Linux Security metasploit VirtualBox

Create a training environment for Metasploitable 2

LinuxHint previously published an article on Metasploit installation and basic commands. This new tutorial is part of a series of tutorials to get started with Metasploit, an offensive security framework with vulnerabilities and exploits database which makes hacking easy or possible for users without high knowledge on security or programming.

Basically Metasploit allows us to choose exploits according to vulnerabilities of the target and execute them, but it also has auxiliary modules which allow us to scan in order to find  or confirm such vulnerabilities, to improvise brute force attacks among more. Metasploit supports integration of reports made by different scanners such as Openvas, Nessus and of course Nexpose.

The first step to get started with metasploit is to create a vulnerable environment we can exploit using Metasploit tools. In this tutorial we will install that environment shared by Rapid7 (Metasploit and Nexpose publisher) which consists of a virtual machine full of vulnerabilities we can detect and exploit for training purposes, Metasploit. Rapid 7 published Metasploitable 3  but due a lot of bug reports to build the VM in Debian based systems we are using Metasploitable 2 for this series of tutorials so you can follow the steps without getting stuck with Virtualbox, Vagrant and Packer issues related to Metasploitable 3..

Note: This tutorial assumes you already have VirtualBox installed, if you don’t and your aren’t familiarized with VBox and are Ubuntu user read this article on VBox before continuing, or this one if you are Arch Linux user. You can also use Metasploitable with other virtualization software like VMware. To install VirtualBox Debian users should run:

echo "deb http://download.virtualbox.org/virtualbox/debian stretch contrib"
| sudo tee /etc/apt/sources.list.d/virtualbox.list

Then run:

apt update
apt upgrade
apt install virtualbox

Getting Metasploitable:

To download Metasploitable 2 access https://information.rapid7.com/download-metasploitable-2017.html and scroll down to the form, fill it and press on “SUBMIT”.

Then press on the download button “Download Metasploitable now

Once downloaded, unzip Metasploitable by running:

unzip -x metasploitable-linux-2.0.0.zip

The command will extract some images from which you’ll use Metasploitable.vmdk.

To continue launch Virtualbox and click on the blue icon NEW.

Set your VM name, select Other Linux 32 and press on Next

Metasploitable won’t need too much memory, here you assign the memory for your virtual device and press Next.

Now select “Use an existing virtual hard drive” and select the Metasploit vmdk image you unzipped before and press “Create

In my case it gave an error preventing me from booting as shown in the image below:

To fix it,  on Virtualbox main screen  go to Settings> System> Processor and enable PAE/NX, then press OK and boot again.

Then start your Metasploit 2 VM, it should boot now.

Metasploitable is installed, msfadmin is user and password. In the next tutorial we’ll use metasploit to scan and detect vulnerabilities on this metasploitable VM.

I hope this tutorial helped to install metasploitable 2 in an easy way.

About the author

Ivan Vanney

Ivan Vanney

Ivan Vanney has over a decade working as sysadmin. He is s contributor on LinuxHint.com, and the founder of linuxer.info