Metasploit's official Setting Up a Vulnerable Target guide recommends using and VirtualBox for the easiest deployment. Requirements: Install VirtualBox , Vagrant , and Packer . Deployment:
Every successful penetration test begins with comprehensive reconnaissance to map the attack surface. Host Discovery and Port Scanning
The MySQL instance allows root access with a blank or weak password ( root:root ). Connect to the database: mysql -u root -h 10.0.2.15 . Verify permissions to write files: SHOW VARIABLES LIKE "secure_file_priv"; Use code with caution.
WebDAV misconfigurations frequently permit anonymous file uploads, allowing an attacker to execute a web shell. metasploitable 3 windows walkthrough
Or manually upload and run JuicyPotato.exe .
This feature allows you to pivot from basic reconnaissance to a full command shell by exploiting a design flaw in the Elasticsearch scripting engine (CVE-2014-3120). : Elasticsearch version 1.1.1.
The default login for the VM is vagrant with the password vagrant . 2. Information Gathering Metasploit's official Setting Up a Vulnerable Target guide
Metasploitable 3 has "flags" hidden in the file system.
Completing the Metasploitable 3 Windows environment demonstrates how minor configuration flaws lead to a full network compromise. To protect real-world corporate environments from these attack vectors, apply the following security mitigations:
This is what most tutorials focus on, but caution: Metasploitable 3 is patched for EternalBlue (MS17-010) if you built it recently? Actually, no. By design, certain builds leave it vulnerable. Host Discovery and Port Scanning The MySQL instance
This command adds a new administrator user named hacker and enables Remote Desktop access on the target machine. Post-Exploitation Review Targeted Service Vulnerability / Weakness Unauthenticated Groovy Script execution Initial Access (User) WebDAV Directory Arbitrary File Upload via HTTP PUT Initial Access (User) Windows Kernel Missing Security Patches (MS16-032) Privilege Escalation (SYSTEM)
If you encounter errors during build:
hydra -l vagrant -P /usr/share/wordlists/rockyou.txt rdp://192.168.1.100