cloud using Kali Linux, we learned how to perform a penetration test on a vulnerable machine running on AWS. This chapter aims to help the reader set up a vulnerable lab for advanced penetration tests and more real-life scenarios. This lab will give an insight into common security misconfigurations that DevOps engineers make in the continuous integration and continuous delivery (CI/CD) pipeline.

This chapter focuses on setting up a vulnerable Jenkins installation on a Linux virtual machine (VM) and then performing a penetration test using the techniques that we learned in Chapter 3, Exploitation on the Cloud using Kali Linux. Also, we will take a look at some more techniques for scanning and information gathering to aid our penetration testing. And finally, once we have compromised our target, we will learn techniques to pivot and gain access to internal networks in the cloud.

In this chapter, we will cover the following:

• Setting up a vulnerable Jenkins server in our virtual lab
• Configuring and securing the virtual lab to prevent unintended access
• Performing a penetration test on the vulnerable machine and learning more scanning techniques
• Compromising our target and then performing post-exploitation activities