What is Metasploitable3?
Metasploitable3 by Rapid7 is a Virtual Machine that is intentionally built to contain many security weaknesses and misconfigurations to serve as a valuable tool for cybersecurity education and training. Allowing us to use it as a target for practicing hacking and penetration testing in a controlled and safe environment. Now that you understand what Metasploitable3 is, let’s proceed with the installation.
In this lab, we are going to install Metasploitable3 using Vagrant on the Windows Operating System. Click here to download VirtualBox and VirtualBox Extension Pack. Once downloaded Install the VirtualBox and VirtualBox Extension Pack on your Windows OS.
The essence of this lab is for you to have a safe and controlled lab environment where you can practice ethical hacking and penetration testing.
Important! Please do not scan systems that do not belong to you or have legal permission to scan.
Click here to download Vagrant. Scroll down to Windows and download based on the version of your Windows Operating System. 32-bit or 64-bit versions. For this example, I am using a 64-bit Windows version. Vagrant requires you to reboot your system after installation. Ensure to reboot your system on the prompt to reboot.
Once rebooted, open your Windows command prompt. Using the following commands, install the vbguest plugins and Vagrant Reload.
vagrant plugin install vagrant-reload
vagrant plugin install vagrant-vbguest
Type this command vagrant box add rapid7/metasploitable3-win2k8 and press enter to add the Metasploitable3 Windows Server
2008 version to your system using Vagrant. Choose option 1 to use VirtualBox. Vagrant will go ahead and download the Windows version of Metasploitable3 from its online repository to your system.
Open Windows Explorer, and locate the downloaded box at C:\Users\username.vagrant.d\boxes. Change the name of the folder from rapid7-
VAGRANTSLASH-metasploitable3-win2k8 to metasploitable3-win2k8.
Change your working directory to the location of the folder Metasploitable3 was downloaded.
On your Windows Command Prompt, type cd .vagrant.d\boxes. Next, type vagrant init metasploitable3-win2k8 and press enter to start the initialization process.
Tips: If you receive this error “
Vagrantfile already exists in this directory. Remove it before running vagrant init.” Run this command vagrant init rapid7/metasploitable3-win2k8 –force to overide the existing vagrant. vagrant init {BOX_NAME} –force
Type vagrant up and press enter. Upon the successful completion of the setup process, The Windows Version of Metasploitable3 will be available in your VirtualBox Manager. In your VirtualBox Manager, rename your new Metasploitable3 Virtual Machine for easy identification. The default Username is vagrant and the Password is vagrant. Click here to learn more about Metasploitable3’s security vulnerability.
Next, let’s configure the Networking so our Metasploitable3 can communicate with your attacking machine. In VirtualBox Manager, Navigate to Settings > Network > Adapter1 > Attached to Host-Only Adapter select and click the OK button.
Let’s configure the Network Adapter2 for Metasploitable3. Settings > Network > Adapter2 > Attached to select Host-Only Adapter and click the OK button.
Start your machines and log in. The default credential for Metasploitable3 is Username: vagrant and Password: vagrant.
Now you have a new Windows Server 2008 Vulnerable machine that you can scan as a target for your ethical hacking practice. Open the command prompt. Type ipconfig and hit enter to find your IP address.
Click here to learn How to set up an Ethical hacking lab.
Click here to learn How to perform Vulnerability Scanning using Nmap. Scanning our newly created Metasploitable3 VM as the target.
About The Author
