What is Metasploitable3?
Metasploitable 3 is a VM built from the ground up with a large number of security vulnerabilities. It is intended to be used as a target for testing adventures with Metasploit. Metasploitable3 is a free virtual machine that allows you to simulate large-scale attacks using Metasploit. It has been used by security industry people for a variety of reasons: such as training for network exploits, development exploits, software testing, technical job interviews, sales performance, or CTF junkies looking for kicks, etc.
Prerequisites & Requirements
Metasploitable3 needs to be created manually because it is based on Windows Server 2008, and according to the license specified by Windows, it is illegal to distribute any version of Windows in any form, be it a VM image or an ISO file. As a result, you will need to install several virtualization management and deployment tools:
- Packer: https://www.packer.io/docs/install/index.html
- Vagrant: https://www.vagrantup.com/docs/installation/
- Vagrant Reload Plugin: https://github.com/aidanns/vagrant-reload#installation
This specific walkthrough will be targeting the build and installation process with VirtualBox, which can be found here: https://www.virtualbox.org/wiki/Downloads. You can follow along with the various installation steps of the prerequisites in the video tutorial above. After installing the tools we can begin working the build Powershell script.
- Exploring Metasploit Auxiliary Modules FTP
- How to Find and Use Public Exploit Code
- Red Team Ethical Hacking Course – Beginner Free Download
Installing Metasploitable3
We first need to download or clone the Metasploitable3 Github repository on to your system, if you have git client for windows, you can clone the repository directly. If you do not have git installed you can download the repository as a zip file and extract it to your working directory.
If you want to install the git client for Windows, you can download the setup here: https://gitforwindows.org/
Note: If you have Hyper-V enabled, please ensure it is disabled as VirtualBox will not work and can cause issues with the build process.
The Github repository is available here: https://github.com/rapid7/metasploitable3/
Once you have cloned the repository on to your system, you need to open a PowerShell session in the Metasploitable3 directory. After you have established a PowerShell session, you need to ensure that you have unrestricted access or privileges to execute scripts with Powershell. To do this we need to run the following command in PowerShell:
Set-ExecutionPolicy Unrestricted
We can now begin the automatic build process by running the PowerShell build script. This script will download an evaluation copy of Windows Server 2008 and all the vulnerable services and tools that are required to create the Metasploitable3 VM.
To execute the script we run the following command in the PowerShell:
.\build.ps1 windows2008
This will begin the build process for the Windows Server 2008 variant, the process will take up to an hour depending on your internet connection. After the build process has been completed you now need to run the following vagrant command:
vargant up
After running vagrant Metasploitable3 will be set up in VirtualBox and the build process is complete, you can now start up the VM and login to the vagrant account. The default username and password for the vagrant user account is “vagrant”.
The process is now complete and you can begin the exploitation process. Happy Hacking!