jramos/seclab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
seclab/MOD3_Exploitation.md
jramos 6d0035721e initial commit
2026-05-28 18:27:41 -06:00

58 lines
2.5 KiB
Markdown
Raw Permalink Blame History

# FILE: MOD3_Exploitation.md
# MODULE 3: EXPLOITATION & POST-EXPLOITATION
## ⚠️ ETHICAL USE DISCLAIMER
**This module teaches offensive security techniques for AUTHORIZED ENVIRONMENTS ONLY.**
- All exploits demonstrated are against VMs you own
- Never use these techniques on systems without explicit written permission
- Unauthorized computer access is illegal (Computer Fraud and Abuse Act, 18 U.S.C. § 1030)
- Purpose: Learn offensive techniques to better defend systems
## Learning Objectives
By completing this module, you will:
- Match discovered services to known CVEs (Common Vulnerabilities and Exposures)
- Configure and execute exploits using Metasploit Framework
- Understand the difference between bind and reverse shells
- Perform post-exploitation enumeration and privilege escalation
- Maintain persistent access to compromised systems (lab environment only)
- Document exploitation chains for penetration testing reports
---
## Key Concepts
### Vulnerability Assessment
**CVE (Common Vulnerabilities and Exposures):** Standardized identifiers for publicly known security vulnerabilities.
- Example: CVE-2011-2523 (vsftpd 2.3.4 backdoor)
- Database: https://cve.mitre.org or https://nvd.nist.gov
### The Metasploit Framework
**Architecture:**
- **Exploits:** Code that takes advantage of vulnerabilities
- **Payloads:** Code executed after successful exploit (shells, backdoors)
- **Auxiliary:** Scanner and fuzzer modules (non-exploit)
- **Post:** Post-exploitation modules (privilege escalation, credential harvesting)
### Shells Explained
**Reverse Shell (Attacker Listens):**
```
Attacker Target
| |
| (Listening :4444) |
|<--- Connect to Attacker --| (Target initiates connection)
|---- Shell Access -------->|
```
**Why better?** Bypasses inbound firewall rules. Victim initiates "outbound" connection.
---
## Professor's Guide
Once you select an exploit (`use exploit/...`), you must configure the `RHOSTS` (Remote Host / Target IP) and your `LHOST` (Local Host / Kali IP). The payload is crucial—set it to a reverse shell (`set payload linux/x86/meterpreter/reverse_tcp`). When you type `exploit`, Kali will send the malicious traffic, and if successful, the target will connect *back* to you, bypassing inbound firewall rules.
Once you have the Meterpreter session, practice commands like `sysinfo`, `hashdump`, and `shell` to interact with the compromised operating system.
**CONTINUED IN FULL VERSION - See MOD3_Exploitation_FULL.md for complete detailed labs**
---
**END OF MODULE 3 PREVIEW**
Reference in New Issue View Git Blame Copy Permalink