DEV Community

Arbaoui Mehdi
Arbaoui Mehdi

Posted on

How to set up Metasploitable 3 on macOS Mojave

In this blog post we’ll set up an environment of a list of virtual machines (ubuntu and windows) that includes some intentional vulnerabilities ready to exploit using Metasploitable 3 as the target machines and Kali as an attacker, but before that, there is the list of requirements you need:

Software requirements

You can install VirtualBox, Packer and Vagrant manually from the links below, or you can use https://brew.sh/:

brew cask install virtualbox
brew cask install vagrant
brew install packer
Enter fullscreen mode Exit fullscreen mode

System requirements

  • VT-x/AMD-V Supported Processor recommended
  • 65 GB Available space on drive
  • 4.5 GB RAM

Our environment, in the end, will have these 2 virtual machines, one running Ubuntu metasploitable3-ub1404 and one running Windows metasploitable3-win2k8.

We’ll build the boxes manually, but first, you need to clone the Metasploitable3 repo somewhere on you macOs machine:

git clone https://github.com/rapid7/metasploitable3.git
Enter fullscreen mode Exit fullscreen mode

Install vagrant-reload we’ll need to reload vagrant provisioner:

vagrant plugin install vagrant-reload
Enter fullscreen mode Exit fullscreen mode

Then a cd to the metasploitable3 folder:

cd metasploitable3
Enter fullscreen mode Exit fullscreen mode

Build the base VM image for Ubuntu using packer, the first parameter --only use the name of the virtualization platform plus the template file:

packer build --only=virtualbox-iso ./packer/templates/ubuntu_1404.json
Enter fullscreen mode Exit fullscreen mode

Build the base VM image for Windows:

packer build --only=virtualbox-iso ./packer/templates/windows_2008_r2.json
Enter fullscreen mode Exit fullscreen mode

These two builds take a will to download the Operating Systems Installation.

Now and after the vagrant boxes are created, you need to check the result of vagrant box list:

vagrant box list
Enter fullscreen mode Exit fullscreen mode

And this is what your list should looks like:

metasploitable3-ub1404 (virtualbox, 0)
metasploitable3-win2k8 (virtualbox, 0)
Enter fullscreen mode Exit fullscreen mode

Now let’s add each created vagrant box to the corresponding vagrant environment:

Ubuntu Box:

vagrant box add packer/builds/ubuntu_1404_virtualbox_0.1.12.box --name=metasploitable3-ub1404
Enter fullscreen mode Exit fullscreen mode

Windows Box:

vagrant box add packer/builds/windows_2008_r2_virtualbox_0.1.0.box --name=metasploitable3-win2k8
Enter fullscreen mode Exit fullscreen mode

Now you’ve to start each VM separately which will run the installation and set everything up, but before that let’s edit the VagrantFile and change the value of these two variables ub1404.vm.box and win2k8.vm.box

ub1404.vm.box = "metasploitable3-ub1404"
win2k8.vm.box = "metasploitable3-win2k8"
Enter fullscreen mode Exit fullscreen mode

Starts the VMs

Start the Ubuntu VM

vagrant up ub1404
Enter fullscreen mode Exit fullscreen mode

Start the Ubuntu VM

vagrant up win2k8
Enter fullscreen mode Exit fullscreen mode

If everything is OK you can see the list each VM on VirtualBox:

Alt Text

Get the Windows VM IP

Now you’ve to check the IP of the windows VM by following these steps:

1 - Right-click on the metasploitable3-win2k8 and show:

Alt Text

2 – Select the VM and from the VirtualBox top menu click on input, keyboard then insert Ctrl-Alt-Del (Host+suppr)

Alt Text

3 – From the users list choose Administrator and enter the default password vagrant, be careful if you have an azerty keyboard like me, because the VM keyboard is set up by default to qwerty.

Alt Text

Alt Text

4 – Open Powershell and type ipconfig

Alt Text

5 – Take the value of IPv4 Address and from your computer (macOs) not the virtual machine, open the terminal and use nmap to scan the open ports on the win2k8 VM, the ip address on your case should be different:

sudo nmap -sV -p- -T4 172.28.128.3
Password:

Starting Nmap 7.31 ( https://nmap.org ) at 2018-10-13 16:57 WEST
Nmap scan report for 172.28.128.3
Host is up (0.00062s latency).
Not shown: 65517 filtered ports
PORT      STATE SERVICE       VERSION
22/tcp    open  ssh           OpenSSH 7.1 (protocol 2.0)
1617/tcp  open  nimrod-agent?
3000/tcp  open  http          WEBrick httpd 1.3.1 (Ruby 2.3.3 (2016-11-21))
4848/tcp  open  ssl/http      Oracle Glassfish Application Server
5985/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8020/tcp  open  http          Apache httpd
8022/tcp  open  http          Apache Tomcat/Coyote JSP engine 1.1
8027/tcp  open  unknown
8080/tcp  open  http          Sun GlassFish Open Source Edition  4.0
8282/tcp  open  http          Apache Tomcat/Coyote JSP engine 1.1
8383/tcp  open  ssl/http      Apache httpd
8484/tcp  open  http          Jetty winstone-2.8
8585/tcp  open  http          Apache httpd 2.2.21 ((Win64) PHP/5.3.10 DAV/2)
9200/tcp  open  http          Elasticsearch REST API 1.1.1 (name: Dougboy; Lucene 4.7)
49153/tcp open  msrpc         Microsoft Windows RPC
49154/tcp open  msrpc         Microsoft Windows RPC
49179/tcp open  unknown
49182/tcp open  tcpwrapped
MAC Address: 08:00:27:BC:ED:80 (Oracle VirtualBox virtual NIC)
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Enter fullscreen mode Exit fullscreen mode

Now you can take any open http port from the nmap command result, as an example 8585 that uses Apache httpd 2.2.21 ((Win64) PHP/5.3.10 DAV/2) an from your computer open the browser and access to it using http://172.28.128.3:8585:

Alt Text

You can follow the same steps for the ubuntu ub1404 VM.

That’s it, now you have a couple of vulnerable web apps ready to be hacked.

Top comments (1)

Collapse
 
phluisma profile image
phluisma

I have followed all the steps but...

packer build --only=virtualbox-iso ./packer/templates/windows_2008_r2.json
Error: Failed to prepare build: "virtualbox-iso"

1 error occurred:
* Deprecated configuration key: 'iso_checksum_type'. Please call packer fix
against your template to update your template to be compatible with the current
version of Packer. Visit packer.io/docs/commands/fix/ for more
detail.
==> Wait completed after 3 microseconds
==> Builds finished but no artifacts were created.


I think packer is newer than the script.