Installing Metasploitable is pretty easy and straightforward. If all the dependencies are properly installed no problem will occur during the installation process. It may take hours to fully install and prepare Metasploitable 3.
Before the installation process we need to install some dependencies, these are following:
- Packer v1.0.0: https://www.packer.io/downloads.html
- Vagrant 1.9.1: https://releases.hashicorp.com/vagrant/1.9.1/
- Vagrant Reload Plugin v0.0.1: https://github.com/aidanns/vagrant-reload
- Virtualbox 5.1.14: https://www.virtualbox.org/wiki/Downloads
To avoid any trouble during installation it is important to download the exact versions mentioned above. Successful installation depends on the build environment.
We are going to build Metasploitable 3 on Windows 10 Enterprise x54 Machine.
Remember If you are installing Metasploitable on a VM that is running VMware ESXi,Don’t forget to enable ‘Hardware Virtualization’ for VM CPU.
Before building Metasploitable we need to install Vagrant and Virtualbox using downloaded files. We are not going to demonstrate the procedure to install this software as its easy to install just by clicking ‘next’ button a couple of times. We need to install Vagrant reload plugin and download Packer.
Installing Vagrant Reload Plugin
Move to the directory with command line where you have downloaded and unpacked the Vagrant Reload Plugin. After that run the following command:
- vagrant plugin install vagrant-reload
Vagrant Plugin Successfully Installed
Vagrant plugin is installed now next we can continue with downloading Packer.
You Can Download the Packer From the following link:
Get the latest version of Packer and unpack it in the Metasploitable3 master directory. By storing Packer binary in the Metasploitable 3 directory allows us to easily run it to setup the VM without setting variables or using full paths to the binary. When Packer files are copied to the Metasploitable 3 directory we can start setting up the VM.
Creating the Metasploitable 3 VM
As we have installed everything correctly we can use Packer to setup the Virtual Machine in VirtualBox.Now change the directory to Metasploitable 3 location and run the following command:
packer build windows_2008_r2.json
Building Metasploitable 3 VM
This will take some time to complete because it needs to download a copy of Windows 2008 from Microsoft website. When download will be complete the script will continue to setup the virtual machine in VBox and install Windows 2008 on the virtual machine. This process may take 30-60 minutes. It depends on the speed of your internet and configuration of your host machine.
The finished output will look like:
Metasploitable 3 build without errors.
After finishing the script run the following command:
vagrant box add windows_2008_r2_virtualbox.box --name=metasploitable3
Metasploitable 3 added to the Vagrant environment.
Now we have to run one command to have Vagrant execute the scripts that will install vulnerable software on the Windows server 2008 VM.Run the following command,it may take 15-30 minutes to install.
vagrant upThis will completely install Metasploitable 3 and you should be able to start VM in VirtualBox.
Metasploitable 3 installation errors with Vagrant
The Metasploitable 3 setup is a little bit complex and it may contain errors.Most of the errors could be avoided by using the versions of Vagrant,Packer & VBox mentioned in this tut…
While installing the vulnerable software you may get an errorrelated to virtual machine state:” The guest machine entered an invalid state while waiting for it to boot.”If this problem occurs reboot the VM and run the vagrant up command again.
Another error that could occur during installation of vulnerable software may be this:” chocolatey is not recognized as an internal or external command”.This error could occur for other scripts too.To avoid this problem add the following directory to the path variable:
All the scripts in this directory will be accessible without using full path using this command.I run ‘Vagranat up’ command many times to finish these errors.
Running Kali Linux VM on the same host
You need to set the correct network settings if you are running Kali VM in virtual box on the same host. Otherwise, you may not be able to connect to Metasploitable 3 machine from Kali Linux attacker machine. It's not necessary to change the network settings for Metasploitable 3 machine for Kali Linux Virtual Machine.
Boot Metasploitable 3 Machine
Installation Of Metasploitable 3 has been completed now, Just we need to boot in VBox.Default Username for VM is “vagrant” and password is same that is “vagrant”.Installation contained many errors but many of them were fixed with the help of Google. Thanks to the developer of Metasploitable 3 they did a great job on the installation procedure and providing a vulnerable Windows machine to the public.