Intentionally Vulnerable Machine for Exploit Testing
Metasploitable3 is a free virtual machine that allows you to simulate attacks largely using Metasploit. It has been used by people in the security industry for a variety of reasons: such as training for network exploitation, exploit development, software testing, technical job interviews, sales demonstrations, or CTF junkies who are looking for kicks, etc 🙂
Vulnerable Applications and Services
Building Metasploitable 3
To build automatically:
- Run the build_win2008.sh script if using bash, or build_win2008.ps1 if using Windows.
- If the command completes successfully, run ‘vagrant up’.
- When this process completes, you should be able to open the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.
To build manually:
- Clone this repo and navigate to the main directory.
- Build the base VM image by running
packer build windows_2008_r2.json . This will take a while the first time you run it since it has to download the OS installation ISO.
- After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command
vagrant box add windows_2008_r2_virtualbox.box --name=metasploitable3 .
vagrant plugin install vagrant-reload to install the reload vagrant provisioner if you haven’t already.
- To start the VM, run the command
vagrant up . This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes.
- Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.