a4ecd265cf
* make guest tools last so pre-reqs are in place Packer 1.3.x and possibly more does not inject enviornment variables as expected into `windows-shell` provisioners, moving script that requires these into a `shell` provisioner. * do not trust default uploaded windows.iso Packer in some cases will upload windows.iso from the host building the VM, since server 2008 needs a specific older version of tools this can cause problems. Example issue: VMware Fusion 11 on macOS Mojave will supply 10.3.x in windows.iso and will hit https://kb.vmware.com/s/article/55798 due the patch level expectaions that are intentionally not met for Windows 2008r2. |
||
---|---|---|
.github | ||
chef/cookbooks | ||
iso | ||
packer | ||
resources | ||
scripts | ||
versions/pro | ||
.gitignore | ||
build.ps1 | ||
build.sh | ||
COPYING | ||
LICENSE | ||
README.md | ||
Vagrantfile |
Metasploitable3
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.
Metasploitable3 is released under a BSD-style license. See COPYING for more details.
Quick-start
To use the prebuilt images provided at https://app.vagrantup.com/rapid7/ create a new local metasploitable workspace:
mkdir metasploitable3-workspace
cd metasploitable3-workspace
curl -O https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile && vagrant up
Or clone this repository and build your own box.
Building Metasploitable 3
System Requirements:
- OS capable of running all of the required applications listed below
- VT-x/AMD-V Supported Processor recommended
- 65 GB Available space on drive
- 4.5 GB RAM
Requirements:
- Packer
- Vagrant
- Vagrant Reload Plugin
- VirtualBox, libvirt/qemu-kvm, or vmware (paid license required)
- Internet connection
To build automatically:
-
- On Linux/OSX run
./build.sh windows2008
to build the Windows box or./build.sh ubuntu1404
to build the Linux box. If /tmp is small, useTMPDIR=/var/tmp ./build.sh ...
to store temporary packer disk images under /var/tmp. - On Windows, open powershell terminal and run
.\build.ps1 windows2008
to build the Windows box or.\build.ps1 ubuntu1404
to build the Linux box. If no option is passed to the script i.e..\build.ps1
, then both the boxes are built.
- On Linux/OSX run
- If both the boxes were successfully built, run
vagrant up
to start both. To start any one VM, you can use:vagrant up ub1404
: to start the Linux boxvagrant up win2k8
: to start the Windows box
- When this process completes, you should be able to open the VM within VirtualBox and login. The default credentials are U:
vagrant
and P:vagrant
.
To build manually:
- Clone this repo and navigate to the main directory.
- Build the base VM image by running
packer build --only=<provider> ./packer/templates/windows_2008_r2.json
where<provider>
is your preferred virtualization platform. Currentlyvirtualbox-iso
,qemu
, andvmware-iso
providers are supported. This will take a while the first time you run it since it has to download the OS installation ISO. - After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command
vagrant box add packer/builds/windows_2008_r2_*_0.1.0.box --name=metasploitable3-win2k8
. - Use
vagrant plugin install vagrant-reload
to install the reload vagrant provisioner if you haven't already. - To start the VM, run the command
vagrant up win2k8
. This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes. - Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.
Videos:
Thanks to Jeremy, you can also follow the steps in these videos to set up Metasploitable3:
https://www.youtube.com/playlist?list=PLZOToVAK85MpnjpcVtNMwmCxMZRFaY6mT
Vulnerabilities
More Information
The wiki has a lot more detail and serves as the main source of documentation. Please check it out.
Acknowledgements
The Windows portion of this project was based off of GitHub user joefitzgerald's packer-windows project. The Packer templates, original Vagrantfile, and installation answer files were used as the base template and built upon for the needs of this project.