Question

The discovery scan completed by Metasploitable is not nearly as robust as the scan you will get from your vulnerability management program. If you still have Nexpose Community installed, launch a vulnerability scan using the full audit template against the Metasploitable2 machine. The list of possible exploits you can use may include exploits that can give you a shell on a system.

A successful exploit can give you access to a target system in a multitude of ways. The premier access of choice is a meterpreter shell. A command shell is nice, and PowerShell is even nicer, but until you have a meterpreter shell on a Windows system, you've not experienced perfect red team bliss. No one forgets his or her first meterpreter shell. Teaching Metasploit for the past couple of years, I've had students astounded when they see the power embedded in a meterpreter shell on a compromised system. You can steal hashes of passwords, take screenshots, explore hard drives, escalate privileges, and ultimately drop a proxy pivot to explore the rest of the network undetected. You literally have the SSH keys to the kingdom.

Meterpreter is a proprietary Metasploit payload that gives you an interactive shell running in memory. You do not execute meterpreter on a drive. There are no remnants in logs, and it is extremely difficult to be detected by anyone watching tasks running on a device. You are running a service on the compromised machine, and one of the unique features of this shell is you can hop from one service to another to remain undetected. Meterpreter offers the usual command‐line interface, including command history and tab completion.