By Carlos VillegasSetting Up a Pentest lab Kali Linux & Metasploitable 3/17/2015 Table of Contents 1. Install VirtualBox host for your operating system 2 2. Create/Setup Kali Virtual Machine (VM) 3 3. Create/Setup Metasploitable 2.0 Virtual Machine (VM) 4 4. Find the IPv4 address for your Metasploitable 2.0 Virtual Machine (VM) 5 5. Find the IPv4 address for your Kali Virtual Machine (VM) 6 6. Test communication from the Kali VM to the Metasploitable VM 7 7. Test communication from the Metasploitable 2.0 VM to the Kali VM 8 8. Verify that neither VM can communicate with the outside 9 1 via a vulnerability which eventually gets patched-up. Download VirtualBox at https://www.virtualbox. Sometimes malware (viruses.org/wiki/Downloads b. You only get those patches if you update VirtualBox as shown below: 2 . I can’t stress how important updating it is. Install VirtualBox host for your operating system a.By Carlos Villegas Setting Up a Pentest lab Kali Linux & Metasploitable 3/17/2015 1. Update VirtualBox on a regular basis (at least every week). in this case VirtualBox. worms escape virtualization sandboxes. By Carlos Villegas Setting Up a Pentest lab Kali Linux & Metasploitable 3/17/2015 2. Create/Setup Kali Virtual Machine (VM) a.org/downloads/ b. Configure VM to have “Host-only” Network Adapter and Promiscuous Mode “Allow All” 3 . Download Kali at https://www.kali. Download Metasploitable at http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ c.be/e0vpBKRZPGc b. Create/Setup Metasploitable 2. Video tutorial on how to install Metasploitable 2.By Carlos Villegas Setting Up a Pentest lab Kali Linux & Metasploitable 3/17/2015 3.0 in VirtualBox: https://youtu.0 Virtual Machine (VM) a. Configure VM to have “Host-only” Network Adapter and Promiscuous Mode “Allow All” 4 . The IPv4 address for your Metasploitable 2. You will see the following screen once you have successfully logged in.0 terminal to extract the IPv4 address of your Metasploitable 2. Login to your Metasploitable 2. e. Find the IPv4 address for your Metasploitable 2.By Carlos Villegas Setting Up a Pentest lab Kali Linux & Metasploitable 3/17/2015 4.0 VM: 192. c. it is identified below with a red arrow.0 VM. If you don’t.0 Virtual Machine (VM) a. Password: msfadmin b. yours may be different and that’s OK.0 VM: ifconfig | sed -n 2p | cut -d ":" -f2 | cut -d " " -f1 d. please try to login again.____ 5 . Username: msfadmin ii.____. Run the following piped one-line command in the Metasploitable 2.0 VM i. Write the IPv4 address for your Metasploitable 2.168. For this example. it is identified below with a red arrow. Run the following piped one-line command in the Kali terminal to extract the IPv4 address of your Kali VM: ifconfig | sed -n 2p | cut -d ":" -f2 | cut -d " " -f1 d.By Carlos Villegas Setting Up a Pentest lab Kali Linux & Metasploitable 3/17/2015 5. Write the IPv4 address for your Kali VM: 192. Password is whatever you chose when you installed your Kali VM b. Login to your Kali VM i.____. Username: root ii. The IPv4 address for your Kali VM. yours may be different and that’s OK.168. Find the IPv4 address for your Kali Virtual Machine (VM) a. For this example.____ 6 . e. start a terminal command line by clicking the icon pointed by the red arrow below c. Once you are successfully logged-in to Kali. Let’s use the ping command to see if your Kali VM can see and communicate with your Metasploitable 2. Test communication from the Kali VM to the Metasploitable VM a. If you continue to have packet losses. Ask someone to assist you.0 VM. try the command again.By Carlos Villegas Setting Up a Pentest lab Kali Linux & Metasploitable 3/17/2015 6.0 VM> 7 . Verify that 0% packets are lost when the following command is ran from your Kali VM. If you have packet loss. ping –c 3 <IPv4 of your Metasploitable 2. something is wrong and needs to be trouble-shooted. try the command again. ping –c 3 <IPv4 of your Kali VM> 8 . Ask someone to assist you. Verify that 0% packets are lost when the following command is ran from your Metasploitable 2. Let’s use the ping command to see if your Metasploitable 2. Test communication from the Metasploitable 2.By Carlos Villegas Setting Up a Pentest lab Kali Linux & Metasploitable 3/17/2015 7. If you have packet loss.0 VM.0 VM can see and communicate with your Kali VM.0 VM to the Kali VM a. something is wrong and needs to be trouble-shooted. If you continue to have packet losses. It is extremely important not to actively reach-out to any device on another network (i.0 VM). you are in a competition where they give you the right to actively scan and practice offensive cyber techniques ii. you have explicit permission to scan and hack the device(s) d. in this tutorial we are going to use the nmap command on a machine that is yours (i.e.8.8 9 . as we did in previous steps.8 e.8. Verify that neither VM can communicate with the outside a.0 VM and verify the “Network is unreachable”: ping –c 3 8. internet) that is not your own unless you have permissions. b. For example. You always want to set your network adapter to “Host-only”. Run the following command from your Kali VM and verify the “Network is unreachable”: ping –c 3 8. you own the equipment iii.8. c.By Carlos Villegas Setting Up a Pentest lab Kali Linux & Metasploitable 3/17/2015 8. you can do whatever you want to it. unless: i.8. your Metasploitable 2. Run the following command from your Metasploitable 2.e. Because that machine is yours.
Report "Tutorial to Setup a Metasploitable and Kali Linux"