The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms. By default, Metasploitable's network interfaces are bound to the NAT and Host-only network adapters, and the image should never be exposed to a hostile network. (Note: A video tutorial on installing Metasploitable 2 is available here.)
A test environment provides a secure place to perform penetration testing and security research. For your test environment, you need a Metasploit instance that can access a vulnerable target. The following sections describe the requirements and instructions for setting up a vulnerable target.
Metasploitable – Test Your Metasploit Against A Vulnerable Host
No matter whether you're taking your first steps with Metasploit or if you're already a pro, you need to practice, practice, practice your skillz. Setting up a penetration testing lab can be time-consuming and expensive (unless you have the hardware already), so I was very excited to learn about a new, free service called Hack A Server, which offers vulnerable machines for you to pwn in the cloud. The service only required that I download and launch a VPN configuration to connect to the vulnerable machines. Since I already had my Metasploit instance set up on BackTrack, it only took minutes to get started. Once you're up and running, you can choose from a large number of vulnerable machines, including Metasploitable. (Note: If you'd prefer to set up your own Metasploitable instance, you can download Metasploitable here.)
Please note that you may only perform attacks against systems where the owner has given you permission. Failure to do so could result in criminal penalties, depending on the legislation in your country. Moreover, make sure that you coordinate your tests and do not unexpectedly interfere with or block a service that other people are using.
Leveraging these intentionally created vulnerable websites and web apps for testing gives you a safe environment to practice your testing legally while being on the right side of the law. In this manner, you can hack without entering dangerous territory that could lead to your arrest.
As Listing 7 shows, Metasploit now automatically runs the mysql-login scan against all listed hosts and also finds the vulnerable root account without a password. All other cases have dictionaries for a password attack on /usr/share/metasploit-framework/data/wordlists. You can apply them by typing:
The conclusion that can be drawn here is that the Metasploitable 2 machine has IP 192.168.154.132. Also, it has a huge lot of open ports. As you will discover later, each of these ports is a potential gateway into the machine. On the metasploitable machine, after logging in with msfadmin:msfadmin, you can execute an ifconfig to verify that the IP is indeed 192.168.154.132 (or whatever may be your case).
If you run nmap against metasploitable2, you will get a long list of runningservices. If you include the -sV flag, you will get some version information.However, the nmap version probes can only gain so much insight. Some services requireyou to use other methods to do version recon, such as connecting to theservice using an app that can speak the service protocol (i.e., hexchat to connect tothe IRC chat client).
Metasploitable is a part of the Metasploit Unleashed. Currently, there is metasploitable 2, hosting a huge variety of vulnerable services and applications based on Ubuntu 8.04, and there is a newer Metasploitable 3 that is Windows Server 2008, or Ubuntu 14.04 based. 2ff7e9595c
Comments