Marown/metasploitable3
1
0
Fork 0
mirror of https://github.com/rapid7/metasploitable3.git synced 2024-06-21 04:15:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2 from rapid7/prep_for_release

Browse Source 
Prep for release
This commit is contained in:
jbarnett-r7 2016-09-09 10:08:23 -05:00 committed by GitHub
commit df28d5e02f
12 changed files with 141 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
COPYING Normal file
View File

@ -0,0 +1,35 @@
Copyright (C) 2006-2016, Rapid7, Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of Rapid7, Inc. nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================================================
Metasploitable3 is provided under the 3-clause BSD license above.
The copyright on this package is held by Rapid7, Inc.
This license does not apply to several components within the Metasploitable3 source tree. For more details see the LICENSE file.

76
LICENSE Normal file
View File

@ -0,0 +1,76 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Source: http://www.metasploit.com/
Files: *
Copyright: 2006-2016, Rapid7, Inc.
License: BSD-3-clause
# Metasploitable3 is provided under the 3-clause BSD license provided
# at the end of this file.
#
# The copyright on this package is held by Rapid7, Inc.
#
# This license does not apply to third-party components detailed below.
#
# Last updated: 2016-Sept-7
#
Unaltered Files: scripts/installs/disable-auto-update.bat scripts/installs/enable-rdp.bat scripts/installs/openssh.ps1 scripts/installs/vm-guest-tools.bat scripts/configs/disable-auto-logon.bat scripts/configs/microsoft-updates.bat scripts/configs/win-updates.ps1 vagrantfile-windows_2008_42.template
Copyright: 2013-2014, Joe Fitzgerald
License: MIT
Altered Files: windows_2008_r2.json answer_files/2008_r2/Autounattend.xml
Original work Copyright: 2013-2014, Joe Fitzgerald
Modified work Copyright: 2006-2016, Rapid7, Inc.
License: MIT
Files: resources/jenkins/jenkins.war
Copyright: 2004-, Kohsuke Kawaguchi, Sun Microsystems, Inc., and a number of other of contributors
License: MIT
License: BSD-3-clause
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
.
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
.
* Neither the name of Rapid7, Inc. nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
License: MIT
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
.
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

29
README.md
View File

@ -1,3 +1,30 @@
# Metasploitable3
Welcome to the repo for the latest version of Metaploitable.
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with [metasploit](https://github.com/rapid7/metasploit-framework).
Metasploitable3 is released under a BSD-style license. See COPYING for more details.
## Building Metasploitable 3
Requirements:
* [Packer](https://www.packer.io/intro/getting-started/setup.html)
* [Vagrant](https://www.vagrantup.com/docs/installation/)
* [Vagrant Reload Plugin](https://github.com/aidanns/vagrant-reload#installation)
* [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
* Internet connection
To build:
1. Clone this repo and navigate to the main directory.
2. Build the base VM image by running `packer build windows_2008_r2.json`. This will take a while the first time you run it since it has to download the OS installation ISO.
3. After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command `vagrant box add windows_2008_r2_virtualbox.box --name=metasploitable3`.
4. To start the VM, run the command `vagrant up`. This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes.
5. Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.
## Vulnerablities
* [See the wiki page](https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities)
## Acknowledgements
The Windows portion of this project was based off of GitHub user [joefitzgerald's](https://github.com/joefitzgerald) [packer-windows](https://github.com/joefitzgerald/packer-windows) project.
The Packer templates, original Vagrantfile, and installation answer files were used as the base template and built upon for the needs of this project.

70
Vagrantfile vendored
View File

@ -1,17 +1,8 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://atlas.hashicorp.com/search.
# Base configuration for the VM and provisioner
config.vm.box = "metasploitable3"
config.vm.hostname = "metasploitable3"
config.vm.communicator = "winrm"
@ -61,66 +52,7 @@ Vagrant.configure("2") do |config|
config.vm.provision :shell, path: "scripts/installs/setup_jenkins.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - JMX
config.vm.provision :shell, path: "scripts/installs/setup_jmx.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Configure Firewall to open up vulnerable services
config.vm.provision :shell, path: "scripts/configs/configure_firewall.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
# config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
# config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
# vb.memory = "1024"
# end
#
# View the documentation for the provider you are using for more
# information on available options.
# Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
# such as FTP and Heroku are also available. See the documentation at
# https://docs.vagrantup.com/v2/push/atlas.html for more information.
# config.push.define "atlas" do |push|
# push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
# end
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
# config.vm.provision "shell", inline: <<-SHELL
# apt-get update
# apt-get install -y apache2
# SHELL
end

BIN
resources/jmx/Hello.class
View File

Binary file not shown.

BIN
resources/jmx/HelloMBean.class
View File

Binary file not shown.

BIN
resources/jmx/SimpleAgent.class
View File

Binary file not shown.

BIN
resources/jmx/jdk1.6.zip
View File

Binary file not shown.

BIN
resources/jmx/jmx.exe
View File

Binary file not shown.

1
resources/jmx/start_jmx.bat
View File

@ -1 +0,0 @@
"C:\Program Files\Java\jdk1.6.0_26\bin\java.exe" -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1617 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false SimpleAgent

3
scripts/configs/configure_firewall.bat
View File

@ -4,5 +4,4 @@ netsh advfirewall firewall add rule name="Open Port 8282 for Apache Struts" dir=
netsh advfirewall firewall add rule name="Open Port 80 for IIS" dir=in action=allow protocol=TCP localport=80
netsh advfirewall firewall add rule name="Open Port 4848 for GlassFish" dir=in action=allow protocol=TCP localport=4848
netsh advfirewall firewall add rule name="Open Port 8080 for GlassFish" dir=in action=allow protocol=TCP localport=8080
netsh advfirewall firewall add rule name="Open Port 3389 for Remote Desktop" dir=in action=allow protocol=TCP localport=3389
netsh advfirewall firewall add rule name="Java 1.6 java.exe" dir=in action=allow program="C:\Program Files\Java\jdk1.6.0_26\bin\java.exe" enable=yes
netsh advfirewall firewall add rule name="Open Port 3389 for Remote Desktop" dir=in action=allow protocol=TCP localport=3389

9
scripts/installs/setup_jmx.bat
View File

@ -1,9 +0,0 @@
mkdir "%ProgramFiles%\jmx"
copy C:\vagrant\resources\jmx\Hello.class "%ProgramFiles%\jmx"
copy C:\vagrant\resources\jmx\HelloMBean.class "%ProgramFiles%\jmx"
copy C:\vagrant\resources\jmx\SimpleAgent.class "%ProgramFiles%\jmx"
copy C:\vagrant\resources\jmx\jmx.exe "%ProgramFiles%\jmx"
copy C:\vagrant\resources\jmx\start_jmx.bat "%ProgramFiles%\jmx"
cmd /c ""C:\Program Files\7-Zip\7z.exe" x "C:\vagrant\resources\jmx\jdk1.6.zip" -o"C:\Program Files\Java""
"%ProgramFiles%\jmx\jmx.exe" -Service Install
cacls "C:\Program Files\jmx" /t /e /g Everyone:f