What is Metasploitable?
Metasploitable is a highly vulnerable Linux distribution. Metasploitable was created by Rapid7. This Linux distribution was created for information security consults as a educational tool. In summary Metasploitable is a target operating system that is meant to be probed, scanned and exploited. Using this operating system for anything legitimate would be insanity.
What is the purpose of this article?
This article is meant to be a step by step guide on how to download and install the virtual machine into the Oracle VirtualBox Manager. Let's get started.
1. I found Metasploitable-2 by doing a Google search on it. It ultimately led me to Sourceforge.com. You can search the internet for it yourself or you can simply click this direct link to the Sourceforge download page.
2. Download and save Metasploitable-2 to an accessible directory. I simply saved the file to my desktop.
3. Once Metaploitable-2 is has downloaded, unzip the file to your desktop or a directory you feel comfortable with.
4. Once the file is unzipped, we must locate the directory to place the files. If you are using Windows 7, or another Windows varient, the files will typically be placed in the following directory: C:\Users\CURRENT_USER_HERE\VirtualBox VMs\ --- Note: I removed my username for security reasons, [USERNAME HERE] is based on your most likely Windows account.
5. Within the VirtualBox VMs directory create a directory with a relevant name. I simply labeld mine Metasploit-2. You can name it whatever you want.
6. In the VirtualBox manager click New. Click Next.
7. We personalize the label the new virtual machine by labeling it and selecting it as being a Linux distribution. I believe incorrectly selecting in this window won't cause any kind of impact. After selecting your options, click next.
8. Select the amount of memory we want to utilize. I left it at 256MB because Metasploit is meant to simply just sit there and not do very much.
9. Click next, and this is the important part. The setup will ask you if you want to create a new virtual disk image. Select the use existing virtual disk. Then click the folder with the green arrow on it. This will allow you to browse for the unzipped file we downloaded. Navigate to C:\Users\ [USERNAME HERE] \VirtualBox VMs\Metasploitable-2 folder (if you in fact named it that) and select the "Metasploitable.vmdk.
10. Hit next, then hit create.
11. There are a few setting that need to be configured before starting Metasploitable. You want to right click on the machine and click Settings. Under Settings you want to go to the network configuration tab. Network Address Translation is not a very good option for this scenario, so for simplicity sake, I change it to the Bridged Adapter setting. This just gives it a IP address native to my DHCP.
12. Lastly I had a problem where, when booting, Metasploitable-2 showed an error stating
This kernel requires the following features not present on the CPU:
0:6
This problem was corrected by again opening the settings window for the virtual machine, go to System page, click the processor tab and then select the "Enable PAE/NX" check box.
13. You are done! You are done after 13 boring steps! You are now ready to test your offensive security skills!
You didn't remove your username in the image.
ReplyDeleteThat is the default username/password
ReplyDeleteCheckout this FREE vulnerable OS packaged with 10 real world Command Injection vulnerabilities: http://www.pentesteracademy.com/video?id=392
ReplyDeleteThis comment has been removed by the author.
DeleteThis is so helpful.Thank you
ReplyDelete