Learning Pentesting with Metasploitable3
Metasploitable is back with version 3, which includes lot more interesting vulnerabilities. Metasploitable3 is special because it is not a pre-configured downloadable VM. The user himself can configure it, and the user can also decide target version of Windows.
What should you learn next?
By its name, Metasploitable is a designed to practice attacks with Metasploit Framework. Nevertheless, it is lot more fun to exploit those vulnerabilities without Metasploit Framework.
In this series of articles, we will discuss most of the challenges that come with Metasploitable3. Instead of just cracking the challenges with the hints provided at Metasploitable3's Github page, we will use the VM to learn the penetration testing concepts similar to how we do them in the real-world penetration testing engagements. We will achieve this by following the steps shown below.
- Information Gathering
- Exploitation
- Post Exploitation
Just to make things clear, it is possible to gain access to the target box using any of the remotely exploitable vulnerabilities. However, we will try to gain access to the machine in multiple ways.
In this article, we will discuss how to setup the lab to follow the rest of the articles in the series. Though, lab setup is straightforward with the PowerShell scripts provided; I would like to cover it here for those who need it with the screenshots and clearer steps.
The setup:
Following are the things needed for setting up Metasploitable3 on your Windows Machine.
VirtualBox – I faced problems with various versions of VirtualBox and VirtualBox 5.0.40 worked without problems.
Packer – Packer is required to convert the Windows ISO image to a box file. It can be downloaded from here.
After downloading packer.exe, make sure that you add its path to the environment variables,
Vagrant - Vagrant, can be downloaded from here.
Download the Windows version of the Vagrant and install it by double clicking the msi file.
Once the installation is complete (a reboot may be required), open up a command prompt and type vagrant. You should see the vagrant help as shown in the figure.
Git – Git is optional, but better to have. You can download it from here.
Once downloaded, run the exe and Git will be installed. You should see the following when you successfully installed Git.
Now, clone Metasploitable3 using the following command
git clone https://github.com/rapid7/metasploitable3.git
Once done, you should see the following.
With this, we are done with the prerequisites. We can begin running the commands to download and build a vulnerable VM.
Open up PowerShell.exe and navigate to the folder where you have downloaded metasploitable3 and run the following command.
packer build .windows_2008_r2.json
The above command will download the Windows server 2008 ISO image from Microsoft's website and convert it to a .box file. After completing this step, you should see a file with the extension ".box".
Next, run the following command
vagrant box add .windows_2008_r2_virtulbox.box –name=metasploitable3
Once the above step is done, run the following command.
vagrant up
The above two commands will set up the Windows server 2008 Virtual machine inside the VirtualBox with all the required vulnerable software for us to exploit. This process may take up to one hour.
After completing the setup, you should see your Windows server 2008, virtual machine up and running.
Following are my Network settings for metasploitable3 VM.
Open up a command prompt and check the IP address.
Next, launch Kali Linux. Following are the network settings for my Kali Linux.
Open up a terminal and check the IP address. As you can notice, both Metasploitable3 and Kali Linux are on the same network.
With this, you are good to go to follow the upcoming articles in the series. Just to test if everything is set up correctly, do a simple nmap scan on your Metasploitable3 VM, and you should see the following output from Nmap.
FREE role-guided training plans
Final note
This article has explained the process of setting up Metasploitable3 Virtual Machine on a Windows server 2008 machine. You can set it up on other versions of Windows if you wish. In the next article, we will discuss information gathering concepts using Metasploitable3.
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- Learning Pentesting with Metasploitable3
- Intelligence-led pentesting and the evolution of Red Team operations
- Red Teaming: Taking advantage of Certify to attack AD networks
- How ethical hacking and pentesting is changing in 2022
- Ransomware penetration testing: Verifying your ransomware readiness
- Red Teaming: Main tools for wireless penetration tests
- Fundamentals of IoT firmware reverse engineering
- Red Teaming: Top tools and gadgets for physical assessments
- Red teaming: Initial access and foothold
- Top tools for red teaming
- What is penetration testing, anyway?
- Red Teaming: Persistence Techniques
- Red Teaming: Credential dumping techniques
- Top 6 bug bounty programs for cybersecurity professionals
- Tunneling and port forwarding tools used during red teaming assessments
- SigintOS: Signal Intelligence via a single graphical interface
- Top tools for mobile android assessments
- Top tools for mobile iOS assessments
- Red Team: C2 frameworks for pentesting
- Inside 1,602 pentests: Common vulnerabilities, findings and fixes
- Red teaming tutorial: Active directory pentesting approach and tools
- Red Team tutorial: A walkthrough on memory injection techniques
- Python for active defense: Monitoring
- Python for active defense: Network
- Python for active defense: Decoys
- How to write a port scanner in Python in 5 minutes: Example and walkthrough
- Using Python for MITRE ATT&CK and data encrypted for impact
- Explore Python for MITRE ATT&CK exfiltration and non-application layer protocol
- Explore Python for MITRE ATT&CK command-and-control
- Explore Python for MITRE ATT&CK email collection and clipboard data
- Explore Python for MITRE ATT&CK lateral movement and remote services
- Explore Python for MITRE ATT&CK account and directory discovery
- Explore Python for MITRE ATT&CK credential access and network sniffing
- Top 10 security tools for bug bounty hunters
- Kali Linux: Top 5 tools for password attacks
- Kali Linux: Top 5 tools for post exploitation
- Kali Linux: Top 5 tools for database security assessments
- Kali Linux: Top 5 tools for information gathering
- Kali Linux: Top 5 tools for sniffing and spoofing
- Kali Linux: Top 8 tools for wireless attacks
- Kali Linux: Top 5 tools for penetration testing reporting
- Kali Linux overview: 14 uses for digital forensics and pentesting
- Top 19 Kali Linux tools for vulnerability assessments
- Explore Python for MITRE ATT&CK persistence
- Explore Python for MITRE ATT&CK defense evasion
- Explore Python for MITRE ATT&CK privilege escalation
- Explore Python for MITRE ATT&CK initial access
- Top 18 tools for vulnerability exploitation in Kali Linux
- Explore Python for MITRE PRE-ATT&CK, network scanning and Scapy
- Kali Linux: Top 5 tools for social engineering
- Basic snort rules syntax and usage [updated 2021]
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Penetration testing
Intelligence-led pentesting and the evolution of Red Team operations
Penetration testing
Red Teaming: Taking advantage of Certify to attack AD networks
Penetration testing
Penetration testing
Ransomware penetration testing: Verifying your ransomware readiness