RN-QQHFzQYtPGkUCfyu8eve2qf0

Thursday, 1 May 2014

Metasploitable 2 Linux - Most Vulnerable OS in the town : Introduction and Installation

What is Metasploitable 2

The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms. By default, Metasploitable's network interfaces are bound to the NAT and Host-only network adapters, and the image should never be exposed to a hostile network.   [Quoted from Rapid7]



Download and install metasploitable linux

Firstly, I'd list some requirements- 10 to 30 GB disk space for metasploitable (Kali would need a similar amount of disk space), 1GB ram for metasploitable (a total of 4GB would be great, 1gb for kali, 1gb for metasploit, and 2gb will keep your host OS running). If you have all this, which you probably should, then go ahead and download Metasploitable from sourceforge. - http://sourceforge.net/projects/metasploitable/
The last time I checked, the download was a zip file.

 After extracting it, no installation is needed. What IS needed is a virtual machine software like Vmware or virtualbox. You can use Virtual Box, which is free, or VmWare workstation, which you'll have to buy, Vmware player is free, and will serve most of your purposes. I am using Vmware Workstation, and will give the instructions for it. Detailed guides are available for all of these on the internet, and I won't waste much time with it. Assuming you have downloaded and extracted the Metasploitable file, and installed Vmware Workstation, follow these instruction-



Open Vmware workstation. Click on file -> Open. Something like this will pop out. After that browse to the location where you extracted the Metasploitable file. It must look somewhat like this. Click on open. You will see something with Vmware icon. Open that one.












Your Virtual machine will be up and running within a few minutes. Depending on the situation, a few more
next and enter stuff would be required, but the instructions provided by the program would be simple and clear and you can help yourself.



Once you've started Metasploitable

You'll have a login prompt, and the login username and password would be given right there. It would be msfadmin, if you can't seem to find it. Nothing else needs to be done here. Now your target is ready, but you are far from done. If this is not your visit to this blog, then you have probably already installed Kali Linux and know how to use it. If you have been following this blog for a long time, then you also know how to use Metasploit to hack Windows machine, and are ready to jump to the next post. So if you have to OS, and the basic hacking skills, then you can stop here and move to the next post, else read on.

Next Post : Vulnerability assessment and exploiting metasploitable 2


Kali Linux and metasploit

While its not necessary to use Kali Linux, and Backtrack, Backbox Linux and other Linux distributions will work well too, there is no reason why NOT to use Kali Linux. It simplifies everything for you, providing you with 100s of tools pre-installed, and is specifically designed for pentesting. It has some advantages over Backtrack, most importantly, it has been written from scratch in Debian and has resolved most of the backtrack issues. It comes preinstalled with Metasploit, so it takes down one step. I have written enough posts on installing Kali Linux to write another one here, so I'm just gonna provide links to posts on my blog which you should read and then come back here. If you expected to read just one post and become 'that cool kid who can hack anything', then you are up for a disappointment. Here is what you should do-


Kali Linux must read post (its must read for a reason, do read it)   Kali Linux Installation post 
The metaploit tutorials (you only have to read the first few to reach the point from where you can come back here, but reading them all would be great. And you don't just 'read', you follow the instructions and do the necessary)-

0 comments:

Post a Comment