Midterm Exam Theory Process: CSE - 4744 (Computer Security Lab) Question 1: Introduction to msfconsole — Theory Process To begin the process, first launch the `msfconsole`, which is the primary command - line interface of the Metasploit Framework. Once the console is ready, use the `search` command to look for known exploits related to the `vsftpd 2.3.4` vulnerability. After locating the appropriate exploit module (usually `exploit/unix/ftp/vsftpd_234_backdoor`), display detailed information about it using the `info` command. This includes the exploit's description, targets, compatible payloads, and required options. The `show payloads` command lists all available payloads that can be used with this exploit. After selecting the desired exploit using the `use` command, necessary parameters like `RHOST` (target IP) must be set using the `set` command. If needed, set the payload t ype as well. Finally, either run the exploit to observe its behavior or perform a dry run to demonstrate understanding. This process demonstrates the ability to navigate msfconsole and prepare an exploit setup. Question 2: Payload Types and Penetration Tes ting — Theory Process The process begins with using `msfvenom`, a payload generation tool included in Metasploit, to create a reverse shell payload. This can be either a staged payload, which delivers in parts, or a non - staged payload, which is delivered i n one piece. The payload is configured with parameters like the attacker's IP (`LHOST`) and a listening port (`LPORT`), and output in a suitable format (e.g., ELF for Linux). Once generated, the payload must be hosted using a method such as a Python HTTP s erver, allowing the target to download it via commands like `wget`. After downloading and executing the payload on the victim machine, the attacker sets up a listener in `msfconsole` using the `exploit/multi/handler` module. Here, the same payload type and connection parameters are set. When the payload runs successfully on the victim, a session is established. Additionally, it's important to understand the difference between staged and non - staged payloads, where staged payloads are modular and smaller, whi le non - staged ones are monolithic and simpler. Question 3: Meterpreter Payload Exploration — Theory Process To explore post - exploitation techniques, the attacker first sets up a handler in `msfconsole` with the `windows/meterpreter/reverse_tcp` payload. Th is payload enables the creation of a Meterpreter session upon successful exploitation. Once the target executes the payload (via exploit or social engineering), a session opens. The attacker then uses various built - in Meterpreter commands to gather system information and maintain control. The `sysinfo` command retrieves OS and architecture details; `getuid` identifies the current user privileges; `hashdump` collects password hashes from the system; `screenshot` captures the victim’s screen; and `shell` spaw ns a standard Windows command shell for further actions. Each command serves a unique post - exploitation purpose, and ethical use requires proper authorization and legal clearance. These tools help identify risks and suggest security improvements in a profe ssional penetration testing environment.