So lately I have been playing with Metasploitable 2. This is an image that is purposely designed to contain vulnerabilities that are easily exploitable for learning purposes. You can download the virtual machine image here.
The download provides the VMX file which is perfect as I am doing these practice simulations in a virtual machine. Therefore all I have to do is open that VMX file with VMware and I have a working image. The image below shows what this image looks like. It is a Linux machine and does not contain any graphics, that being said, it is not meant to be used it is meant to be attacked.
In order to ensure a safe work environment we must ensure that we are not potentially risking the network we are currently utilizing on our main machine. To do this we go to the settings menu on whatever virtual machine software we are using and setup a “host-only” virtual network. The host-only network is a virtual ethernet connection between the machines set to use that network. Now, in order to have internet access we will also need to setup a “NAT”(Network address translation) virtual network.
The other image we will load in a VM is kali linux. This is a Debian-derived Linux distribution specifically designed for digital forensics and penetration testing. You can find the iso image here. Load this up in your virtual machine software and connect it to the host-only network as well as the NAT network so you can install new packages if need be. I recommend running the virtual machine as a live image rather than installing it just to make things easier. The default username and password are “root” and “toor”
I also recommend creating a clone of each of these virtual machines just in case something goes horribly wrong and you need to start from scratch. This is highly unlikely but good to practice for when things get more complex.
Well, this was the first step to my adventures with Metasploitable 2 and up next will be the notes I took while going through parts of the walk through available here.
Thanks for reading!