This article shows an end-to-end agentic penetration test where Claude Desktop, connected to Metasploit through MCP, scans targets, launches exploits, runs post-exploitation, and generates a payload across a lab network. It demonstrates compromise of a Metasploitable 2 Linux host and a Windows Server 2019 Domain Controller, while emphasizing human approval gates, isolated testing, and mitigation guidance. #ClaudeDesktop #Metasploit #MCP #Metasploitable2 #WindowsServer2019 #DomainController
Keypoints
- Claude Desktop is bridged to Metasploit through MCP to execute offensive actions from plain-language prompts.
- The test environment uses an isolated 192.168.1.0/24 lab with Kali, Metasploitable 2, and a Windows Server 2019 Domain Controller.
- The Linux target is compromised through the vsftpd 2.3.4 backdoor and later chained with an UnrealIRCd backdoor.
- The Domain Controller is accessed with valid credentials using psexec, resulting in a SYSTEM session.
- The workflow also generates and hosts a Windows reverse payload, then closes with practical mitigation strategies.
Read More: https://www.hackingarticles.in/ai-powered-penetration-testing-with-metasploit/