Learn Penetration Testing with Metasploitable3

Metasploitable3 is a free virtual machine that allows you to simulate attacks largely using Metasploit. It has been used by people in the security industry for a variety of reasons: such as training for network exploitation, exploit development, software testing, technical job interviews, sales demonstrations, or CTF junkies who are looking for kicks, etc 🙂

How to build

git clone https://github.com/rapid7/metasploitable3.git

System Requirements:

  • OS capable of running all of the required applications listed below
  • VT-x/AMD-V Supported Processor recommended
  • 65 GB Available space on drive
  • 4.5 GB RAM

Requirements:

To build automatically:

  1. Run the build_win2008.sh script if using bash, or build_win2008.ps1 if using Windows.
  2. If the command completes successfully, run ‘vagrant up’.
  3. When this process completes, you should be able to open the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.

To build manually:

  1. Clone this repo and navigate to the main directory.
  2. Build the base VM image by running packer build --only=<provider> windows_2008_r2.json where <provider> is your preferred virtualization platform. Currently virtualbox-iso and vmware-iso are supported. This will take a while the first time you run it since it has to download the OS installation ISO.
  3. After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command vagrant box add windows_2008_r2_<provider>.box --name=metasploitable3.
  4. Use vagrant plugin install vagrant-reload to install the reload vagrant provisioner if you haven’t already.
  5. To start the VM, run the command vagrant up. This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes.
  6. Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.

If you failed to build Metasploitable3, you can download Metasploitable3 here. I built for you.

Tutorial

Reference: rapid7