Lesson Notes
Exploitation with Metasploit
Module 6: Ethical Hacking Phases. SSL exploits.
Module 6: Exploitation with Metasploit — Comprehensive Theory Guide
The Metasploit Framework is a platform for developing, organizing, and running exploits against known vulnerabilities. It includes thousands of modules: exploits (code that takes advantage of a specific vuln), payloads (what runs after a successful exploit, e.g. a reverse shell), auxiliary modules (scanners, fuzzers), and post-exploitation modules. Many modules target SSL/TLS-related issues—e.g. Heartbleed (CVE-2014-0160), which leaks server memory over the TLS heartbeat extension, or exploits that abuse weak cipher or protocol handling where applicable. This lesson explains how to select a target service in your lab (e.g. Metasploitable), find a matching exploit, set options (RHOSTS, RPORT, payload), and run the module. You will also understand payloads (reverse vs bind shell, Meterpreter) and post-exploitation basics. Use Metasploit only in a lab you own or have explicit permission to test.
Exploit Modules: Matching Target to Vulnerability
Each exploit module targets a specific vulnerability in a specific product and version (e.g. Apache Struts CVE-2017-5638, or OpenSSL Heartbleed). You must match the target: use Nmap version detection (-sV) to identify the service and version, then search Metasploit (search cve:2014-0160 or search heartbleed) for a matching module. Set required options: usually RHOSTS (target IP), RPORT (target port), and sometimes LHOST/LPORT for callbacks. Not every CVE has a Metasploit module; and modules may need tuning (e.g. target-specific offsets). Always run in an isolated lab so you understand the attack and can recommend patching or mitigation.
Payloads: Reverse Shell, Bind Shell, and Meterpreter
After the exploit gains execution, the payload runs on the target. A reverse shell payload connects back to your machine (you listen with a handler, e.g. multi/handler; the payload connects to LHOST:LPORT). A bind shell payload opens a port on the target and waits for you to connect. Meterpreter is an advanced payload: it provides a rich shell with file upload/download, keylogging, persistence, and network pivoting, and it communicates over an encrypted channel. You choose the payload when configuring the exploit (set payload linux/x64/meterpreter/reverse_tcp, etc.). Encoded payloads can help evade simple signature-based detection; Metasploit can encode automatically. In the lab, use reverse TCP or Meterpreter and observe the callback in the handler.
SSL/TLS-Related Exploits in Metasploit
Metasploit includes modules for SSL/TLS-related vulnerabilities. Heartbleed (auxiliary/scanner/ssl/openssl_heartbleed) sends malformed heartbeat requests to leak server memory—no authentication needed, and the leaked data may contain session keys or credentials. Other modules may target weak cipher negotiation or protocol downgrade. Using these in a lab demonstrates why patching and TLS hardening (disable weak ciphers, update OpenSSL) are critical. Document the steps and impact for your report; recommend remediation (patch, disable affected features, restrict TLS config).
Post-Exploitation and Cleanup
After a successful exploit, you may run post-exploitation modules: gather credentials, enumerate the system, or pivot. In a real engagement, scope defines what is allowed. In a lab, practice gathering evidence (hostname, users, network config) and then clean up: close the session, remove any dropped files or persistence you added. Metasploit is a learning and testing tool—use it to understand how attacks work and how to fix or mitigate them. Next: maintaining access and pivoting, including encrypted C2 and SSH tunneling.
Key Takeaway for Lesson 22
Metasploit provides exploit, payload, and post-exploitation modules for known vulnerabilities, including SSL/TLS-related issues. Match the target (version from Nmap) to the right module; set RHOSTS, payload, and callback options; run only in your lab. Understand reverse/bind shells and Meterpreter. Use findings to recommend patching and hardening. Next: maintaining access and pivoting.