Installing Metasploitable

Muharrem AYDIN
A free video tutorial from Muharrem AYDIN
Computer Engineer, Ethical Hacking, Cyber Security Expert
4.5 instructor rating • 32 courses • 108,349 students

Lecture description

Preparation of the virtual lab for pentesting Metasploitable 2 with Kali

Learn more from the full course

Ethical Hacking with Metasploit: Exploit & Post Exploit

Learn Ethical Hacking from scratch with Metasploit, exploit vulnerabilities and become a white hat hacker | Ethical 2021

05:13:16 of on-demand video • Updated November 2021

  • You will become an expert in using Metasploit for ethical hacking and network security.
  • Set up a lab environment to practice hacking
  • Install Kali Linux - a penetration testing operating system
  • Install Windows & vulnerable operating systems as virtual machines for testing
  • Learn Linux commands and how to interact with the terminal
  • Discover vulnerable applications
  • Vulnerability scanning, Exploit, Post Exploit, Payload
  • Gain control over computer systems using server side attacks
  • Exploit vulnerabilities to gain control over systems
  • Gathering password hashes, cracking passwords, taking screenshots, logging keystrokes etc.
  • Using backdoors to persist on the victim machine
  • The very latest up-to-date information and methods
  • During the course you will learn both the theory and how to step by step setup each method
  • Social Engineering Toolkit (SET) for Phishing
  • Ethical hacking involves a hacker agreeing with an organization or individual who authorizes the hacker to levy cyber attacks on a system.
  • Becoming an ethical hacker involves learning at least one programming language and having a working knowledge of other common languages like Python, SQL, C++
  • Many hackers use the Linux operating system (OS) because Linux is a free and open-source OS, meaning that anyone can modify it. It’s easy to access.
  • Ethical hacking is legal because the hacker has full, expressed permission to test the vulnerabilities of a system
  • The Certified Ethical Hacker (CEH) certification exam supports and tests the knowledge of auditors, security officers, site administrators, security.
  • Passing the Certified Information Security Manager (CISM) exam indicates that the credentialed individual is an expert in the governance of information security
  • The different types of hackers include white hat hackers who are ethical hackers and are authorized to hack systems, black hat hackers who are cybercriminals.
  • ethical hacking
  • cyber security
  • android hacking
  • hacking
  • Ethical Intelligence
  • Ethical Hacker
English As a target systems will use a few devices. One of the target devices will be Metasploitable 2. Metasploitable is an intentionally vulnerable Linux virtual machine created by Rapid7 who produces Metasploit project as well. This VM can be used to conduct security training test security tools and practice common penetration testing techniques. The VM will run on any reason VMWare products and other virtualization technologies such as VirtualBox. Now when you google the word Metasploitable you'll find a download link of Rapid7 on the very first row. You can download it from the sourceforge.net site as well which is on the second line. Now there's another link that's the GitHub address of Metasploitable 3. Metasploitable 3 is another version of Metasploitable produced by again Rapid 7. So let's go to the page System requirements in the readme section says Metasploitable 3 virtual machine requires 65 65 gigabytes of free space on my drive and 4.5 gigabytes of RAM. Well these amounts are little too much for me. So I'm going to go back and use Metasploittable 2 though It's an excellent practicing machine So turn back to the Google search tab and click the first link to the official download page of Metasploitable Metasploitable Fill out the form and click submit to download Metasploitable to Linux virtual machine. So I've already downloaded it and opened with my VM Ware Fusion. Now as you can see I do have other VM`s here. OWASP Broken Web Application and a Windows XP. You may download and use other systems like these. Just to give you more scanning practice. So let's look at the settings of Metasploitable. I'll use my virtual machines in NAT network mode and I allocated gig of RAM which is the recommended amount. So now we're ready to run the VM And as you can see there are a lot of services that start with the operating system start username is msfadmin and the password is the same. So check the IP address and see if it's in the same IP block with your copy machine using the ifconfig command. So looking at the open TCP ports using netstat - tnlp you will see a lot of ports are open and looking at the services up and running using "ps aux" you'll see a lot of these services as well. These increase the attack surface of the machine which is just what we want and of course we'll use Windows machines as our targets of our attack. And you know the reason why! Windows are the most common operating system. One of the windows targets will be Windows XP Service Pack 1. Now it's not designed to be vulnerable but well it is naturally a vulnerable system. It's not an up to date system. A lot of patches are missing and as you probably know, too Microsoft does not support this operating system anymore. Another target system that I'll use is Windows 8. It's an up to date and modern operating system. Now just so you know I have to point out that Microsoft Windows operating systems are commercial. They are not free. You have to have their license to use. Now if you have any windows ISO you can install it as a virtual machine. Just follow the steps that I showed you in the lecture of the installation of `Kali the Light` from the ISO file.