Installing metasploitable with vagrant

Installing metasploitable with vagrant

Metasploitable background: What is metasploitable?

“Metasploitable is a Virtual Machine that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.”

If you enjoy this tutorial, please check out my metasploit tutorials below

Metasploit tutorial for beginners Metasploit for website pentest Using metasploit to scan for vulnerabilities Metasploitable with Vagrant Importing Nessus results into MetaSploit OpenVAS with MetaSploit

Why do we need metasploitable?

One of the problems you encounter when learning how to use an exploitation framework is trying to find and configure targets to scan and attack.
Luckily, the Metasploit team is aware of this and released a vulnerable VMware virtual machine called ‘Metasploitable’. This post is about Installing metasploitable with vagrant.

What does metasploitable let us do?

Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques.

Where can we get metasploitable?

Metasploitable is available on github: https://github.com/rapid7/metasploitable3

Installing metasploitable with vagrant:

Prereqs

Procedure

To use the prebuilt images provided at https://app.vagrantup.com/rapid7/ create a new local metasploitable workspace:

mkdir metasploitable
cd metasploitable
curl -O https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile
vagrant up

Once the images download (there is an ubuntu image and a windows image) and you run vagrant up, you should have two virtual machines running, you can check with:

vagrant global-status

id       name   provider   state   directory
-----------------------------------------------------------------
abc1234  ub1404 virtualbox running /Users/me/git/metasploitable
abc1235  win2k8 virtualbox running /Users/me/git/metasploitable

You can log in to the virtual machines using the vagrant ssh commands

vagrant ssh abc1234
# or vagrant ssh abc1235

At this stage, you have two very vulnerable machines running on your network – be careful. Follow the white rabbit, take the blue pill and go hack the gibson!

If you enjoy this tutorial, please check out my metasploit tutorials below

Metasploit tutorial for beginners Metasploit for website pentest Using metasploit to scan for vulnerabilities Metasploitable with Vagrant Importing Nessus results into MetaSploit OpenVAS with MetaSploit
Tags: , , , , , , , , , , , , , , , , , ,

Leave a Reply