In this series I am going to spend some time looking at the amazing Metasploitable2 kindly produced by Rapid7.
Metasploitable is an intentionally vulnerable Linux VM which is designed specifically for the intention of practicing on. There are many ways of exploiting the box – some are very simple and others require a little more thought.
I am going to document my attempts to exploit this in as many different ways as possible. There are many great tutorials and write ups out there but I wanted to try and keep some notes of my own and maybe someone else may find them of use.
First things first – a quick warning. Metasploitable is a vulnerable system – that’s the whole point of it. That being said as it is vulnerable you should NOT expose this directly to the internet or another untrusted network. Use NAT or host only mode for the virtual machine.
For info in my case my environment consists of two virtual machines running in Vmware Fusion:
- Kali 2 – The attacker
- Metasploitable 2 – The Victim
Once Metasploitable is up and running we should see the following:
The login creds are msfadmin/msfadmin but we aren’t planning on using these – we want to find alternative methods.