Question

The initial scan that you conducted in Lab 10.3 was on your personal assets. One of the best ways to experience Metasploit in a vulnerable environment is to use Metasploitable2 in a virtual machine. Metasploitable2 is an Ubuntu 8.04 server that runs on a VMware image. The Metasploitable virtual machine contains a number of purposeful vulnerable services, including the following:

• FTP
• Secure Shell
• Telnet
• DNS
• Apache
• Postgres
• MySQL

To use VMware as your virtual environment, you can get the perpetually free VMware player or the VMware Workstation Pro hypervisor that is fully functional for 30 days. I am using VMware of Workstation Pro on this workstation to create the Metasploitable2 instance. If you prefer VirtualBox, you are more than welcome to use a different virtual host. If you already have VMware Workstation installed, you can skip Lab 10.4 .

In Lab 10.4 and Lab 10.5 , you will install VMware Workstation Pro to run Metasploitable2.

---

LAB 10.4 : INSTALLING VMWARE WORKSTATION PRO EVALUATION

1. In the search engine of your choice, look for VMware workstation pro evaluation . You will have several links from which to download the software. If you prefer to download software directly from the manufacturer like I do, you can use the Download VMware Workstation Pro option at www.vmware.com . As you see in Figure 10.16 , there is both a Windows version and a Linux version.

   

   Figure 10.16 : VMware Workstation Pro download—Windows or Linux

2. Download the appropriate file for your platform. The .exe file will typically download to your Downloads folder. Install it, and when you're asked for a license, go ahead without one. The installation will take a few minutes.

---

---

LAB 10.5 : PLAYING METASPLOITABLE2 IN VMWARE PRO

1. Metasploitable2 is created by the Rapid7 Metasploit team in Austin, Texas. By downloading directly from the Rapid7.com link, you are getting the latest, greatest, clean version of the machine. In the browser of your choice, navigate to the following website:

   https://information.rapid7.com/download-metasploitable-2017.html 

2. Fill out the form to download the vulnerable machine and submit. The file link will be available on the next page. When you click Download Metasploitable Now, it will download the metasploitable‐linux.zip file, which is about 825MB.
3. When the download is finished, unzip the archive. Please do not forget where you unzipped the file. (I have been known to re‐unzip a file because I was not paying attention.)
4. Go into VMware Workstation. Click the File menu and select Open. A dialog box will appear, asking you which virtual machine you want to open. You are not going to open the zip file from here. Instead, go into the directory where you unzipped it. There should be a file there called Metasploitable.vmx . Open the file that has the description VMware virtual machine, as shown in Figure 10.17 .

   

   Figure 10.17 : Opening Metasploitable.vmx in VMware

5. Your virtual machine should appear on its own tab in VMware. Click OK and power on this vulnerable Linux machine.
6. You may get a dialog box that asks if you moved it or copied it. For the purposes of this lab, click the I Copied It option. Once the machine is loaded, you will see the Metasploitable2 welcome screen, as shown in Figure 10.18 . Note that the welcome screen tells you to log in with msfadmin/msfadmin , which means that msfadmin is used for both the username and the password.

   

   Figure 10.18 : Metasploitable2 welcome screen

7. Log in with the username msfadmin and the password msfadmin . Once you have a command prompt, type in ifconfig (since this is a Linux machine, not a Windows machine, which would use the ipconfig command instead). Make note of the eth0 IP address in the information that is returned to you. This is the IP address you will be using to access the Metasploitable2 machine. (You could also use the command ip addr to get this information.) As you see in Figure 10.19 , the eth0 inet address is 192.168.124.140 .

   

   Figure 10.19 : ifconfig on the Metasploitable2 box

8. Create a new project by opening Project and scrolling down to Create Project. Name this project Metasploitable2 and use the target IPv4 address. Scan the one asset. When the scan has completed, as you see in Figure 10.20 , this machine has 33 services.

   

   Figure 10.20 : Successful Metasploitable2 scan

9. If you open the Analysis tab and sort by port, you will see that Telnet is open on the Metasploitable box. Remember the PuTTY install? Open PuTTY, add 192.168.124.140 , and choose Telnet as your connection type. Click Open. Sometimes you don't even need to brute‐force a password. As you see in Figure 10.21 , the password is displayed on the welcome screen. On the Services tab, notice that port 22 and 513 are also open. Try using SSH or Rlogin to get into the Metasploitable box.

   

   Figure 10.21 : Using information acquired in Metasploit Community to use PuTTY to access the machine

---

You may be surprised at just how easy that was. There are times you might find this type of open service on a switch using a default password. Navigate to the Overview page on the main page, and you should see at least one vulnerability identified, one applicable module identified, and one credential pair stolen and cracked. Open the vulnerability discovered as well as the module that Metasploit Community suggests would be a viable exploit. Open the Credentials tab to find out what service credentials were acquired.