Exploitation Fundamentals

Exploitation is the phase where you actively leverage vulnerabilities to gain unauthorised access to a target system. In ethical hacking, exploitation proves that a vulnerability is real and demonstrates its potential impact to the organisation.

---

The Purpose of Exploitation

Exploitation in penetration testing serves to:

• Prove a vulnerability is exploitable, not just theoretical
• Demonstrate the real-world impact (data access, system control)
• Measure the depth of compromise possible
• Validate or invalidate security controls

Tip: Exploitation should be controlled and measured. The goal is to prove impact, not to cause damage. Always operate within the agreed scope and rules of engagement.

---

Key Concepts

Payloads

A payload is the code that runs on the target after a vulnerability is exploited:

Payload Type	Description	Example
Reverse shell	Target connects back to the attacker	windows/meterpreter/reverse_tcp
Bind shell	Target opens a port for the attacker to connect	linux/x86/shell_bind_tcp
Command execution	Runs a single command on the target	cmd/unix/reverse
Meterpreter	Advanced, in-memory payload with extensive features	windows/meterpreter/reverse_https
Web shell	Backdoor uploaded to a web server	PHP, ASP, JSP shells

Exploits

An exploit is code that takes advantage of a vulnerability to deliver a payload:

Vulnerability (the weakness)
        │
        ▼
Exploit (the attack code)
        │
        ▼
Payload (the code that runs after exploitation)
        │
        ▼
Access (shell, session, data)

Shells

Shell Type	Description
Reverse shell	Target initiates connection to attacker (bypasses firewalls)
Bind shell	Target listens on a port for attacker connection
Web shell	Command execution via a web interface
Meterpreter	Feature-rich Metasploit shell (file operations, pivoting, screenshots)

---

Metasploit Framework

Metasploit is the most widely used exploitation framework:

Architecture

┌────────────────────────────────────┐
│          Metasploit Framework       │
│                                     │
│  ┌──────────┐  ┌──────────────┐    │
│  │ Exploits │  │ Auxiliary     │    │
│  │ (2000+)  │  │ (scanners,   │    │
│  │          │  │  fuzzers)    │    │
│  └──────────┘  └──────────────┘    │
│  ┌──────────┐  ┌──────────────┐    │
│  │ Payloads │  │ Post-Exploit │    │
│  │ (500+)   │  │ Modules      │    │
│  └──────────┘  └──────────────┘    │
│  ┌──────────┐  ┌──────────────┐    │
│  │ Encoders │  │ Evasion      │    │
│  │          │  │ Modules      │    │
│  └──────────┘  └──────────────┘    │
└────────────────────────────────────┘

Basic Workflow

# Start Metasploit console
msfconsole