Skip to main contentSkip to main content
The Red Raffle banner icon.

The Jr Pentester Path just got rebuilt. Complete rooms, earn tickets, and win a free PT1 cert.

Room Banner
Back to all walkthroughs
Room Icon

Metasploit: Scanning and Exploitation

Premium room

Scan networks, use the Metasploit database, identify vulnerabilities, and exploit live targets.

medium

60 min

5

User profile photo.
User profile photo.
User profile photo.

To access material, start machines and answer questions login.

In the previous room, you learned how to navigate the Framework: searching for modules, configuring parameters, launching exploits, and managing sessions. Those are the mechanics. In this room, you put them to work.

Stratford Systems has given your team the green light to proceed with active testing against their internal network. Your scope includes a small subnet containing a Windows workstation and a server, both running production services. Your objectives are straightforward: identify what is running on each host, determine which services are vulnerable, exploit those vulnerabilities to gain access, and document your findings.

Learning Objectives

  • Scan target systems using 's built-in port scanning and service enumeration modules
  • Store and manage results using the database, including workspaces, host tracking, and credential storage
  • Identify vulnerabilities by running targeted scanner modules against discovered services
  • Exploit vulnerable services on two different target systems using two distinct exploit types, demonstrating that the workflow generalizes across protocols, operating systems, and vulnerability classes

Prerequisites

This room builds directly on : The Basics. You should be comfortable with:

  • Launching msfconsole and using search, use, info, and back
  • Setting module parameters with set, setg, and show options
  • Running modules with exploit/run and managing sessions with background, sessions, and sessions -i

Machine Access

Each machine can be started from its respective task. The lab primarily consists of two target environments:

Host OS
STRATFORD-WS01 Windows Server 2008 R2
stratford-srv01 Ubuntu Linux

Start the AttackBox and the target machine by clicking the Start AttackBox and Start Machine buttons. Once the AttackBox has launched, open the terminal and enter the command msfconsole to begin exploring scanning and exploitation techniques.

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Target machine - Task 1
Status:Off
Answer the questions below

I have successfully started the machines.

We use cookies to ensure you get the best user experience. For more information see our cookie policy.