An Intentionally Vulnerable Machine for Exploit Testing - Metasploitable3
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit .
Metasploitable3 is released under a BSD-style license. See COPYING for more details.
Building Metasploitable 3
System Requirements:
- OS capable of running all of the required applications listed below
- VT-x/AMD-V Supported Processor recommended
- 65 GB Available space on drive
- 2.5 GB RAM
Requirements:
- Packer
- Vagrant
- Vagrant Reload Plugin
- VirtualBox 5.1.6
- Internet connection
NOTE: A bug was recently discovered in VirtualBox 5.1.8 that is breaking provisioning. More information here .
NOTE: A bug was recently discovered in Vagrant 1.8.7 on OSX that is breaking provisioning. More information here .
To build automatically:
- Run the build_win2008.sh script if using bash, or build_win2008.ps1 if using Windows.
- If the command completes successfully, run 'vagrant up'.
- When this process completes, you should be able to open the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.
To build manually:
1. Clone this repo and navigate to the main directory.
2. Build the base VM image by running packer build windows_2008_r2.json . This will take a while the first time you run it since it has to download the OS installation ISO.
3. After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command vagrant box add windows_2008_r2_virtualbox.box --name=metasploitable3 .
4. Use vagrant plugin install vagrant-reload to install the reload vagrant provisioner if you haven't already.
5. To start the VM, run the command vagrant up . This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes.
6. Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.
1. Clone this repo and navigate to the main directory.
2. Build the base VM image by running packer build windows_2008_r2.json . This will take a while the first time you run it since it has to download the OS installation ISO.
3. After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command vagrant box add windows_2008_r2_virtualbox.box --name=metasploitable3 .
4. Use vagrant plugin install vagrant-reload to install the reload vagrant provisioner if you haven't already.
5. To start the VM, run the command vagrant up . This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes.
6. Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.
Vulnerabilities
More Information
The wiki has a lot more detail and serves as the main source of documentation. Please check it out .
Acknowledgements
The Windows portion of this project was based off of GitHub user joefitzgerald's packer-windows project. The Packer templates, original Vagrantfile, and installation answer files were used as the base template and built upon for the needs of this project.
An Intentionally Vulnerable Machine for Exploit Testing -
Metasploitable3
Reviewed by 0x000216
on
Thursday, January 12, 2017
Rating: 5