This article describes an end-to-end lab penetration test orchestrated through Claude Desktop connected to an MCP Kali Server, where natural-language prompts drove tools like Nmap, sqlmap, Hydra, Metasploit, John the Ripper, WPScan, and NetExec. The attack chain moved from reconnaissance and exploitation to root access, WordPress compromise, and domain administrator credential recovery on a Windows Server 2019 domain controller. #ClaudeDesktop #MCPKaliServer #Metasploit #sqlmap #Hydra #JohnTheRipper #WPScan #NetExec #Samba #WordPress #WindowsServer2019
Keypoints
- Claude Desktop was connected to an MCP Kali Server to run offensive tools through natural language.
- The assessment included Nmap, Gobuster, enum4linux, Hydra, sqlmap, and Metasploit for reconnaissance and exploitation.
- A Samba CVE-2007-2447 weakness led to root access on the Metasploitable host.
- WordPress was compromised through vulnerable plugins including Reflex Gallery and Mail-Masta.
- NetExec recovered administrator credentials on a Windows Server 2019 domain controller.
Read More: https://www.hackingarticles.in/automating-penetration-testing-with-claude-ai/