Setting up Metaexplitable OS for penetration testing is easy. This article explains step-by-step configuration you can follow to setup Metaexplitable & Kali Linux on Oracle Virtual Machine.
Metasploit Framework (MSF) Vs. Metasploitable OS
The Metasploit Framework (MSF) is a collection of exploitation and vulnerability validation tools freely available for security professionals.
The Metasploitable is a virtual machine based on Linux which contains intentional vulnerabilities. Penetration testers can use the configured Metasploitable environment to test known vulnerabilities either using Metasploit Framework (MSF) or other exploitation tool.
1. Download Kali Linux:
We will be using Kali Linux Virtual Image distribution from Offensive Security [https://www.offensive-security.com/] as our testing environment which has Metasploit Framework (MSF) pre-installed.
2. Download Metaexploitable:
The Metaexploited is an open-source project and we can dowloand it from Source-Forge. The current distribution of Metaexplitebloe is available as a VMware virtual machine (VMX).
Download link : https://sourceforge.net/projects/metasploitable/
3. Download Oracle VirtualBox:
The Oracle VM VirtualBox is a free and open-source hosted hypervisor developed by Oracle Corporation.
Download link: https://www.virtualbox.org/wiki/Downloads
Kali Image Configuration:
For detail steps on how to configure Kali Linux on Virtual Box please read our article on Running Kali Linux on VirtualBox
Once you spin up the Kali Linux instance, open a Terminal window and type :
Result should something similar to the below image. (Note the marked IP address)
Configure Metasploitable Virtual Image:
1. Create a Virtual Machine instance for Metasploitable:
2. Allocate memory size to be utilised by Metasploitable:
3. Select the extracted Metasploitable.vmdk file to load as a Hard Disk:
4. Update the network settings :
To allow our Metasploitable virtual machine to be accessed using Kali Linux we need to change the below network settings.
Attached to: -> Bridge Adopter
5. Metasploitable Welcome screen:
Spin up your Virtual Device and you should see the below Metasploitable Welcome screen:
The Metasploitable login is “msfadmin”; the password is also “msfadmin”.
6. Check the Metasploitable IP address:
You can use the below command to view the IP address.
Access Metasploitable from Kali Linux:
Remember, we only need access to Metasploitable instance which has a local IP address assigned (192.168.1.109).
To confirm we can access Metasploitable from Kali Linux, use the below command:
You should see an output similar to the below scree:
Now you can use the Metasploit Framework (MSF) to start testing!
- Offensive Security guide to Metaexploit : https://www.offensive-security.com/metasploit-unleashed/introduction/
- Get Started with Metasploit Tool suite: https://www.metasploit.com/get-started