Metasploit vm

In this lab we are going to set up your Kali and Metasploitable VMs for use in our weekly labs.

We'll run the virtual machines, gather their IPs, and confirm they are able to send/receive traffic between each other.

There are only a few questions but be sure to answer them so the work you perform may be captured for grading purposes.

Preamble.

You will need to download your chosen Virtual Machine Manager (VM) choose the VM that works for your operating system

For Windows

http://www.vmware.com/ - Downloads – VMWare Player

https://www.virtualbox.org/wiki/Downloads

For OSX (Mac)

http://www.vmware.com/ - Downloads – VMWare Fusion (NOTE – This software is not free you can only download a 30 day trial)

https://www.virtualbox.org/wiki/Downloads

Next Download Kali Linux

https://www.kali.org/downloads/

Select Kali Linux 32 Bit and click the direct link for ‘ISO’

Download Metasploitable Linux (This is our target operating system)

https://sourceforge.net/projects/metasploitable/

Click the green button marked ‘download’

Next is installation

https://www.youtube.com/watch?v=a0X9-lCOsEo This Video will guide you through installing Metasploitable using virtual box – the process is similar for VMWare

https://www.youtube.com/watch?v=FVmWMogGX4Q This Video will guide you through installing Kali Linux in Virtual Box – the process is similar for VMWare

During the installation make sure that the password you select for the ‘root’ account is toor

During the installation you will be asked to give your kali VM a ‘hostname’ please make sure that you put your name as the hostname for the machine.

Class: SEC6070

Name:

Date:

1. Open VMware Workstation.

2. Start your Kali and Metasploitable VMs.

Both your Kali VM and your Metasploitable VM should be running.

3. Select Kali linux

4. Type this username at the login prompt: root

5. Type this password: toor

We need to change the default password because it's not secure.

While the password we're changing it to isn't necessarily secure (for the sake of simplicity in this class) we still need to change it on principal.

6. Open a shell. (Look for a small black box at the top left of your screen.)

7. Type: passwd

a. Paste your screenshot here:-

8. Type: wilmuabc (it will ask you to repeat the password)

9. Type: ifconfig

a. Paste your screenshot here:-

10. Record your IP address here:

ANSWER:

NOTE IN ALL FURTHER WORKSHEETS UNLESS OTHERWISE TOLD THIS WILL BE YOUR ‘LHOST’ OR LOCAL HOST

11. Let's double-check no firewall is running.

a. Type: iptables -L (All policies should be set to "ACCEPT".)

b. Paste your screenshot here:-

12. Press ctrl+alt to escape your Kali VM.

Now let's switch our focus to the Metasploitable VM.

13. At the user logon prompt type: msfadmin

14. At the password prompt type: msfadmin

This is an intentionally vulnerable system so there's no point in changing the password from the default.

15. Type: ifconfig

b. Paste your screenshot here:-

16. Record the IP address here:

NOTE IN ALL FURTHER WORKSHEETS UNLESS OTHERWISE TOLD THIS WILL BE YOUR ‘RHOST’ OR REMOTE HOST

Now we know the IP addresses of our Kali and our Metasploitable VMs.

Let's test connectivity.

17. You should still be at the Metasploitable prompt.

a. Type: ping {insert the IP address of your Kali VM}

b. Press ctrl+c to stop the ping.