What is Metaspoitable
Metasploitable is a deliberately insecure virtual machine designed to provide a safe environment for learning and practicing security testing and penetration testing techniques. It is a popular tool used to develop and hone the skills required to identify and exploit vulnerabilities in software systems. The virtual machine is pre-installed with a range of vulnerable software and configurations, including outdated software versions and weak passwords, making it an ideal environment for testing and experimentation without the risk of damaging real systems. Metasploitable is widely used in cybersecurity training and education to provide hands-on experience with practical security testing and penetration testing techniques.
Some of the Vulnerabilities it has:
Metasploitable has a variety of vulnerabilities, including but not limited to: weak/default passwords, vulnerable web applications, vulnerable services, and vulnerable configurations. Some specific examples of vulnerabilities in Metasploitable include:
- Unprotected Windows file shares
- Vulnerable versions of Apache, MySQL, and PHP
- Vulnerable versions of Samba
- Vulnerable FTP and Telnet services
- Weak SSH and Telnet passwords
- A vulnerable version of the Java Runtime Environment
- A vulnerable version of the ProFTPD FTP server
- A vulnerable version of the Tomcat web application server
Steps to get metasploitable using UTM
- install
QEMU
from brew - Download
UTM
and install it by putting it in your applications. - Download
Metasploitable
from rapid7 and extract the zip somewhere. - Run this command in a terminal from the directory you extracted MS to. It will convert the
vmdk
disk image toqcow2
. - In
UTM
, create a new VM. Chose "Emulate," "Other," "Skip ISO boot." - For hardware, leave it as is. Lower the RAM if you want, it only needs like 512M (maybe less).
- For the rest of the options just next, next, next... until you get to the "summary" page.
- On the summary page, select "open vm settings" then "save."
- The VM settings will open. You can change the name at the top if you want.
- Go to "qemu" in the settings and uncheck "UEFI Boot."
- If you want the VM "on the network" with its own (probably) 192.168... address, go to "network" in the settings and select "bridged."
- Under "drives" select "IDE Drive" and delete it.
- Click new drive -> import, and select the qcow2 file you created in step 5.
- Click save and start the VM.
- Finally the default username and password are
msfadmin
# Install qemu by running this in a terminal:
brew install qemu
qemu-img convert -O qcow2 -c Metasploitable.vmdk Metasploitable.qcow2
installing node JS and npm:
# Make sure nnpm and node are not installed
$ node --version
$ npm --version
# if they are not exist do
$ brew install node npm
# Make sure they are updated
$ sudo npm cache clean -f
$ sudo npm install -g n
$ sudo n stable
$ sudo npm --version
# added to your path
$ execute PATH="$PATH"
# check where is node installed in ur machine
$ which node
$ node --version
Installing yarn using npm package manager :
sudo npm install --global yarn
Installing ripgrep
sudo npm install ripgrep
Installing wget
brew install wget