One of the biggest turning points in learning cybersecurity is understanding how attackers move from: Discovery → Exploitation → Access In a training session I led, students went from running a simple scan to gaining root access on a vulnerable machine. The excitement was great — but the real value was understanding how and why it worked . In this guide, you'll replicate that exact process step by step. What You’ll Learn How to scan a target using Nmap How to identify vulnerable services How the vsftpd 2.3.4 backdoor works How to exploit it using Metasploit How to gain root access Prerequisites Make sure your lab is ready: Kali Linux (attacker) Metasploitable2 (target) Both machines on the same network (NAT or Host-only) Step 1: Get the Target IP On Metasploitable2: ifconfig Look for something like: 192.168.56.101 Step 2: Scan with Nmap On Kali: nmap -sV target_ip Why -sV matters Detects service versions Helps you find known vulnerabilities Key Result 21/tcp open ftp vsftpd 2.3.4 👉 This is your entry point.…