Metasploit playground
Test your system for known vulnerabilities, try to backdoor it, and almost discover a vulnerability in BackBox. Fun!
Malicious hackers might use all kinds of techniques to foist their malware on to unsuspecting targets. Getting a payload (something that an attacker wants to execute on a target machine) into a well-protected target network might not be as simple as adding a dodgy attachment to an email. Don’t get us wrong, this (and sending malicious links) still works a lot of the time. But if a target is too canny (with the filters, firewalls and what have you) for these techniques, then some additional know-how is required. This might involve exploiting some vulnerability that an attacker has inside knowledge of, or it might involve paying an initial-access broker for login credentials.
Once inside a network, our intrepid attacker needs some means of executing the payload. That payload might be anything from an information stealer or something that tries to delete everything (a wiper) to ransomware or something to gain more persistent access. Whatever the final goal, the excitement often begins with a reverse shell. This is something that inadvertently gets executed on a target that causes it to call out to an attacker-controlled machine. That machine is listening for the call, so it circumvents basic firewall protections (since they might only block incoming connections). Once it picks up, the attacker gets shell access and can execute commands on the remote machine. It might be a Bash shell, a Powershell shell, or maybe a bespoke shell coded in any language supported on the machine (for stealth).