Metasploitable background: What is metasploitable?
“Metasploitable is a Virtual Machine that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.”
Why do we need metasploitable?
One of the problems you encounter when learning how to use an exploitation framework is trying to find and configure targets to scan and attack.
Luckily, the Metasploit team is aware of this and released a vulnerable VMware virtual machine called ‘Metasploitable’. This post is about Installing metasploitable with vagrant.
What does metasploitable let us do?
Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques.
Where can we get metasploitable?
Metasploitable is available on github: https://github.com/rapid7/metasploitable3
Installing metasploitable with vagrant:
- A Working install of vagrant (link to my vagrant install guide)
To use the prebuilt images provided at https://app.vagrantup.com/rapid7/ create a new local metasploitable workspace:
mkdir metasploitable cd metasploitable curl -O https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile vagrant up
Once the images download (there is an ubuntu image and a windows image) and you run vagrant up, you should have two virtual machines running, you can check with:
vagrant global-status id name provider state directory ----------------------------------------------------------------- abc1234 ub1404 virtualbox running /Users/me/git/metasploitable abc1235 win2k8 virtualbox running /Users/me/git/metasploitable
You can log in to the virtual machines using the vagrant ssh commands
vagrant ssh abc1234 # or vagrant ssh abc1235
At this stage, you have two very vulnerable machines running on your network – be careful. Follow the white rabbit, take the blue pill and go hack the gibson!