Home Blog Guides Write-ups Youtube

Building “Metasploitable”

Rapid7’s vulnerable VM to gain some hands-on practice

Quick Steps

  1. Install Vagrant and VirtualBox or VMWare.

  2. Install plugins

    1. For VMWare vagrant plugin install vagrant-vmware-desktop

    b. For VirtualBox vagrant plugin install vagrant-vbguest

  3. Run vagrant up

  4. Wait for ub1404 and win2k8 to download and show on the virtualization software as VMs.

Rapid7, technology and services provider within the industry, created once upon a time, the Metasploit Framework, a project with a database of security vulnerabilities aiming to aid ethical hacking experts (otherwise known as penetration testing) and giving insights on signature development in terms of malicious programs and more.

How did “Metasploitable” machines come to be?

The, so called, “Metasploitable” machines, were first created in order to allow subject matter experts test the Metasploit Framework and evaluate the tool and how it would fit within their digital toolbox.

That is why these machines, along others, are used to gain hands-on experience and serve as a way to put theoretical knowledge into practical knowledge.

Follow this post to learn how to include the last released “Metasploitable” machine, that can be divided into two – A vulnerable 2008 Windows Server and an Ubuntu 14.04 machine.

Once you get the gist of it, it is rather simple to add the machine(s) into your local virtualization program.

This post, will explain, how to do so using VirtualBox as the virtualized environment on a Windows host.

Requirements

  • VirtualBox

  • Vagrant

  • Internet connection!

First, install the latest VirtualBox platform package from here and the latest Vagrant binary from the official page here.

An important thing to do here, is to check that both programs are installed in their latest versions AND to remember that you will need to open up PowerShell and NOT a simple command like if you are using Windows.

Now it is time to create an empty directory that will hold the workspace for the vulnerable virtual machine(s).

The next thing is to execute the “vagrant up” command and… wait for Vagrant to do the magic!

It will look similar to this.

Now the Ubuntu 14.04 vulnerable machine should’ve been added to the VirtualBox Manager, like so:

After waiting around 5 more minutes, the 2008 Windows Server will also be added, the output of PowerShell displaying similar output.

The only issue that can happen at this stage, is that Vagrant is attempting to use the same virtual adapter for both machines, or that the automatic configuration of the machines clash with another.

This can be easily fixed by making sure that the network configuration is set accordingly, for example, with the host-only adapter so there is no issue when it comes to both machines having the same internal IP address.

A good check to make sure connectivity works between both machines is to, for example, ping the Ubuntu machine from the Windows 2008 Server. For this, login into the Ubuntu server with the credentials “vagrant:vagrant” and check the IP address of the machine.

Now, log into the Windows Server with the same credentials and check that the IP address is within the same space.

If the Ubuntu machine’s IP address is 192.168.56.120, the most common scenario is that the Windows 2008 Server’s IP address is either 192.168.56.119 or 192.168.56.121.

Later, ping the IP address of the Ubuntu machine from the Windows 2008 Server.

BOOM!

Last updated