Scribd
Upload
1K views

Tutorial To Setup A Metasploitable and Kali Linux

This document provides instructions for setting up a penetration testing lab using Kali Linux and Metasploitable 2.0 virtual machines. It details how to install VirtualBox, create the Kali and Metasploitable VMs, configure their network settings, find their IP addresses, test connectivity between the VMs, and verify isolation from external networks. The goal is to configure an isolated virtual testing environment that allows penetration testing techniques to be practiced safely without accessing external systems.

Uploaded by

scavenger7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views

Tutorial To Setup A Metasploitable and Kali Linux

This document provides instructions for setting up a penetration testing lab using Kali Linux and Metasploitable 2.0 virtual machines. It details how to install VirtualBox, create the Kali and Metasploitable VMs, configure their network settings, find their IP addresses, test connectivity between the VMs, and verify isolation from external networks. The goal is to configure an isolated virtual testing environment that allows penetration testing techniques to be practiced safely without accessing external systems.

Uploaded by

scavenger7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

By Carlos Villegas

Setting Up a Pentest lab Kali Linux & Metasploitable

3/17/2015

Table of Contents
1.

Install VirtualBox host for your operating system

2.

Create/Setup Kali Virtual Machine (VM)

3.

Create/Setup Metasploitable 2.0 Virtual Machine (VM)

4.

Find the IPv4 address for your Metasploitable 2.0 Virtual Machine (VM)

5.

Find the IPv4 address for your Kali Virtual Machine (VM)

6.

Test communication from the Kali VM to the Metasploitable VM

7.

Test communication from the Metasploitable 2.0 VM to the Kali VM

8.

Verify that neither VM can communicate with the outside

By Carlos Villegas

Setting Up a Pentest lab Kali Linux & Metasploitable

3/17/2015

1. Install VirtualBox host for your operating system


a. Download VirtualBox at https://www.virtualbox.org/wiki/Downloads

b. Update VirtualBox on a regular basis (at least every week). I cant stress how
important updating it is. Sometimes malware (viruses, worms escape
virtualization sandboxes, in this case VirtualBox, via a vulnerability which
eventually gets patched-up. You only get those patches if you update
VirtualBox as shown below:

By Carlos Villegas

Setting Up a Pentest lab Kali Linux & Metasploitable

3/17/2015

2. Create/Setup Kali Virtual Machine (VM)


a. Download Kali at https://www.kali.org/downloads/
b. Configure VM to have Host-only Network Adapter and Promiscuous Mode
Allow All

By Carlos Villegas

Setting Up a Pentest lab Kali Linux & Metasploitable

3/17/2015

3. Create/Setup Metasploitable 2.0 Virtual Machine (VM)


a. Video tutorial on how to install Metasploitable 2.0 in VirtualBox:
https://youtu.be/e0vpBKRZPGc
b. Download Metasploitable at
http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
c. Configure VM to have Host-only Network Adapter and Promiscuous Mode
Allow All

By Carlos Villegas

Setting Up a Pentest lab Kali Linux & Metasploitable

3/17/2015

4. Find the IPv4 address for your Metasploitable 2.0 Virtual Machine (VM)
a. Login to your Metasploitable 2.0 VM
i. Username: msfadmin
ii. Password: msfadmin
b. You will see the following screen once you have successfully logged in. If you
dont, please try to login again.

c. Run the following piped one-line command in the Metasploitable 2.0 terminal
to extract the IPv4 address of your Metasploitable 2.0 VM:
ifconfig | sed -n 2p | cut -d ":" -f2 | cut -d " " -f1

d. The IPv4 address for your Metasploitable 2.0 VM. For this example, it is
identified below with a red arrow; yours may be different and thats OK.

e. Write the IPv4 address for your Metasploitable 2.0 VM:

192.168.____.____
5

By Carlos Villegas

Setting Up a Pentest lab Kali Linux & Metasploitable

3/17/2015

5. Find the IPv4 address for your Kali Virtual Machine (VM)
a. Login to your Kali VM
i. Username: root
ii. Password is whatever you chose when you installed your Kali VM
b. Once you are successfully logged-in to Kali, start a terminal command line by
clicking the icon pointed by the red arrow below

c. Run the following piped one-line command in the Kali terminal to extract the
IPv4 address of your Kali VM:
ifconfig | sed -n 2p | cut -d ":" -f2 | cut -d " " -f1

d. The IPv4 address for your Kali VM. For this example, it is identified below
with a red arrow; yours may be different and thats OK.

e. Write the IPv4 address for your Kali VM:

192.168.____.____
6

By Carlos Villegas

Setting Up a Pentest lab Kali Linux & Metasploitable

3/17/2015

6. Test communication from the Kali VM to the Metasploitable VM


a. Lets use the ping command to see if your Kali VM can see and communicate
with your Metasploitable 2.0 VM. Verify that 0% packets are lost when the
following command is ran from your Kali VM. If you have packet loss, try the
command again. If you continue to have packet losses, something is wrong and
needs to be trouble-shooted. Ask someone to assist you.
ping c 3 <IPv4 of your Metasploitable 2.0 VM>

By Carlos Villegas

Setting Up a Pentest lab Kali Linux & Metasploitable

3/17/2015

7. Test communication from the Metasploitable 2.0 VM to the Kali VM


a. Lets use the ping command to see if your Metasploitable 2.0 VM can see and
communicate with your Kali VM. Verify that 0% packets are lost when the
following command is ran from your Metasploitable 2.0 VM. If you have
packet loss, try the command again. If you continue to have packet losses,
something is wrong and needs to be trouble-shooted. Ask someone to assist
you.
ping c 3 <IPv4 of your Kali VM>

By Carlos Villegas

Setting Up a Pentest lab Kali Linux & Metasploitable

3/17/2015

8. Verify that neither VM can communicate with the outside


a. It is extremely important not to actively reach-out to any device on another
network (i.e. internet) that is not your own unless you have permissions.
b. For example, in this tutorial we are going to use the nmap command on a
machine that is yours (i.e. your Metasploitable 2.0 VM). Because that machine
is yours, you can do whatever you want to it.
c. You always want to set your network adapter to Host-only, as we did in
previous steps, unless:
i. you are in a competition where they give you the right to actively scan
and practice offensive cyber techniques
ii. you own the equipment
iii. you have explicit permission to scan and hack the device(s)
d. Run the following command from your Kali VM and verify the Network is
unreachable:
ping c 3 8.8.8.8

e. Run the following command from your Metasploitable 2.0 VM and verify the
Network is unreachable:
ping c 3 8.8.8.8

You might also like