Following on from the installs and configurations so far of pfsense, linux mint and a whole host of applications to turn the system into a Network Intrusion Detection System (NIDS).
Now it’s time to install some other OS that are vulnerable to attack in order to be able to both attack and forensically analyse the attacks and understand what is actually going on within your environment from the point of both attacker and incident responder (IR) later down the road.
First download Metasploitable2
Once you have extracted the folder inside called Metapsloitable2-Linux you should have the following directory structure like is seen in the image below:
You now have a virtual machine disk that is already configured for you and full of vulnerabilities which is great for practice. Next we need to open VirtualBox and click on ‘New’ to create a new virtual machine.
Configure with a name of your choosing and select Linux for the type and Ubuntu (32 bit) for the version and click on ‘Next’
Adjust the memory and click ‘Next’, you can give the system 1GB but I like to give it 2GB’s which can always be adjusted at a later stage anyway.
Because you already have the vmdk hard disk downloaded already you have to point to the location of the extracted files, you can do this by clicking on ‘Use an existing virtual hard drive file’ and click on the little folder that has the upward green arrow on it to locate the file on your system and select it so that you then have the Metasploitable.vmdk selected and then you can click ‘Create’ to continue.
Once you have completed the previous step you will then have a system created and ready to spin-up on your system but first we need to make a few adjustments so navigate to settings and make the following changes outlined below
Remove the floppy and the CD/DVD as all you need is the Hard Disk to boot and then finally make sure the Network adapter is set to internal as you don’t want this system live on your network as it is full of exploitable holes as that is the nature of this OS
Now power up your system, let it load and then you will see the following screen below:
An excellent resource to use is the Metasploit Unleashed free online security training which you should consider donating to as all the proceeds go to Hackers for Charity.
I had mentioned in the previous lesson that we would also be installing DVWA but one thing I forgot was that it is already included in Metaploitable 2 thanks to the creators integrating it within the image. You also have Mutilldae from OWASP installed and ready to go. But as the image is a bit dated we are going to spin-up DVWA anyway as there are some things like ShellShock which was previously covered now included in the newer version so it’s worth spinning it up.