Metasploitable2 : Hacking / Pen-testing on Real Machine in your LAB: Your Hacking LAB Setup. If you also wonder what it is like to hack a machine in real time, but confused in all the legalities of hacking or pen-testing, here is the solution for you. I will keep this tutorial short precise and explore more on real time hacking with vulnerabilities. So if any doubts please post comments where required.
The list can vary based on setup you want based on few variables, like if you are already running some Linux box or Kali Linux or want to go in Windows based environments, least matters, you can take whatever you like, little risk and allot of learning . So all basics are listed below along with link for each.
- 1 – A running Kali Linux installed as Host OS(advised) or Kali Linux VM or VirtualBox ( Download Kali Linux VMWare or VirtualBox Image to run without installation )
- 2 – Metasploitable 2 Machine Image – ( Download Metasploitable 2 Machine )
- 3- Download VMWare Player / Workstation (Trial ) or VirtualBox
Windows Host: you will have only one option to use two machines connected by NAT Network mode and 2 Virtual Machines running 1- Kali Linux Image that you downloaded above 2- Metasploitable 2 machine , use NAT network mode unless you are using your Host OS as attacking machine with tools like nmap metasploit and other installed. Or you can use Bridged mode if you are sure that you are exposing machine to internet to get a IP just like your real machine, bridged is only when you are sure you wont be harmed or non-production environment.
Kali Linux Host : Here you can have only one metasploitable machine running as you can use Host OS that is kali linux as your attacking OS, so accordingly you can choose Host only mode or Bridged according to needs, I advise Host only mode. If still you plan to run two VMs that is another Kali VM, go for NAT mode.
A Peek into Setup in Kali Linux
I am using VMWare, steps are very similar to Virtual Box and Windows too. Follow below steps to setup.
Assuming the above prerequisites are downloaded
I am running these on Kali Linux to run one less VM
Vmware File Menu –> Open –> Locate the Metasploitable2 OVF File (Extracted), and Open and select location where you want to save the Virtual Machine
File is now Imported in VMWare, We have a Metasploitable2 machine in VMWare.
Next we Setup the Network Mode and ready to hack the machine .
So we start the machine pressing Green Button in Vmware top bar.
So now the machine is up and running with a screen like below.
We now check the IP Assigned to machine after Login in with username and password both msfadmin:msfadmin
and further we check if the machine is reachable from our Host OS ( Kali Linux ) by a simple ping command in Terminal
Further we run a basic nmap, very basic to check ports open on Metasploitable2 Machine
We also check the IP in our browser as Metsaploitable2 also comes with few Web Application Pen-testing LAB . So you can browse these and learn web application pen-testing as well.
In the coming post we start a series of finding the Vulnerabilities and Exploiting the one by one. I will try to post in more details how to find and exploit on live machines so that it could be as close to real world as possible.
Stay Tuned for More Hacking, will be posting more.