| Port | Service | Application | |------|---------|-------------| | 21/tcp | FTP | FTP service (plaintext credentials) | | 22/tcp | SSH | OpenSSH 7.1 (weak credentials) | | 80/tcp | HTTP | IIS 7.5 web server | | 445/tcp | SMB | Windows file sharing (EternalBlue vulnerable) | | 5985/tcp | WinRM | Windows Remote Management (easy access with default creds) | | 8080/tcp | HTTP | GlassFish 4.0 application server | | 8009/tcp | ajp13 | Apache Tomcat AJP (Ghostcat vulnerability) | | 8032/tcp | HTTPS | ManageEngine Desktop Central | | 8484/tcp | HTTP | Jetty (Jenkins) | | 3306/tcp | MySQL | MySQL 5.5.20 | | 8028/tcp | PostgreSQL | PostgreSQL database | | 6697/tcp | IRC | UnrealIRCd (backdoor vulnerability) |
A successful execution drops a running under the context of the local user account hosting the service. 2. Exploiting Apache Tomcat (Port 8443)
nmap --script http-vuln-cve2017-5638 -p 8585 192.168.1.105 metasploitable 3 windows walkthrough
The first phase of any penetration test is reconnaissance. Let's identify our target.
Successful exploitation delivers a Meterpreter reverse shell, granting remote access to the victim. Let's identify our target
If you entered via WinRM as vagrant , immediately escalate:
Getting Metasploitable 3 up and running on a Windows host is like setting up a playground for aspiring ethical hackers. It’s a intentionally vulnerable machine designed by Rapid7 to help you practice everything from basic scanning to complex post-exploitation. Prerequisites It’s a intentionally vulnerable machine designed by Rapid7
Mastering Metasploitable 3 Windows: A Comprehensive Penetration Testing Walkthrough
: Navigate into the folder and use Packer to build the Windows 2008 image. This step can take a while (30-60 minutes) as it downloads the ISO and installs the OS: packer build windows_2008_r2.json
Before diving in, make sure your host machine is ready. You’ll need: : To host the virtual machine.
: Attempt authentication using common pairs like tomcat / tomcat or admin / admin . On Metasploitable 3, tomcat / tomcat frequently grants access.