官术网_书友最值得收藏!

Installing a vulnerable server

In this section, we will install a vulnerable virtual machine as a target virtual machine. This target will be used in several chapters of the book, when we explain particular topics. The reason we chose to set up a vulnerable server in our machine instead of using vulnerable servers available on the Internet is because we don't want you to break any laws. We should emphasize that you should never pen test other servers without written permission. Another purpose of installing another virtual machine would be to improve your skills in a controlled manner. This way, it is easy to fix issues and understand what is going on in the target machine when attacks do not work.

In several countries, even port scanning a machine that you don't own can be considered a criminal act. Also, if something happens to the operating system using a virtual machine, we can repair it easily.

The vulnerable virtual machine that we are going to use is Metasploitable 2. The famous HD Moore of Rapid7 creates this vulnerable system.

Note

There are other deliberately vulnerable systems besides Metasploitable 2 that you can use for your penetration testing learning process, as can be seen on the following site: http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/.

Metasploitable 2 has many vulnerabilities in the operating system, network, and web application layers.

Note

Information about the vulnerabilities contained in Metasploitable 2 can be found on the Rapid7 site at https://community.rapid7.com/docs/DOC-1875.

To install Metasploitable 2 in Virtual Box, you can perform the following steps:

  1. Download the Metasploitable 2 file from http://sourceforge.net/projects/metasploitable/files/Metasploitable2/.
  2. Extract the Metasploitable 2 ZIP file. After the extraction process is completed successfully, you will find five files:
    Metasploitable.nvram
    Metasploitable.vmdk
    Metasploitable.vmsd
    Metasploitable.vmx
    Metasploitable.vmxf
  3. Create a new virtual machine in VirtualBox. Set Name to Metasploitable2, operating system to Linux, and Version to Ubuntu.
  4. Set the memory to 1024MB.
  5. In the Virtual Hard Disk setting, select Use existing hard disk. Choose the Metasploitable files that we have already extracted in the previous step:
  6. Change the network setting to Host-only adapter to make sure that this server is accessible only from the host machine and the Kali Linux virtual machine. The Kali Linux virtual machine's network setting should also be set to Host-only adapter for pen-testing local VMs.
  7. Start the Metasploitable 2 virtual machine. After the boot process is finished, you can log in to the Metasploitable 2 console using the following credentials:
    • Username: msfadmin
    • Password: msfadmin

The following is the Metasploitable 2 console after you have logged in successfully:

主站蜘蛛池模板: 腾冲县| 绍兴县| 长春市| 安阳市| 和顺县| 施甸县| 清水河县| 靖安县| 平和县| 宁城县| 蕲春县| 临湘市| 潢川县| 南安市| 漠河县| 青州市| 上蔡县| 高州市| 会宁县| 沙湾县| 伊宁县| 西华县| 望奎县| 会宁县| 宿松县| 河西区| 平山县| 塔城市| 文成县| 公主岭市| 民丰县| 呼图壁县| 广宁县| 开江县| 霸州市| 东方市| 志丹县| 循化| 石柱| 邛崃市| 吉林省|