Metasploitable 2 – The Setup

In this series I am going to spend some time looking at the amazing Metasploitable2 kindly produced by Rapid7.

Metasploitable is an intentionally vulnerable Linux VM which is designed specifically for the intention of practicing on. There are many ways of exploiting the box – some are very simple and others require a little more thought.

I am going to document my attempts to exploit this in as many different ways as possible. There are many great tutorials and write ups out there but I wanted to try and keep some notes of my own and maybe someone else may find them of use.

First things first – a quick warning. Metasploitable is a vulnerable system – that’s the whole point of it. That being said as it is vulnerable you should NOT expose this directly to the internet or another untrusted network. Use NAT or host only mode for the virtual machine.

For info in my case my environment consists of two virtual machines running in Vmware Fusion:

  1. Kali 2 – The attacker
  2. Metasploitable 2 – The Victim

Once Metasploitable is up and running we should see the following:

Metasploitable2 login
Metasploitable 2 login prompt

The login creds are msfadmin/msfadmin but we aren’t planning on using these – we want to find alternative methods.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s