Building an ethichal hacking lab on your laptop with VirtualBox – Part 10 – Metasploitable

Following on from the installs and configurations so far of pfsense, linux mint and a whole host of applications to turn the system into a Network Intrusion Detection System (NIDS).

Now it’s time to install some other OS that are vulnerable to attack in order to be able to both attack and forensically analyse the attacks and understand what is actually going on within your environment from the point of both attacker and incident responder (IR) later down the road.

First download Metasploitable2

Once you have extracted the folder inside called Metapsloitable2-Linux you should have the following directory structure like is seen in the image below:

1 - Extracted Metasploitable zip file

1 – Extracted Metasploitable zip file

You now have a virtual machine disk that is already configured for you and full of vulnerabilities which is great for practice. Next we need to open VirtualBox and click on ‘New’ to create a new virtual machine.

Configure with a name of your choosing and select Linux for the type and Ubuntu (32 bit) for the version and click on ‘Next’

2 - Creating the metapsolitable vm

2 – Creating the metapsolitable vm

Adjust the memory and click ‘Next’, you can give the system 1GB but I like to give it 2GB’s which can always be adjusted at a later stage anyway.

2 - Adjusting the metapsolitable vm RAM

2 – Adjusting the metapsolitable vm RAM

Because you already have the vmdk hard disk downloaded already you have to point to the location of the extracted files, you can do this by clicking on ‘Use an existing virtual hard drive file’ and click on the little folder that has the upward green arrow on it to locate the file on your system and select it so that you then have the Metasploitable.vmdk selected and then you can click ‘Create’ to continue.

4 - Selecting the metapsolitable vm hard disk

4 – Selecting the metapsolitable vm hard disk

Once you have completed the previous step you will then have a system created and ready to spin-up on your system but first we need to make a few adjustments so navigate to settings and make the following changes outlined below

5 - Metapsolitable system settings

5 – Metapsolitable system settings

Remove the floppy and the CD/DVD as all you need is the Hard Disk to boot and then finally make sure the Network adapter is set to internal as you don’t want this system live on your network as it is full of exploitable holes as that is the nature of this OS

6 - Metasploitable network settings

6 – Metasploitable network settings

Now power up your system, let it load and then you will see the following screen below:

7 - Metasploitable loaded

7 – Metasploitable loaded

An excellent resource to use is the Metasploit Unleashed free online security training which you should consider donating to as all the proceeds go to Hackers for Charity.

I had mentioned in the previous lesson that we would also be installing DVWA but one thing I forgot was that it is already included in Metaploitable 2 thanks to the creators integrating it within the image. You also have Mutilldae from OWASP installed and ready to go. But as the image is a bit dated we are going to spin-up DVWA anyway as there are some things like ShellShock which was previously covered now included in the newer version so it’s worth spinning it up.



Leave a Reply