DEV Community

Cover image for How to setup Metasploitable in a Mac with M1 chip
merlos
merlos

Posted on • Updated on

How to setup Metasploitable in a Mac with M1 chip

Intro

Metasploitable is a virtual machine image that includes lots of vulnerabilities (on purpose) and that can be used to learn how to hack into a machine.

There are two virtual machines for Metasploitable (v3):
1) Ubuntu 14.04
2) Windows 2008 server

Whereas I was able to setup the Ubuntu virtual machine, I could not find the way to run the Windows one and I could not find any reference of someone that made it work.

There is a previous version, Metasploitable 2, based on GNU/Linux that is also fun to use. The steps are also explained below.

Pre-requisites

You need to have installed two tools:

  1. UTM, that is a Virtual Machine engine that runs in M1 chips
  2. Homebrew, which is basically a package manager that allows you to install many open source tools easily

Below you have the steps to install them, but if you already have them, you can skip the steps.

Install UTM

  1. Go to https://docs.getutm.app/installation/macos/
  2. Click on the button Download from GitHub
  3. Install the package.

Install HomeBrew

You just need to run this in a console:

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Enter fullscreen mode Exit fullscreen mode

Note: You may need to install Xcode’s Command Line Tools if you don't have them. Just run:

xcode-select --install
Enter fullscreen mode Exit fullscreen mode

At the end of the installation check out that there are some instructions to add to your .zshrc file.

After the installation you should be able to run the brew command. If you run brew doctor you should get Your system is ready to brew.

brew doctor 
Your system is ready to brew.
Enter fullscreen mode Exit fullscreen mode

Download the Metaexploit 3 image

Thankfully, the guys of Rapid7, the company behind meta exploit, have already created a two images that can be used in Virtual Box, an open source Virtual Machine Engine. However, VirtualBox is not compatible with M1 chips at the time of writing this article, that's why we are using UTM.

So, now, let's see how to download the images and what we need in order to run Metaexploit 3 in UTM.

  1. Go to https://app.vagrantup.com/rapid7
  2. Select the VM you want to download. In this case, the Ubuntu one.

rapid7 vagrant home page

  1. Download the file

rapid7 vagrant download page

The name of the downloaded file has a weird name (some kind of unique id) and does not have extension, but behind the scenes it is a .zip file. So, you need to rename it.

cd Downloads
mv e41199c7-4afd-42b0-80fd-61ee0126e19d metasploitable3-ub1404.zip
Enter fullscreen mode Exit fullscreen mode

Then unzip the file and enter the folder:

cd metasploitable3-ub1404
ls -la                    
total 4407704
drwx------@   6 user  staff         192 Nov 30 08:50 .
drwx------@ 588 user  staff       18816 Nov 30 09:18 ..
-rw-r--r--@   1 user  staff         258 Oct 29  2020 Vagrantfile
-rw-r--r--@   1 user  staff        6367 Oct 29  2020 box.ovf
-rw-r--r--@   1 user  staff          26 Oct 29  2020 metadata.json
-rw-r--r--@   1 user  staff  2256726016 Oct 29  2020 metasploitable3-ub1404-disk001.vmdk
Enter fullscreen mode Exit fullscreen mode

Next step is to convert the VirtualBox image format .vmdk, into a format that UTM understands. For that we need to install qemu (used by UTM behind the scenes) using brew

brew install qemu
Enter fullscreen mode Exit fullscreen mode

Now, to convert the file just use the following command:

qemu-img convert -O qcow2 -c ./metasploitable3-ub1404-disk001.vmdk ./metasploitable3-ub1404-disk001.qcow2
Enter fullscreen mode Exit fullscreen mode

where -c indicates the source file and -O is for the output format, in this case qcow2

Create the UTM VM

The last step is to setup and run the virtual machine in UTM

  1. Open UTM

  2. Create a new VM (button with symbol +) and select "Emulate".

A dialog box that shows to options: Emulate and virtualize

3 Click on other and "Other,"

UTM new VM: Select the OS: Windows, Linux, other

  1. Click on "Skip ISO boot."

UTM new VM dialog box with Skip ISO boot

  1. For hardware, leave it as is. but lower the RAM if you want, it only needs like 1024 MB (maybe less).

UTM new VM Hardware selection dialog box with default values except the RAM memory

  1. For the rest of the options just next, next, next... until you get to the "Summary" page.

  2. On the summary page, select "Open vm settings" then "Save".

UTM new VM Summary page dialog box

  1. A new dialog box with the settings of the VM will appear. You can change the name of the VM.

UTM VM settings main dialog box where you can edit the name

  1. Click on the "QEMU" in the sidebar and uncheck "UEFI Boot".

UTM VM settings QEMU menu dialog box with UEFI Boot option unchecked

  1. Under "Drives" section of the sidebar menu, select "IDE Drive" and delete it.

UTM VM settings, IDE drive section with delete and new drive buttons where you need to click highlighted

  1. Now in the Drive section, click on "New Drive", and then in "Import".

Dialog box that appears when you click on New Drive with the button Import highlighted

  1. Select the .qcow2 file you created earlier with the qemu-img command

  2. Click Save and start the VM.

Item that appears in the list of VM

If you need to login you can use username vagrant and vagrant also as password.

Bonus: Metasploitable 2

Now that you have everything in place installing metasploitable2, another Linux machine, is very simple

  1. Go to https://sourceforge.net/projects/metasploitable/
  2. And download the .zip file
  3. Unzip.
  4. Use qemu-img convert

    cd Metasploitable2-Linux
    qemu-img convert -O qcow2 Metasploitable.vmdk Metasploitable.qcow2
    
  5. Repeat the same steps in UTM as for installing the Metasploitable 3 but now, when you create the new drive, use the Metasploitable.qcow2 file.

To login you can use msfadmin for both username and password.

In both machines to get the IP addresses, just run the command

ifconfig
Enter fullscreen mode Exit fullscreen mode

Image description


Now you can play around with the VM.

If you found this article interesting and you would like me to write some more articles exploiting the vulnerabilities, just drop a comment below.

EOF

Top comments (5)

Collapse
 
sammy51 profile image
Sammy51 • Edited

Thank you very much for that howto everything seemed to work since I got to the part where the *.vdmk Disk needs to be convertet.
The Zip File I got (app.vagrantup.com/rapid7/boxes/met...) contains 10 Disks files. Disk 1 (Name: disk-s001.vmdk) is about 3,5 Gb and I tried to convert that.

But it wont work. What did I miss?

ls
Vagrantfile disk-s004.vmdk disk-s008.vmdk metadata.json metasploitable3-ub1404.vmxf
disk-s001.vmdk disk-s005.vmdk disk-s009.vmdk metasploitable3-ub1404.nvram
disk-s002.vmdk disk-s006.vmdk disk-s010.vmdk metasploitable3-ub1404.vmsd
disk-s003.vmdk disk-s007.vmdk disk.vmdk metasploitable3-ub1404.vmx
Metasploitable3 % qemu-img convert -O qcow2 -c ./disk-s001.vmdk ./disks-001.qcow2
qemu-img: Could not open './disk-s001.vmdk': Could not open './disk-s001.vmdk': Invalid argument

File Name and path seem to be correct if it is not there is a different outcome ("No such file or directory").

Thanks a lot in advance!
Sammy

Collapse
 
sammy51 profile image
Sammy51 • Edited

Hmm .. I asked chatGPT. If its answer is right the "-f vmdk" part is missing above. But that also does not work. Output is again "invalid argument"

qemu-img convert -f vmdk -O qcow2 ./disk-s001.vmdk ./disks-001.qcow2
qemu-img: Could not open './disk-s001.vmdk': Could not open './disk-s001.vmdk': Invalid argument

You can convert a VMDK file to a format compatible with UTM (e.g. RAW or QCOW2) using the following qemu-img command:
qemu-img convert -f vmdk -O <output-format> <input-vmdk-file> <output-file>
Replace with the desired output format (e.g. raw, qcow2), with the path to the input VMDK file, and with the path to the desired output file.
For example, to convert a VMDK file named input.vmdk to a RAW image named output.img, run:
css
qemu-img convert -f vmdk -O raw input.vmdk output.img

Collapse
 
sammy51 profile image
Sammy51 • Edited

Well it seems the files within the metasploitable3 package I got from the link I postet at first is somehow broken.

I tried the same command to convert the metasploitable2.vmdk file to qcow2 and it seemed to work:

qemu-img convert -f vmdk -O qcow2 ./Metasploitable.vmdk ./Metasploitable.qcow2

Metasploitable2-Linux % LS
Metasploitable.nvram    Metasploitable.qcow2    Metasploitable.vmdk Metasploitable.vmsd Metasploitable.vmx  Metasploitable.vmxf
Enter fullscreen mode Exit fullscreen mode

EDIT: Meanwhile for Metasploitable3 I tried the download with the virtualbox version (that one includes only 1 Drive File and its also a *.vmdk). That one was convertible with the same syntax i used for V2. Looks like both virtualmachines are running within utm. But Kali Linux 2022-04 runs within vmware fusion right now. Do you recommend to change that (perhaps also via converting the Vmware Disk) - or isn't that a problem?

Thread Thread
 
sammy51 profile image
Sammy51

Ok sorry again .. write that stuff here so it may help somebody else:

Regarding the Question in the Edit-Part above. I guess it does not matter how much virtual machines and virtual machine host softwares we use. If we edit the configuration from them - so that they are all in the same network and can see each other. That is possible for example with "bridge mode" - if you want to use your physical network - which can be configured via the machine host software (the virtualmachines must be shut down).

Collapse
 
tin0312 profile image
Hoang Nhat Truong

Thank you for sharing!