Installing metasploitable with vagrant

Metasploitable background: What is metasploitable?

“Metasploitable is a Virtuan Machine that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.”

Why do we need metasploitable?

One of the problems you encounter when learning how to use an exploitation framework is trying to find and configure targets to scan and attack.
Luckily, the Metasploit team is aware of this and released a vulnerable VMware virtual machine called ‘Metasploitable’.

What does metasploitable let us do?

Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques.

Where can we get metasploitable?

metasploitable is availble on github: https://github.com/rapid7/metasploitable3

Installing metasploitable:

Prereqs

Procedure

To use the prebuilt images provided at https://app.vagrantup.com/rapid7/ create a new local metasploitable workspace:

mkdir metasploitable
cd metasploitable
curl -O https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile
vagrant up

Once the images download (there is an ubuntu image and a windows image) and you run vagrant up, you should have two virtual machines running, you can check with:

vagrant global-status

id       name   provider   state   directory
---------------------------------------------------------------------------
abc1234  ub1404 virtualbox running /Users/me/git/metasploitable
abc1235  win2k8 virtualbox running /Users/me/git/metasploitable

You can log in to the virtual machines using teh vagrant ssh commands

vagrant ssh abc1234
# or vagrant ssh abc1235

At this stage, you have two very vulnerable machines running on your network – be careful. Follow the white rabbit, take the blue pill and go hack the gibson!

You might be interested in my metaspliot beginners tutorial, and how you can find vulnerabilities using metasploit