Create a training environment for Metasploitable 2

Chưa phân loại
LinuxHint previously published an article on Metasploit installation and basic commands. This new tutorial is part of a series of tutorials to get started with Metasploit, an offensive security framework with vulnerabilities and exploits database which makes hacking easy or possible for users without high knowledge on security or programming.

Basically Metasploit allows us to choose exploits according to vulnerabilities of the target and execute them, but it also has auxiliary modules which allow us to scan in order to find  or confirm such vulnerabilities, to improvise brute force attacks among more. Metasploit supports integration of reports made by different scanners such as Openvas, Nessus and of course Nexpose.

The first step to get started with metasploit is to create a vulnerable environment we can exploit using Metasploit tools. In this tutorial we will install that environment shared by Rapid7 (Metasploit and Nexpose publisher) which consists of a virtual machine full of vulnerabilities we can detect and exploit for training purposes, Metasploit. Rapid 7 published Metasploitable 3  but due a lot of bug reports to build the VM in Debian based systems we are using Metasploitable 2 for this series of tutorials so you can follow the steps without getting stuck with Virtualbox, Vagrant and Packer issues related to Metasploitable 3..

Note: This tutorial assumes you already have VirtualBox installed, if you don’t and your aren’t familiarized with VBox and are Ubuntu user read this article on VBox before continuing, or this one if you are Arch Linux user. You can also use Metasploitable with other virtualization software like VMware. To install VirtualBox Debian users should run:

echo "deb stretch contrib"
| sudo tee /etc/apt/sources.list.d/virtualbox.list

Then run:

apt update
apt upgrade
apt install virtualbox

Getting Metasploitable:

To download Metasploitable 2 access and scroll down to the form, fill it and press on “SUBMIT”.

Then press on the download button “Download Metasploitable now

Once downloaded, unzip Metasploitable by running:

unzip -x

The command will extract some images from which you’ll use Metasploitable.vmdk.

To continue launch Virtualbox and click on the blue icon NEW.

Set your VM name, select Other Linux 32 and press on Next

Metasploitable won’t need too much memory, here you assign the memory for your virtual device and press Next.

Now select “Use an existing virtual hard drive” and select the Metasploit vmdk image you unzipped before and press “Create

In my case it gave an error preventing me from booting as shown in the image below:

To fix it,  on Virtualbox main screen  go to Settings> System> Processor and enable PAE/NX, then press OK and boot again.

Then start your Metasploit 2 VM, it should boot now.

Metasploitable is installed, msfadmin is user and password. In the next tutorial we’ll use metasploit to scan and detect vulnerabilities on this metasploitable VM.

I hope this tutorial helped to install metasploitable 2 in an easy way.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

What Is a Boot Loader?

Although boot loaders tend to be very small and relatively simple, they play a critical role in the boot process. Visit...

How to Install ZSH Shell on Ubuntu 18.04 LTS

ZSH or the Z Shell is another shell like Bash and SH. It has some advanced usability features that Bash and some other...

[FTP][Phần 4][LAB]Phân quyền User trong FTP server(CentOS-7)

Ở các bài viết trước, ta đã tìm hiểu về FTP và cách cấu hình của nó. Trong bài viết này,...
Bài Viết

Bài Viết Mới Cập Nhật

Check proxy trên trang nào chuẩn nhất❓

Thuê Proxy chạy Google Ads / Cần chú ý gì khi chọn proxy và email chạy G.G ads?

Thuê proxy 4G ở đâu uy tín, giá rẻ, chất lượng?

Vì sao cần thuê proxy xoay? Địa chỉ cung cấp proxy xoay uy tín

Thuê proxy v6 kéo view Youtube ở đâu uy tín, chất lượng?