Setting Up an Ethical Hacking Lab with Metasploitable3 and Kali Linux on Windows Using Vagrant in VirtualBox
What is Metasploitable3?
Metasploitable3 by Rapid7 is a virtual machine that is intentionally built to contain many security weaknesses and misconfigurations and serves as a valuable tool for cybersecurity education and training. Allowing us to use it as a target for practicing hacking and penetration testing in a controlled and safe environment. Now that you understand what Metasploitable3 is let’s proceed with the installation.
In this lab, we are going to install Metasploitable3 using Vagrant and Kali Linux in VirtualBox on the Windows Operating System. Click here to download VirtualBox and VirtualBox Extension Pack. Once downloaded, Install the VirtualBox and VirtualBox Extension Pack on your Windows OS.
The essence of this lab is for you to have a safe and controlled lab environment where you can practice hacking and penetration testing.
Important! Please do not scan systems that do not belong to you or have legal permission to scan.
Click here to download Vagrant. Scroll down to Windows and download based on the version of your Windows Operating System. 32-bit or 64-bit versions. For this example, I am using a 64-bit Windows version. Vagrant requires you to reboot your system after installation. Ensure to reboot your system on the prompt to reboot.
Once rebooted, open your Windows command prompt. Using the following commands, install the vbguest plugins and Vagrant Reload.
vagrant plugin install vagrant-reloadvagrant plugin install vagrant-vbguest
Type this command vagrant box add rapid7/metasploitable3-win2k8 and press enter to add the Metasploitable3 Windows Server
2008 version to your system using Vagrant.
vagrant box add rapid7/metasploitable3-win2k8Choose option 1 to use VirtualBox. Vagrant will go ahead and download the Windows version of Metasploitable3 from its online repository to your system.
Open Windows Explorer, and locate the downloaded box at C:\Users\username.vagrant.d\boxes. Change the name of the folder from rapid7-
VAGRANTSLASH-metasploitable3-win2k8 to metasploitable3-win2k8.
Change your working directory to the location of the folder Metasploitable3 was downloaded.
On your Windows Command Prompt, type cd .vagrant.d\boxes.
cd .vagrant.d\boxesNext, type vagrant init metasploitable3-win2k8 and press enter to start the initialization process.
vagrant init metasploitable3-win2k8Tips: If you receive this error “Vagrant file already exists in this directory.” Remove it before running vagrant init.” Run this command vagrant init rapid7/metasploitable3-win2k8 –force to overide the existing vagrant. vagrant init {BOX_NAME} –force
Type vagrant up and press enter. Upon successfully completing the setup process, The Windows Version of Metasploitable3 will be available in your VirtualBox Manager. In your VirtualBox Manager, rename your new Metasploitable3 Virtual Machine for easy identification. The default username and password are vagrant. Click here to learn more about Metasploitable3’s security vulnerability.
How to Download Kali Linux Virtual Machine VirtualBox
Next, we are going to download the Kali Linux virtual Machine. Click here to download the Kali Linux virtual machine from the official Kali website.
Next, let’s configure the Networking so our Metasploitable3 can communicate with our Kali Linux VM. In VirtualBox Manager, Navigate to Settings > Network > Adapter1 > Attached to Host-Only Adapter, select and click the OK button.
Let’s configure the Network Adapter2 for Metasploitable3. Settings > Network > Adapter2 > Attached to select Host-Only Adapter and click the OK button.
In VirtualBox Manager, Click the Machine tab and click Add. Locate the downloaded Kali Linux Virtual machine on your system. Click on the folder and click the Open button to import the machine.
Next, we will configure the Networking so our Kali Linux machine can communicate with our Metasploitable3 VM. In VirtualBox Manager, Navigate to Settings > Network > Adapter1 > Attached to select Bridge Adapter and click the OK button.
Let’s configure the Network Adapter2 for the Kali Linux machine. Settings > Network > Adapter2 > Attached to select Host-Only Adapter and click the OK button.
Start your machines and log in. The default credentials for Kali Linux are username: kali and password: kali. The default credentials for Metasploitable3 are Username: vagrant and Password: vagrant.
Important! Please do not scan systems that do not belong to you or have legal permission to scan.
Now, you have a new Windows Server 2008 Vulnerable machine that you can scan as a target for your ethical hacking practice. Open the command prompt. Type ipconfig and hit enter to find your IP address.
Kali Linux is your attacking machine. Open your terminal, type ifconfig, and hit enter to find your IP address.
Click here to learn How to perform Vulnerability Scanning using Nmap. Scanning our newly created Metasploitable3 VM as the target.
References
About The Author
