mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-06-21 04:15:56 +02:00
commit
df28d5e02f
35
COPYING
Normal file
35
COPYING
Normal file
|
@ -0,0 +1,35 @@
|
|||
Copyright (C) 2006-2016, Rapid7, Inc.
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without modification,
|
||||
are permitted provided that the following conditions are met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
|
||||
* Neither the name of Rapid7, Inc. nor the names of its contributors
|
||||
may be used to endorse or promote products derived from this software
|
||||
without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
||||
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
================================================================================
|
||||
|
||||
Metasploitable3 is provided under the 3-clause BSD license above.
|
||||
|
||||
The copyright on this package is held by Rapid7, Inc.
|
||||
|
||||
This license does not apply to several components within the Metasploitable3 source tree. For more details see the LICENSE file.
|
76
LICENSE
Normal file
76
LICENSE
Normal file
|
@ -0,0 +1,76 @@
|
|||
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||
Source: http://www.metasploit.com/
|
||||
|
||||
Files: *
|
||||
Copyright: 2006-2016, Rapid7, Inc.
|
||||
License: BSD-3-clause
|
||||
|
||||
# Metasploitable3 is provided under the 3-clause BSD license provided
|
||||
# at the end of this file.
|
||||
#
|
||||
# The copyright on this package is held by Rapid7, Inc.
|
||||
#
|
||||
# This license does not apply to third-party components detailed below.
|
||||
#
|
||||
# Last updated: 2016-Sept-7
|
||||
#
|
||||
|
||||
Unaltered Files: scripts/installs/disable-auto-update.bat scripts/installs/enable-rdp.bat scripts/installs/openssh.ps1 scripts/installs/vm-guest-tools.bat scripts/configs/disable-auto-logon.bat scripts/configs/microsoft-updates.bat scripts/configs/win-updates.ps1 vagrantfile-windows_2008_42.template
|
||||
Copyright: 2013-2014, Joe Fitzgerald
|
||||
License: MIT
|
||||
|
||||
Altered Files: windows_2008_r2.json answer_files/2008_r2/Autounattend.xml
|
||||
Original work Copyright: 2013-2014, Joe Fitzgerald
|
||||
Modified work Copyright: 2006-2016, Rapid7, Inc.
|
||||
License: MIT
|
||||
|
||||
Files: resources/jenkins/jenkins.war
|
||||
Copyright: 2004-, Kohsuke Kawaguchi, Sun Microsystems, Inc., and a number of other of contributors
|
||||
License: MIT
|
||||
|
||||
|
||||
License: BSD-3-clause
|
||||
Redistribution and use in source and binary forms, with or without modification,
|
||||
are permitted provided that the following conditions are met:
|
||||
.
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
.
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
.
|
||||
* Neither the name of Rapid7, Inc. nor the names of its contributors
|
||||
may be used to endorse or promote products derived from this software
|
||||
without specific prior written permission.
|
||||
.
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
||||
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
License: MIT
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
.
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
.
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
29
README.md
29
README.md
|
@ -1,3 +1,30 @@
|
|||
# Metasploitable3
|
||||
|
||||
Welcome to the repo for the latest version of Metaploitable.
|
||||
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with [metasploit](https://github.com/rapid7/metasploit-framework).
|
||||
|
||||
Metasploitable3 is released under a BSD-style license. See COPYING for more details.
|
||||
|
||||
## Building Metasploitable 3
|
||||
|
||||
Requirements:
|
||||
|
||||
* [Packer](https://www.packer.io/intro/getting-started/setup.html)
|
||||
* [Vagrant](https://www.vagrantup.com/docs/installation/)
|
||||
* [Vagrant Reload Plugin](https://github.com/aidanns/vagrant-reload#installation)
|
||||
* [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
|
||||
* Internet connection
|
||||
|
||||
To build:
|
||||
|
||||
1. Clone this repo and navigate to the main directory.
|
||||
2. Build the base VM image by running `packer build windows_2008_r2.json`. This will take a while the first time you run it since it has to download the OS installation ISO.
|
||||
3. After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command `vagrant box add windows_2008_r2_virtualbox.box --name=metasploitable3`.
|
||||
4. To start the VM, run the command `vagrant up`. This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes.
|
||||
5. Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.
|
||||
|
||||
## Vulnerablities
|
||||
* [See the wiki page](https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities)
|
||||
|
||||
## Acknowledgements
|
||||
The Windows portion of this project was based off of GitHub user [joefitzgerald's](https://github.com/joefitzgerald) [packer-windows](https://github.com/joefitzgerald/packer-windows) project.
|
||||
The Packer templates, original Vagrantfile, and installation answer files were used as the base template and built upon for the needs of this project.
|
||||
|
|
70
Vagrantfile
vendored
70
Vagrantfile
vendored
|
@ -1,17 +1,8 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
# All Vagrant configuration is done below. The "2" in Vagrant.configure
|
||||
# configures the configuration version (we support older styles for
|
||||
# backwards compatibility). Please don't change it unless you know what
|
||||
# you're doing.
|
||||
Vagrant.configure("2") do |config|
|
||||
# The most common configuration options are documented and commented below.
|
||||
# For a complete reference, please see the online documentation at
|
||||
# https://docs.vagrantup.com.
|
||||
|
||||
# Every Vagrant development environment requires a box. You can search for
|
||||
# boxes at https://atlas.hashicorp.com/search.
|
||||
# Base configuration for the VM and provisioner
|
||||
config.vm.box = "metasploitable3"
|
||||
config.vm.hostname = "metasploitable3"
|
||||
config.vm.communicator = "winrm"
|
||||
|
@ -61,66 +52,7 @@ Vagrant.configure("2") do |config|
|
|||
config.vm.provision :shell, path: "scripts/installs/setup_jenkins.bat"
|
||||
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
|
||||
|
||||
# Vulnerability - JMX
|
||||
config.vm.provision :shell, path: "scripts/installs/setup_jmx.bat"
|
||||
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
|
||||
|
||||
# Configure Firewall to open up vulnerable services
|
||||
config.vm.provision :shell, path: "scripts/configs/configure_firewall.bat"
|
||||
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
|
||||
|
||||
# Disable automatic box update checking. If you disable this, then
|
||||
# boxes will only be checked for updates when the user runs
|
||||
# `vagrant box outdated`. This is not recommended.
|
||||
# config.vm.box_check_update = false
|
||||
|
||||
# Create a forwarded port mapping which allows access to a specific port
|
||||
# within the machine from a port on the host machine. In the example below,
|
||||
# accessing "localhost:8080" will access port 80 on the guest machine.
|
||||
# config.vm.network "forwarded_port", guest: 80, host: 8080
|
||||
|
||||
# Create a private network, which allows host-only access to the machine
|
||||
# using a specific IP.
|
||||
# config.vm.network "private_network", ip: "192.168.33.10"
|
||||
|
||||
# Create a public network, which generally matched to bridged network.
|
||||
# Bridged networks make the machine appear as another physical device on
|
||||
# your network.
|
||||
# config.vm.network "public_network"
|
||||
|
||||
# Share an additional folder to the guest VM. The first argument is
|
||||
# the path on the host to the actual folder. The second argument is
|
||||
# the path on the guest to mount the folder. And the optional third
|
||||
# argument is a set of non-required options.
|
||||
# config.vm.synced_folder "../data", "/vagrant_data"
|
||||
|
||||
# Provider-specific configuration so you can fine-tune various
|
||||
# backing providers for Vagrant. These expose provider-specific options.
|
||||
# Example for VirtualBox:
|
||||
#
|
||||
# config.vm.provider "virtualbox" do |vb|
|
||||
# # Display the VirtualBox GUI when booting the machine
|
||||
# vb.gui = true
|
||||
#
|
||||
# # Customize the amount of memory on the VM:
|
||||
# vb.memory = "1024"
|
||||
# end
|
||||
#
|
||||
# View the documentation for the provider you are using for more
|
||||
# information on available options.
|
||||
|
||||
# Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
|
||||
# such as FTP and Heroku are also available. See the documentation at
|
||||
# https://docs.vagrantup.com/v2/push/atlas.html for more information.
|
||||
# config.push.define "atlas" do |push|
|
||||
# push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
|
||||
# end
|
||||
|
||||
# Enable provisioning with a shell script. Additional provisioners such as
|
||||
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
|
||||
# documentation for more information about their specific syntax and use.
|
||||
# config.vm.provision "shell", inline: <<-SHELL
|
||||
# apt-get update
|
||||
# apt-get install -y apache2
|
||||
# SHELL
|
||||
end
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1 +0,0 @@
|
|||
"C:\Program Files\Java\jdk1.6.0_26\bin\java.exe" -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1617 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false SimpleAgent
|
|
@ -4,5 +4,4 @@ netsh advfirewall firewall add rule name="Open Port 8282 for Apache Struts" dir=
|
|||
netsh advfirewall firewall add rule name="Open Port 80 for IIS" dir=in action=allow protocol=TCP localport=80
|
||||
netsh advfirewall firewall add rule name="Open Port 4848 for GlassFish" dir=in action=allow protocol=TCP localport=4848
|
||||
netsh advfirewall firewall add rule name="Open Port 8080 for GlassFish" dir=in action=allow protocol=TCP localport=8080
|
||||
netsh advfirewall firewall add rule name="Open Port 3389 for Remote Desktop" dir=in action=allow protocol=TCP localport=3389
|
||||
netsh advfirewall firewall add rule name="Java 1.6 java.exe" dir=in action=allow program="C:\Program Files\Java\jdk1.6.0_26\bin\java.exe" enable=yes
|
||||
netsh advfirewall firewall add rule name="Open Port 3389 for Remote Desktop" dir=in action=allow protocol=TCP localport=3389
|
|
@ -1,9 +0,0 @@
|
|||
mkdir "%ProgramFiles%\jmx"
|
||||
copy C:\vagrant\resources\jmx\Hello.class "%ProgramFiles%\jmx"
|
||||
copy C:\vagrant\resources\jmx\HelloMBean.class "%ProgramFiles%\jmx"
|
||||
copy C:\vagrant\resources\jmx\SimpleAgent.class "%ProgramFiles%\jmx"
|
||||
copy C:\vagrant\resources\jmx\jmx.exe "%ProgramFiles%\jmx"
|
||||
copy C:\vagrant\resources\jmx\start_jmx.bat "%ProgramFiles%\jmx"
|
||||
cmd /c ""C:\Program Files\7-Zip\7z.exe" x "C:\vagrant\resources\jmx\jdk1.6.zip" -o"C:\Program Files\Java""
|
||||
"%ProgramFiles%\jmx\jmx.exe" -Service Install
|
||||
cacls "C:\Program Files\jmx" /t /e /g Everyone:f
|
Loading…
Reference in New Issue
Block a user