LABExploitation with Metasploit
In this lab, you will learn to leverage the power of Metasploit to identify and exploit vulnerabilities in a WordPress server. Then you will achieve the holy grail of hacking, a reverse shell!
Terms and conditions apply.
Challenge
Getting Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
Challenge
Configure Metasploit & Import Scan Results
In this challenge, you will start up Metasploit Framework and import targets from a provided NMAP scan.
Challenge
Scan HTTP services
Leverage multiple modules to analyze the HTTP service running on the target, identify a WordPress server, and brute force the admin login.
Challenge
Create a Reverse Shell Payload
Choose an exploit that matches the exposed service and attempt to exploit WordPress with plugins and get a reverse shell.
Challenge
Run Exploit to Achieve Shell
Not everything works the first time. Learn how the exploit works and fix your reverse shell to triumph.
Challenge
The Last Challenge
The last challenge of this lab and your last chance to experience the environment before clicking Next and ending this small little world that flittered into existence just for you.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- Basic Linux CLI
- Basic understanding of hacking techniques
- Knowledge of standard attack steps in the chain of compromise