In Part 1 of building our virtual Hack Lab we installing Virtual Box and client. In this next installment we will install metasploitable 2 and create a private network between the two virtual machines.
1. Open Virtual Box
2. Power on your Kali VM
3. Extract the Metasploitable 2 files to any directory of your choosing. The Metasploitable file with a blue icon (.vmdk file) is our pre-configured virtual image.
4. In virtual box click “New” in the top left corner just like our Kali install. You may name this image anything you want. Copy my settings below.
5. Allocate how much memory you wish to give. 512MB is more than enough. We will only be using this machine to scan/exploit in further exercises. Click next.
6. Select use an existing virtual hard drive and press the little folder with a green arrow. Navigate to where you extracted Metasploitable and select the metasploitable.vdmk file. Click create.
7. Start your VM by pressing the Start green arrow in Virtual Box. You’ll be presented with a login screen. The login and password by default is ‘msfadmin’
Note: At this point you have your two machines and they are NAT or network address translatable to your primary computer. We wish to isolate our lab from our home network while practicing to prevent anything we’re doing from extending to our main home network.
8. In virtual box click settings ->network-> adapter 1. Make your settings match mine. Do this for your Kali and Metasploitable VMs.
9. Your two machines are now connected to a separate VM only network, virtual box is controlling this network through a virtual DHCP service. Now you need to configure each VM to obtain a IP address via DHCP. Edit your ‘/etc/network/interfaces’ file by typing in the command ‘sudo nano /etc/network/interfaces’. Use the arrow keys to move around and when you’re done with your edits press ctrl+x. Save and overwrite your file.
Note: If you want to statically assign your IP addresses you may do so as well. Just look up Debian network settings in google. Both metasploitable and kali are Debian distros.
10. After you make your edits to your interfaces file you’ll need to restart your network service with the command ‘sudo /etc/init.d/networking restart’. After your service restarts you should have obtained an IP address via DHCP as verified by typing the command ‘ifconfig -a’
11. If you configured everything correctly you should now be able to ping your Kali VM from your metasploitable VM and vice versa.
I highly recommend updating and installing Virtual Box Guest Additions at this point. Guest additions will allow you to drag and drop from your host to your VM, preserve your copy and pastes and also pass USB devices from your host to your VM.
BlackMoreOps has a great write-up on how to do this here.
Congratulations! You now have a very simple hack lab set-up. You can add other VM’s to your lab if you wish. Non-updated versions of Windows 98 (No service packs) are also fun to toy with. As I discussed before Metasploitable is a vulnerable *nix machine. At this point you can leave it running and begin trying to attack it. If you don’t know where to begin, don’t worry. We’ll show you how. If you wish to get a jump start I recommend the book Metasploit: The Penetration Tester’s Guide. It has several tutorials on how to begin with metasploit and is a pretty good reference.
NOTE: It is ILLEGAL to attack a network when you do not have express permission in writing to do so. Use ONLY your wireless network unless you want to go to jail.