If you want to build your portfolio in ethical hacking or are just learning ethical hacking hands-on, installing Metasploitable 3 on your machine is a good starting point. In this article, I will show you how to install Metasploitable 3 on an Ubuntu machine.
Metasploitable is a vulnerable machine, or to be exact, it is a vulnerable virtual machine. Metasploitable 3 is like OWASP Juice Shop, it is used for learning how to conduct a security assessment. I am not sure if Metasploitable 3 has new vulnerabilities, like OWASP Juice Shop, but it is still a good machine. You can use Metasploitbale 3 along with OpenVAS or Nessus to identify the vulnerabilities.
Metasploitable can be run on VMware or VirtualBox using Vagrant, but in this article, I will use QEMU instead.
First, you need to install QEMU on your machine. I will not guide you on the installation, but you can follow these official instructions or this one.
Second, you need to install Packer. The official Metasploiable 3 installation needs you to install Packer. You can follow the official instructions for installing Packer. What is Packer? Packer is a tool for creating identical machine images for multiple platforms from a single source. You need Packer to create a .qcow2 image for QEMU. You can use other tools too for creating the necessary images, but in this article, I will use Packer instead.
Then, before creating the image, you need to install qemu packer plugin and chef plugin. You can just copy the code below.
packer plugins install github.com/hashicorp/qemu
packer plugins install github.com/hashicorp/chefAfter installing the necessary tools, you need to get the Metasploitable 3 file. You can get the official Rapid7 GitHub here or copy the code below:
git clone https://github.com/rapid7/metasploitable3.gitAfter the cloning is finished:
cd metasploitable3You will find some files and directories in metasploitable3 directory. There is build.sh for automatic installation if you want to use VMware or VirtualBox, but we don't need the file for this article. What we need is the ubuntu_1404.json file that resides in packer/template/ directory. You can run the code below.
packer build --only=qemu ./packer/template/ubuntu_1404.jsonDo you notice the — only=qemu flag? That flag is for the preferred virtualisation machine. That flag will tell Packer to build qemu image, the configuration for the image resides in the ubuntu_1404.json file, we just need to run that code above and Packer will handle the rest.
We need to wait for 20–30 minutes, depending on network speed. Server installation will show automatically, and you can set your own configuration.