First, use Nmap to verify the target is vulnerable:
Ensure both VMs can ping each other.
After obtaining valid credentials, you can download sensitive files, upload malicious payloads, or pivot to other internal services. metasploitable 3 windows walkthrough
Windows Remote Management (WinRM) can be a common attack surface on Windows targets, and this VM is misconfigured to accept default credentials. First, use Nmap to verify the target is
use post/multi/gather/enum_system use post/multi/recon/local_exploit_suggester set SESSION <ID> run you can download sensitive files