Basically Metasploit allows us to choose exploits according to vulnerabilities of the target and execute them, but it also has auxiliary modules which allow us to scan in order to find or confirm such vulnerabilities, to improvise brute force attacks among more. Metasploit supports integration of reports made by different scanners such as Openvas, Nessus and of course Nexpose.
The first step to get started with metasploit is to create a vulnerable environment we can exploit using Metasploit tools. In this tutorial we will install that environment shared by Rapid7 (Metasploit and Nexpose publisher) which consists of a virtual machine full of vulnerabilities we can detect and exploit for training purposes, Metasploit. Rapid 7 published Metasploitable 3 but due a lot of bug reports to build the VM in Debian based systems we are using Metasploitable 2 for this series of tutorials so you can follow the steps without getting stuck with Virtualbox, Vagrant and Packer issues related to Metasploitable 3..
Note: This tutorial assumes you already have VirtualBox installed, if you don’t and your aren’t familiarized with VBox and are Ubuntu user read this article on VBox before continuing, or this one if you are Arch Linux user. You can also use Metasploitable with other virtualization software like VMware. To install VirtualBox Debian users should run:
| sudo tee /etc/apt/sources.list.d/virtualbox.list
Then run:
apt upgrade
apt install virtualbox
Getting Metasploitable:
To download Metasploitable 2 access https://information.rapid7.com/download-metasploitable-2017.html and scroll down to the form, fill it and press on “SUBMIT”.
Then press on the download button “Download Metasploitable now”
Once downloaded, unzip Metasploitable by running:
The command will extract some images from which you’ll use Metasploitable.vmdk.
To continue launch Virtualbox and click on the blue icon NEW.
Set your VM name, select Other Linux 32 and press on Next
Metasploitable won’t need too much memory, here you assign the memory for your virtual device and press Next.
Now select “Use an existing virtual hard drive” and select the Metasploit vmdk image you unzipped before and press “Create”
In my case it gave an error preventing me from booting as shown in the image below:
To fix it, on Virtualbox main screen go to Settings> System> Processor and enable PAE/NX, then press OK and boot again.
Then start your Metasploit 2 VM, it should boot now.
Metasploitable is installed, msfadmin is user and password. In the next tutorial we’ll use metasploit to scan and detect vulnerabilities on this metasploitable VM.
I hope this tutorial helped to install metasploitable 2 in an easy way.