Skip to main content

Keep the momentum going, support Williamstown today.

Metasploitable 3 Windows Walkthrough Jun 2026

Evil-WinRM shell v3.7 *Evil-WinRM* PS C:\Users\vagrant\Documents> whoami metasploitable3\vagrant

: Type exploit to launch the attack and drop into a Meterpreter session.

HTTP/HTTPS web servers (hosting vulnerable applications like Jenkins or WebSphere)

Often, weak credentials are the easiest vulnerability to exploit. The Nmap scan identifies the FTP service. We can use Hydra or Metasploit to brute force it.

Metasploitable 3 simulates real-world "bad habits," like using default or weak passwords. metasploitable 3 windows walkthrough

With administrative or system-level access achieved, you can extract sensitive data to simulate a full compromise.

Remote code execution via legacy script injection vulnerabilities. Phase 2: Initial Access & Exploitation

msf6 > use auxiliary/scanner/ftp/ftp_login msf6 auxiliary(scanner/ftp/ftp_login) > set RHOSTS 192.168.1.36 msf6 auxiliary(scanner/ftp/ftp_login) > set USER_FILE /path/to/usernames.txt msf6 auxiliary(scanner/ftp/ftp_login) > set PASS_FILE /path/to/passwords.txt msf6 auxiliary(scanner/ftp/ftp_login) > run

Older versions of Adobe ColdFusion (found on port 8500) are susceptible to unauthorized file uploads. Evil-WinRM shell v3

While Metasploitable 3 is deliberately vulnerable for educational purposes, real-world systems should implement these mitigations:

Web Distributed Authoring and Versioning (WebDAV) allows clients to perform remote web content authoring operations.

Metasploitable 3 Windows comes pre-configured with a wide range of deliberate security vulnerabilities spanning multiple categories:

: Download and install Packer to build the Vagrant boxes. Vagrant : Download and install Vagrant. Git : Required to clone the source code. 1.2 Build Process We can use Hydra or Metasploit to brute force it

Successful exploitation delivers a Meterpreter reverse shell, granting remote access to the victim.

| Port | Service | Potential Attack Vectors | | :--- | :--- | :--- | | 445/tcp | SMB (Server Message Block) | EternalBlue (MS17-010) vulnerability | | 5985/tcp | WinRM (Windows Remote Management) | Potential for brute-force attacks and remote command execution | | 8080/tcp | GlassFish Application Server | Known vulnerabilities and exploits | | 8009/tcp | AJP (Apache JServ Protocol) | Susceptible to the "Ghostcat" (CVE-2020-1938) attack | | Others: 80, 443, 3306, etc. | Various web, database, and other services | Diverse attack surface |

Are you looking to write a custom for this machine? Share public link

Metasploit has a built-in suggester.

Metasploitable 3 Windows Walkthrough: A Comprehensive Guide If you are diving into the world of penetration testing, is your ultimate playground. Unlike its predecessor, which was a Linux-only VM, Metasploitable 3 offers a Windows version (typically based on Windows Server 2008 R2) that is intentionally riddled with vulnerabilities.