Installing Metasploitable 3 for Windows 10
When tasked with the installation of Metasploitable 3, unlike its predecessor, Metasploitable 2, users will be met, not with an .iso file, prebuilt VMware or VBox file, but with a Github repository containing all the files needed to build the virtual environment themselves.
Metasploitable 3 is different from its predecessor, especially, in that this new method of installation allows users to build and update machines far easier than before. The vulnerable machine can also be deployed on different OS’s including Windows Server or a Linux distro, such as, Ubuntu.
While there are many tutorials walking users through the installation of Metasploitable 3, I found that the installation required a minor amount of tweaking to be successful.
System Requirments for Installing Metasploitable 3 for Windows 10:
Metasploitable 3
Packer
Vagrant
Vagrant Reload Plugin
VirtualBox
A Note:
I spent a fair amount of time attempting to get Metasploitable 3 working with my preferred virtual machine, VMware. While the official instructions do state that Metasploitable 3 is compatible with VMware, they do no, however, let you know that you have to purchase an $80 plugin from Vagrant for VMware integration.
So for the purpose of this tutorial, we will be focusing on VirtualBox exclusively.
First, ensure that you have downloaded the requisites above.
You should be able to access both the ‘packer’ and ‘vagrant’ commands within Powershell or CMD shell from any location. If you cannot do this, you need to add each of the specific home directories of these commands into your environment variable path.
If you are unfamiliar as to how this is done, a great walkthrough can be found here.
Build Metasploitable 3 Automatically
You should first attempt to build Metasploitable 3 automatically. If you are lucky (as I was not) you will not encounter any errors, and your installation of M3 will be simple and straightforward.
1. After cloning or downloading the Metasploitable 3 master repository, change directory to the M3 master directory from within Powershell.
Unless you want to start VirtualBox as an administer every time you power up Metasploitable 3, ensure that this installation is done WITHOUT administrative powershell privileges!
2. Execute the ‘./build.ps1 windows2008’ executable.
PS C:\Users\<user>\...\metasploitable3-master> .\build.ps1 windows2008
If you’re lucky, you should glide through the rest of the installation without a hitch.
- If you run into an execution policy error, you must redefine Powershell’s SetExecution policy before running ‘.\build.ps1 windows2008’.
SetExecution is designed as a safe-guard preventing malicious scripts from being executed on the host. It is important that after making any changes to the policy that you reinstate the hardened state prior by substituting ‘Undefined’ for either ‘AllSigned’ or ‘RemoteSigned’.
I occasionally get errors when pasting commands into Powershell, so if the command below does not work, manually enter it.
PS C:\> Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Undefined
3. We need to bring our machine up. By executing ‘vagrant up win2k8‘, vagrant will setup our virtual environment by running the installation and configuration scripts necessary. This can take approximately 10 minutes.
PS C:\Users\<user>\Virtual Machines\metasploitable3-master> vagrant up win2k8
4. When the process completes, you can open up Virtualbox and log into the Metasploitable 3 machine.
Log-in using: Username: vagrant Password: vagrant
Build Metasploitable 3 Manually
Now, if you’re unlucky installing M3 automatically, as I was, the next step is to move on to manual installation.
1. From within the Metasploitable 3 Master directory, execute:
PS C:\Users\<user>\Virtual Machines\metasploitable3-master\metasploitable3-master> packer build --only=virtualbox-iso .\packer\template s\windows_2008_r2.json
Packer will begin downloading the Windows Server 2008 r2 template for which to build Metasploitable 3 upon. Depending on your internet connection, this may take some time.
Upon completion of the download, VirtualBox will boot and the installation of Windows Server 2008 will begin. It will reboot a number of times as Packer begins to build the components of Metasploitable 3 around the Windows OS. There is no need to login at this time; just allow the installation in Powershell to continue. This process took me approximately 45 minutes.
2. Next, we need to add the built box to Vagrant.
PS C:\Users\<user>\Virtual Machines\metasploitable3-master> vagrant box add packer/builds/windows_2008_r2_*_0.1. 0.box --name=metasploitable3-win2k8
The process should take a couple of minutes.
3. Here, we now need to install the Vagrant-reload plugin for Vagrant.
PS C:\Users\<user>\Virtual Machines\metasploitable3-master> vagrant plugin install vagrant-reload
4. We are nearly done. We need to bring our machine up. By executing ‘vagrant up‘, vagrant will setup our virtual environment by running the installation and configuration scripts necessary. This can take approximately 10 minutes.
PS C:\Users\<user>\Virtual Machines\metasploitable3-master> vagrant up win2k8
5. When the process completes, you can open up Virtualbox and log into the Metasploitable 3 machine.
Log-in using: Username: vagrant Password: vagrant
For this to work on the newest version of VirtualBox you’ll have to install the Oracle VM VirtualBox Extension Pack (free on their website) preferably before running ‘vagrant up’