What You’ll Learn
Prerequisites
Step 1: Get the Target IP
Step 2: Scan with Nmap
Step 3: Understand the Vulnerability
Step 4: Start Metasploit on kali
Step 5: Find the Exploit
Step 6: Load the Exploit
Step 7: Set Target IP
Step 8: Run the Exploit
Step 9: Confirm Access One of the biggest turning points in learning cybersecurity is understanding how attackers move from: Discovery → Exploitation → Access In a training session I led, students went from running a simple scan to gaining root access on a vulnerable machine. The excitement was great — but the real value was understanding how and why it worked. In this guide, you'll replicate that exact process step by step. Make sure your lab is ready: Look for something like: Detects service versions
Helps you find known vulnerabilities Key Result
21/tcp open ftp vsftpd 2.3.4 👉 This is your entry point. vsftpd 2.3.4 contains a backdoor. Trigger condition:
Login using a username ending with:
:)
What happens:
A shell opens on port 6200 This is intentionally vulnerable — perfect for learning exploitation. Expected result:
exploit/unix/ftp/vsftpd_234_backdoor use exploit/unix/ftp/vsftpd_234_backdoor Command shell session 1 opened 🎉 You now have root access. Key Concepts (Simple Breakdown) Reconnaissance
Finding open ports and services
Example tool: Nmap Enumeration
Identifying versions and weaknesses
This is where real attack paths appear Exploitation
Using a vulnerability to gain access
In this case: a built-in backdoor Metasploit
A framework that automates exploitation
Saves time and standardizes attacks Common Beginner Mistakes Check both VMs are on the same network Forgetting RHOST
set RHOST target_ip Blindly Running Exploits Don’t just run tools — ask: Why does this vulnerability exist?
What triggered it?
How would this look in a real system?
Pro Tips
Run deeper scans
nmap -A target_ip
Think like a professional Scan
Identify
Research
Exploit
Validate
Conclusion This lab shows a complete beginner-friendly attack chain: Discover a service
Identify its version
Find a vulnerability
Exploit it
Gain access Even though this is a deliberately vulnerable system, the process is exactly how real penetration testing works. The goal is not just to hack — but to understand. Next Steps
Repeat this lab without guidance
Document it on GitHub (build your portfolio)
Try another vulnerable service on Metasploitable2
Final Note If you're learning cybersecurity: Stay consistent.
Stay curious.
Keep building. Follow for more hands-on cybersecurity labs and real-world breakdowns. Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse - How to scan a target using Nmap
- How to identify vulnerable services
- How the vsftpd 2.3.4 backdoor works
- How to exploit it using Metasploit
- How to gain root access - Kali Linux (attacker) - Metasploitable2 (target) - Both machines on the same network (NAT or Host-only) - Skipping Version Detection - Using the Wrong IP
Mixing attacker and target IP
Using 127.0.0.1 incorrectly - Network Misconfiguration - Forgetting RHOST
set RHOST target_ip
- Blindly Running Exploits
