Metasploit Video Examples

Metasploit in Action

Reading about Metasploit is one thing, but seeing it execute a successful exploit is another entirely. Below are two recorded examples demonstrating how to use the Metasploit Framework to gain shell access to remote machines.

Before watching, it’s important to understand the difference between the two types of shells demonstrated:

1. Bind Shell: The attacker forces the target machine to open a specific port and “bind” a command prompt to it. The attacker then connects to that port. This is often blocked by modern Firewalls.
2. Reverse Shell: The attacker sets up a listening server on their own machine. The malicious payload on the target machine connects back to the attacker. This is highly effective because firewalls typically allow outgoing traffic.

Example 1: Getting a Bind Shell on a Windows Machine

In this example, an attacker uses msfconsole to deliver a payload created with msfvenom. The payload forces the Windows target to open a port, allowing the attacker to connect and gain full command-line access.

Example 2: Getting a Reverse Shell on Metasploitable

In this video, the attacker targets the intentionally vulnerable Linux virtual machine we set up in our Metasploitable Guide. Using a built-in exploit module, the attacker forces the target to connect back to their Kali Linux machine, resulting in a reverse shell!

(Note: Always remember that these techniques must only be used in controlled environments, such as your own Localhost or lab network, and never against targets without explicit permission.)