# FILE: MOD3_Exploitation.md
# MODULE 3: EXPLOITATION & POST-EXPLOITATION

## ⚠️ ETHICAL USE DISCLAIMER
**This module teaches offensive security techniques for AUTHORIZED ENVIRONMENTS ONLY.**
- All exploits demonstrated are against VMs you own
- Never use these techniques on systems without explicit written permission
- Unauthorized computer access is illegal (Computer Fraud and Abuse Act, 18 U.S.C. § 1030)
- Purpose: Learn offensive techniques to better defend systems

## Learning Objectives
By completing this module, you will:
- Match discovered services to known CVEs (Common Vulnerabilities and Exposures)
- Configure and execute exploits using Metasploit Framework
- Understand the difference between bind and reverse shells
- Perform post-exploitation enumeration and privilege escalation
- Maintain persistent access to compromised systems (lab environment only)
- Document exploitation chains for penetration testing reports

---

## Key Concepts

### Vulnerability Assessment
**CVE (Common Vulnerabilities and Exposures):** Standardized identifiers for publicly known security vulnerabilities.
- Example: CVE-2011-2523 (vsftpd 2.3.4 backdoor)
- Database: https://cve.mitre.org or https://nvd.nist.gov

### The Metasploit Framework
**Architecture:**
- **Exploits:** Code that takes advantage of vulnerabilities
- **Payloads:** Code executed after successful exploit (shells, backdoors)
- **Auxiliary:** Scanner and fuzzer modules (non-exploit)
- **Post:** Post-exploitation modules (privilege escalation, credential harvesting)

### Shells Explained

**Reverse Shell (Attacker Listens):**
```
Attacker                    Target
   |                           |
   |      (Listening :4444)    |
   |<--- Connect to Attacker --| (Target initiates connection)
   |---- Shell Access -------->|
```
**Why better?** Bypasses inbound firewall rules. Victim initiates "outbound" connection.

---

## Professor's Guide
Once you select an exploit (`use exploit/...`), you must configure the `RHOSTS` (Remote Host / Target IP) and your `LHOST` (Local Host / Kali IP). The payload is crucial—set it to a reverse shell (`set payload linux/x86/meterpreter/reverse_tcp`). When you type `exploit`, Kali will send the malicious traffic, and if successful, the target will connect *back* to you, bypassing inbound firewall rules.
Once you have the Meterpreter session, practice commands like `sysinfo`, `hashdump`, and `shell` to interact with the compromised operating system.

**CONTINUED IN FULL VERSION - See MOD3_Exploitation_FULL.md for complete detailed labs**

---

**END OF MODULE 3 PREVIEW**