Week 6 - Forum Week, Vulnerability Exploitation using Metasploit

 As always, any tools, techniques, and concepts shared on this blog are strictly for educational purposes. I am not responsible for any misuse of the information or tools discussed here. All practical exercises were conducted on authorized target domains.

We've spent the last few weeks footprinting, scanning, and enumerating targets. This week, we finally moved into the actual exploitation phase.

For our assignment, we had to review some practical demonstrations of exploitation, specifically watching The Ultimate Metasploit Tutorial! by Hacker Joe and a Metasploit Hacking Demo featuring David Bombal. After going through the demos, I had to write up my understanding of the core concepts. Here are my submitted notes for the week:

1. What is Metasploit? 

Metasploit is a core tool used in cybersecurity to test how secure a system or network actually is. It helps security professionals find weaknesses by simulating real cyberattacks in a safe and controlled way. Basically, it’s a toolkit for ethical hackers to check if a system can be broken into.

2. How does Metasploit work? 

The workflow generally follows a specific pattern. Metasploit works by first identifying possible vulnerabilities in a target system. Then, the user chooses an “exploit,” which is the specific method or code used to take advantage of that weakness.

The exploit is combined with a “payload.” The payload is the action that happens after the system is accessed, for example, opening a reverse shell or a remote connection back to the attacker. If everything is set up correctly, Metasploit runs the exploit, drops the payload, and gives access to the system, proving that the vulnerability is real and exploitable.

3. The difference between Nmap and Metasploit as scanners 

While both tools are essential, Nmap and Metasploit have different main purposes. Nmap is mainly used for scanning networks; it finds live devices, open ports, and the specific services running on a system.

Metasploit is used after that step. It focuses heavily on exploiting the weaknesses found during the scan. While Metasploit does have some auxiliary modules that can do basic scanning, it is nowhere near as specialized or comprehensive as Nmap for that task.

In short: Nmap is for discovering, and Metasploit is for testing and attacking those discovered vulnerabilities.

Comments

Post a Comment

Popular posts from this blog

Week 2 - Target Scoping and Information Gathering

Here is a draft for your Week 2 blog post, keeping that same grounded, realistic student perspective. Just a reminder as required by the course: any tools, techniques, and concepts shared on this blog are strictly for educational purposes. I am not responsible for any misuse of the information or tools discussed here. Week 2 of Ethical Hacking is here, and my Kali Linux VM is finally set up and running smoothly. This week, we moved past the legal definitions and jumped right into the first two steps of the Kali Linux Testing Methodology: Target Scoping and Information Gathering. To prepare, our reading assignment was chapters 3 and 4 from Kali Linux: Assuring Security By Penetration Testing (KLASPT). Here are my notes on the early phases of a penetration test. Step 1: Target Scoping Before you even think about touching a network or firing up a terminal, you have to define the scope of the test. This is arguably the most important part from a legal and professional standpoint. Scoping ...
Read more

Week 5 - Target Enumeration and Uncovering Real IPs

As always, any tools, techniques, and concepts shared on this blog are strictly for educational purposes. I am not responsible for any misuse of the information or tools discussed here. All practical exercises were conducted on authorized target domains. Week 5 of Ethical Hacking and Penetration Testing moved us from discovering targets into actively enumerating them. Led by S. Pradono Suryodiningrat, the lecture focused on extracting highly specific information from our targets—things like network shares, active usernames, passwords, and the exact operating systems running on the machines. Here are my notes from the session, followed by the results of our practical lab assignment. The Theory: Enumerating Environments   Enumeration is an intrusive process. We looked heavily into enumerating Microsoft operating systems, specifically utilizing NetBIOS over TCP/IP (NBT). We practiced installing and using nbtscan on our Kali Linux setups to scan ranges of IP addresses. We also reviewe...
Read more

Week 1 - Intro to Ethical Hacking and Building the Lab

As required by the course guidelines, any tools, techniques, and tutorials shared on this blog are strictly for educational purposes . I am not responsible for any misuse of the information or tools demonstrated here. We just had our first session for the Ethical Hacking & Pen Test course at BINUS University International . Our lecturer, Pak Kalpin Erlangga Silaen , laid out the syllabus, the ground rules, and what we will be covering this semester. The main objective of the course is straightforward: get hands-on experience with hacking tools and penetration testing techniques . We will be walking through the complete ethical hacking cycle, which includes information gathering, enumeration, system hacking, privilege escalation, and covering tracks . Our main textbook for the semester is Mastering Kali Linux by Noah Hardy . Course Policies and Ethics One thing made very clear today is that professional ethics are non-negotiable in this field. We are actually expected to sign an a...
Read more