The first step is identifying the target. Assuming you are on the same network as the Metasploitable 3 VM (NAT or Bridged), you need to find its IP address.
Find target IP (on Kali):
sudo netdiscover -r 192.168.56.0/24 # adjust subnet to your VM network
Full port scan:
nmap -sV -sC -O -p- 192.168.56.105 # replace with actual IP
Expected open ports (example):
Because Metasploitable 3 has weak credentials, we can bypass complex exploitation entirely. metasploitable 3 windows walkthrough