Install Metasploitable 3 – Vulnerable Target Computer

Metasploitable 3 is a ready made practice target for penetration testing. Vagrant installation takes just minutes.
Don’t run these programs on machines that have national secrets. In fact, don’t put it in your production network, as it’s obviously quite vulnerable. And no, I don’t know what’s in the binaries.
This article has not been tested with a blank computer yet, commands are written from memory.

Prerequisites

Running on Ubuntu 18.04

$ sudo apt-get -y install virtualbox vagrant curl

Create Vagrantfile

$ mkdir metas/ && cd metas/
$ nano Vagrantfile
## Vagrantfile
## http://terokarvinen.com/2018/install-metasploitable-3-vulnerable-target-computer
 Vagrant.configure("2") do |config|
   config.vm.box = "rapid7/metasploitable3-ub1404"
   config.vm.network "forwarded_port", guest: 80, host: 8080
end

Start the Virtual Machine

$ vagrant up

It might throw some errors about SSH authentication. You can CTRL-C those. In case you have to log in, it’s vagrant:vagrant.

$ curl http://localhost:8080

And you can see a web page from Metasploitable 3.
Now open Firefox and browse to http://localhost:8080.

Welcome to Metasploitable! Try out the payroll_app.php.

The words “SQL injection” somehow pop into my mind.
Be careful. Double check IP addresses. Only test with targets that you know are legal, such as this Metasploitable 3 running on your own computer. Disconnect your computer from the Internet if necessary. Don’t do it if you can’t do it safely. Happy hacking!

Adminstrivia

Tested on Xubuntu 18.04.1 LTS amd64.
Updated multiple times: Added some warnings, tips and screenshots. Fixed some text.

Posted in Uncategorized | Tagged , , , , , | 1 Comment

One Response to Install Metasploitable 3 – Vulnerable Target Computer

  1. Tommi Timonen says:

    Jos Vagrant rupee kettuilemaan ja antaa virheen: /usr/lib/ruby/vendor_ruby/vagrant/action/builtin/box_add.rb:361:in `box_add’: undefined method `name’ for nil:NilClass (NoMethodError)
    Niin tuohon auttaa uudemman Vagrant version asentaminen suoraan Vagrantin sivuilta.
    Itse ainakin sain vanhemman version 1.8.1 jakelun kautta jolla ei toiminut, mutta uudempi 2.1.2 versiolla lähti toimimaan.