What is Metasploitable 2
The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms. By default, Metasploitable's network interfaces are bound to the NAT and Host-only network adapters, and the image should never be exposed to a hostile network.Download and install metasploitable linux
Firstly, I'd list some requirements- 10 to 30 GB disk space for metasploitable (Kali would need a similar amount of disk space), 1GB ram for metasploitable (a total of 4GB would be great, 1gb for kali, 1gb for metasploit, and 2gb will keep your host OS running). If you have all this, which you probably should, then go ahead and download Metasploitable from sourceforge.
The last time I checked, the download was a zip file.
After extracting it, no installation is needed. What IS needed is a virtual machine software like Vmware or virtualbox. You can use Virtual Box, which is free, or VmWare workstation, which you'll have to buy, Vmware player is free, and will serve most of your purposes. I am using Vmware Workstation, and will give the instructions for it. Detailed guides are available for all of these on the internet, and I won't waste much time with it. Assuming you have downloaded and extracted the Metasploitable file, and installed Vmware Workstation, follow these instruction-
After extracting it, no installation is needed. What IS needed is a virtual machine software like Vmware or virtualbox. You can use Virtual Box, which is free, or VmWare workstation, which you'll have to buy, Vmware player is free, and will serve most of your purposes. I am using Vmware Workstation, and will give the instructions for it. Detailed guides are available for all of these on the internet, and I won't waste much time with it. Assuming you have downloaded and extracted the Metasploitable file, and installed Vmware Workstation, follow these instruction-
Open Vmware workstation. Click on file -> Open. Something like this will pop out. After that browse to the location where you extracted the Metasploitable file. It must look somewhat like this. Click on open. You will see something with Vmware icon. Open that one.
Your Virtual machine will be up and running within a few minutes. Depending on the situation, a few more
next and enter stuff would be required, but the instructions provided by the program would be simple and clear and you can help yourself.
Your Virtual machine will be up and running within a few minutes. Depending on the situation, a few more
next and enter stuff would be required, but the instructions provided by the program would be simple and clear and you can help yourself.
Once you've started Metasploitable
You'll have a login prompt, and the login username and password would be given right there. It would be msfadmin, if you can't seem to find it. Nothing else needs to be done here. Now your target is ready, but you are far from done. You need metasploit to exploit it.
Kali Linux and metasploit
Kali Linux and metasploit
While its not necessary to use Kali Linux, and Backtrack, Backbox Linux and other Linux distributions will work well too, there is no reason why NOT to use Kali Linux. It simplifies everything for you, providing you with 100s of tools pre-installed, and is specifically designed for pentesting. It has some advantages over Backtrack, most importantly, it has been written from scratch in Debian and has resolved most of the backtrack issues. It comes preinstalled with Metasploit, so it takes down one step. I have written enough posts on installing Kali Linux to write another one here, so I'm just gonna provide links to posts on my blog which you should read and then come back here. If you expected to read just one post and become 'that cool kid who can hack anything', then you are up for a disappointment.
0 comments: