In this tutorial we will show how to setup Metasploitable 3 on Windows 10 surroundings utilizing Vagrant, Packer and Virtualbox. So far we did a lot of tutorials on hacking the Metasploitable 2 Linux machine on Hacking Tutorials. We’ve demonstrated how to set up Metasploitable 2, how to enumerate it and carry out a vulnerability evaluation, and at last how to exploit it. As like many susceptible machines which can be for download Metasploitable 2 is a Linux machine. Because of strict licensing insurance policies it a problem to present susceptible Windows machines with out breaking any licensing guidelines. Unfortunately you can’t simply download the VM however you’ve to configure it your self utilizing a number of instruments and a Windows 2008 analysis copy which is downloaded from the Microsoft website.
How to setup Metasploitable 3 on Windows 10?
The set up course of is fairly simple and mustn’t trigger an excessive amount of bother when the appropriate dependencies are put in. The greatest a part of the set up course of is dealt with routinely by the set up scripts. The full set up process may take a pair hours in complete, be ready to spend time on the set up of Metasploitable 3.
Before we are able to proceed with the set up process we want to set up a number of dependencies:
In order to keep away from (numerous) bother it is suggested to download the precise model as talked about above. The success fee of the set up script relies upon tremendously on the construct surroundings. For your reference, we’re constructing the Metasploitable 3 machine on Windows 10 Enterprise x64 Build 15063.
Before we are able to construct the VM we’ve got to set up Vagrant and Virtualbox utilizing the downloaded set up information. We won’t exhibit the set up process for this software program because it’s very simple and solely entails clicking ‘next’ a pair instances. Next we want to set up the Vagrant reload plugin and we want to download Packer.
Install Vagrant reload plugin
Change the listing on the command line to the listing the place you’ve downloaded and unpacked the Vagrant Reload plugin. Then run the next command to set up the plugin:
vagrant plugin set up vagrant-reload
Now that we’ve got put in the Vagrant reload plugin we are able to proceed with downloading Packer.
The subsequent step is to download Packer from the next download web page:
Download the most recent model of Packer and unpack it the Metasploitable 3 grasp listing. Storing the Packer binary within the Metasploitable 3 listing permits us to simply execute it to setup the VM with out organising system variables or utilizing full paths to the binary. After copying the Packer file to the Metasploitable 3 listing we are able to begin organising the digital machine.
Creating the Metasploitable 3 VM
Now that we’ve got all pre-requisites put in we are able to use Packer to setup the Virtual Machine in Virtualbox. Move the command line to the Metasploitable 3 location and run the next command from an elevated command line:
packer construct windows_2008_r2.json
This command will take some time to full as a result of first it is going to download a Windows 2008 analysis copy from the Microsoft website. When the download is completed, the script will proceed to setup the digital machine in Virtualbox and set up Windows 2008 on the digital machine. The complete course of will take anyplace from 30-60 minutes. This relies upon on the configuration of your host machine and the velocity of your web connection. When the script is completed the output seems to be as following:
When the script is completed run the next command:
vagrant field add windows_2008_r2_virtualbox.field –identify=metasploitable3
Note: Use 2 dashes for the identify parameter right here.
Finally we’ve got to run the another command to have Vagrant execute the scripts that set up the susceptible software program on the Windows server 2008 digital machine. Run the next command and anticipate to wait one other 15-30 minutes till completion:
This will conclude the set up of Metasploitable 3 and you have to be in a position to begin the VM inside Virtualbox.
Metasploitable 3 set up errors with Vagrant
The Metasploitable 3 setup course of is a bit tough and susceptible to errors associated to particular variations of the stipulations. Most errors I confronted whereas penning this tutorial have been prevented by utilizing the variations of Vagrant, Packer & Virtualbox talked about earlier on this tutorial. Especially the most recent model of Virtualbox resulted in many errors after issuing the vagrant up command.
During the set up of the susceptible software program you may get an error associated to the digital machine state: “The guest machine entered an invalid state while waiting for it to boot.”. When this occurs reboot the digital machine and run the vagrant up command once more.
Another error which will happen in the course of the set up of susceptible software program is the next: “chocolatey is not recognized as an internal or external command”. The error didn’t solely apply to Chocolatey but in addition another scripts. To eliminate this error I’ve added the next listing to the Path variable:
This will make all of the scripts on this listing accessible with out utilizing a full path. Eventually I had to run the ‘Vagrant up’ command a number of instances earlier than it completed with out errors.
Running Kali Linux VM on the identical host
If you’re operating your Kali Linux digital machine in Virtualbox on the identical host you’ve to just be sure you set the proper community settings. Otherwise you gained’t have the opportunity to join to the Metasploitable 3 machine out of your Kali Linux assault field. You’re not required to alter the community settings for the Metasploitable 3 machine, just for the Kali Linux VM:
Booting Metasploitable 3
Now that we’ve accomplished the set up process for Metasploitable 2 we’re prepared to boot in in Virtualbox. The default username for the digital machine is “vagrant” with password “vagrant”. Even although the set up course of produced quiet some errors there have been none that we couldn’t repair shortly (Google is your pal!). I need to say that the builders of Metasploitable 3 did a terrific job on the set up process and offering a susceptible Windows machine to the general public.