Metasploitable2 : Hacking / Pen-testing on Real Machine in your LAB: Your Hacking LAB Setup. If you also wonder what it is like to hack a machine in real time, but confused in all the legalities of hacking or pen-testing, here is the solution for you. I will keep this tutorial short precise and explore more on real time hacking with vulnerabilities. So if any doubts please post comments where required.

Prerequisites

The list can vary based on setup you want based on few variables, like if you are already running some Linux box or Kali Linux or want to go in Windows based environments, least matters, you can take whatever you like, little risk and allot of learning . So all basics are listed below along with link for each.

Machine Configuration

Windows Host: you will have only one option to use two machines connected by NAT Network mode and 2 Virtual Machines running 1- Kali Linux Image that you downloaded above 2- Metasploitable 2 machine , use NAT network mode unless you are using your Host OS as attacking machine with tools like nmap metasploit and other installed. Or you can use Bridged mode if you are sure that you are exposing machine to internet to get a IP just like your real machine, bridged is only when you are sure you wont be harmed or non-production environment.

Kali Linux Host : Here you can have only one metasploitable machine running as you can use Host OS that is kali linux as your attacking OS, so accordingly you can choose Host only mode or Bridged according to needs, I advise Host only mode. If still you plan to run two VMs that is another Kali VM, go for NAT mode.

A Peek into Setup in Kali Linux

I am using VMWare, steps are very similar to Virtual Box and Windows too. Follow below steps to setup.

Assuming the above prerequisites are downloaded

I am running these on Kali Linux to run one less VM


Vmware File Menu –> Open –> Locate the Metasploitable2 OVF File (Extracted), and Open and select location where you want to save the Virtual Machine

Metasploitable 2 OVF FIle, Open this in VMWare / VirtualBox
Metasploitable 2 OVF FIle, Open this in VMWare / VirtualBox

File is now Imported in VMWare, We have a Metasploitable2 machine in VMWare.

Metasploitable2 Machine in VMware in Kali Linux Host
Metasploitable2 Machine in VMware in Kali Linux Host

Next we Setup the Network Mode and ready to hack the machine .

Choosing between Host only ,NAT  or Bridged Mode in Network Settings of Machine
Choosing between Host only ,NAT or Bridged Mode in Network Settings of Machine

So we start the machine pressing Green Button in Vmware top bar.

Metasploitable2 Start the Metasploitable2 VMware Machine
Metasploitable2 Start the Metasploitable2 VMware Machine

So now the machine is up and running with a screen like below.

Metasploitable2 - First screen, username and password is msfadmin:msfadmin
Metasploitable2 – First screen, username and password is msfadmin:msfadmin

We now check the IP Assigned to machine after Login in with username and password both msfadmin:msfadmin

Metsasploitable2 : Check IP by ifconfig and check the eth0 inet addr
Metsasploitable2 : Check IP by ifconfig and check the eth0 inet addr

and further we check if the machine is reachable from our Host OS ( Kali Linux ) by a simple ping command in Terminal

a simple ping from Host OS to check if Virtual Machine is reachable by ping <IP Address> -c 3
a simple ping from Host OS to check if Virtual Machine is reachable by ping -c 3

Further we run a basic nmap, very basic to check ports open on Metasploitable2 Machine

We also need to know the ports services and more about machine, so a simple nmap command to get open ports
We also need to know the ports services and more about machine, so a simple nmap command to get open ports
nmap <IP Address>

We also check the IP in our browser as Metsaploitable2 also comes with few Web Application Pen-testing LAB . So you can browse these and learn web application pen-testing as well.

Metasploitable2 machine IP Address in Host OS Browser to find we also have few Web Application hosted for Hacking / Pentesting
Metasploitable2 machine IP Address in Host OS Browser to find we also have few Web Application hosted for Hacking / Pen-testing

In the coming post we start a series of finding the Vulnerabilities and Exploiting the one by one. I will try to post in more details how to find and exploit on live machines so that it could be as close to real world as possible.
Stay Tuned for More Hacking, will be posting more.

What Do You Think on This ? Say Here