In this chapter, you will start seeing some actual attacks and get inside the systems. In the previous chapter, you had all the information about each service, and in this one, we will take this step further and exploit the vulnerabilities.

On top of this, you will learn about vulnerabilities assessment in a typical organization, which will be helpful if you want to make security your career.

In this chapter, you will learn about the following:

• Vulnerabilities assessment
• Public research for exploits
• FTP service exploitation
• SSH service exploitation
• Telnet service exploitation
• E‐mail server exploitation
• Docker engine exploitation
• Jenkins portal exploitation
• Reverse shells
• Exploiting the SMB protocol

Vulnerabilities Assessment

An automated vulnerabilities assessment consists of using professional scanners that find vulnerabilities on a remote host in the network (or multiple ones in a subnet). In the previous chapter, we used the script scan in Nmap. In general, most scripts in Nmap (not all of them) will execute some necessary checks for vulnerabilities. For example, when you run the FTP* script option, it will include the vulnerabilities scanning in Nmap. If you want to be specific, you can use the option ftp‐vuln* to achieve the end results. Note that a vulnerability assessment is a little bit related to patch management. If you are working in an enterprise environment, you will encounter this task a lot, more than penetration testing itself. ...