Before we learn how to use Metasploit, we need to ensure our setup will meet or exceed the following system requirements. Preparing your Metasploit Lab Environment will help eliminate many problems before they arise later in this document. We suggest using a Virtual Machine (aka Hypervisor) capable system to host your labs.
All values listed are estimated or recommended. You can get away with less although performance will suffer.
You will need to have at minimum 10 gigabytes of Storage space. Since we are using virtual machines with large file sizes this means we can not use a FAT32 partition since it does not support large files. Choose NTFS, ext3 or some other format. The recommended amount of space needed is 30 gigabytes.
If you decided to produce clones or snapshots as you progress through this course, these will also take up valuable space on your system. Be vigilant and do not be afraid to reclaim space as needed.
Without supplying enough memory to your HOST and GUEST operating systems you will eventually cause system failure. You are going to require RAM for your host OS as well as the equivalent amount of RAM that you are dedicating for each virtual machine. Use the guide below to aid you in deciding the amount of RAM needed for your situation.
Linux "HOST" Minimal Memory Requirement's 1GB of system memory (RAM) Realistically 2GB or more Kali "GUEST" Minimal Memory Requirement's At least 512 megabytes (MB) of RAM (1GB is recommended) // more never hurts! Realistically 1GB or more with a SWAP file of equal value Metasploitable "GUEST" Minimal Memory Requirement's At least 256 megabytes (MB) of RAM (512MB is recommended) // more never hurts! (Optional) Per Windows "GUEST" Minimal Memory Requirement's At least 256 megabytes (MB) of RAM (1GB is recommended) // more never hurts! Realistically 1GB or more with a SWAP file of equal value
Processor Speed is always a problem with dated hardware although old hardware can be utilized in other fashions to serve a better purpose. The bare-minimum requirement for VMware Player is a 400MHz or faster processor (500MHz recommended). The more horsepower you can throw at it, of course, the better.
This can be solved with a cat5 cable from your router/switch/hub. If there is no DHCP server on your network you will have to assign static IP addresses to your GUEST VM’s. A wireless network connection can work just as well as an Ethernet cable, however, the signal degradation over distance, through objects, and structures will severely limit your connectivity.
There are a few software requirements necessary before diving into the metasploit framework. We will need to have both an attacking machine (Kali Linux) and a victim machine (metasploitable 2) as well as a hypervisor to run both in a safe, secluded network environment.
Our recommended hypervisor for the best out-of-the-box compatibility with Kali and metasploitable is VMware Player. While VMware Player is “free”, you will have to register for the downloads. However, the virtualization applications and appliances are well worth the registration if you’re not already a current member. You may also use VMware Workstation or VMware Fusion but these are not free alternatives.
Kali Linux is an advanced Penetration Testing and Security Auditing Linux distribution that will be used throughout this guide. Kali comes with metasploit already available along with numerous other security tools that you can try out against your victim machine. You can download the latest version of Kali at:
Once you have downloaded Kali, you can update to the latest version of metasploit that is available in the repos by issuing the “apt-get update && apt-get upgrade” command.
One of the problems you encounter when learning how to use an exploitation framework is trying to configure targets to scan and attack. Luckily, the Metasploit team is aware of this and released a vulnerable VMware virtual machine called ‘Metasploitable’.
Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox. You can download the image file of Metasploitable 2 from sourceforge.
Never expose this VM to an untrusted network, use NAT or Host-only mode!
Once you have downloaded the VM, extract the zip file, open up the vmx file using your VMware product of choice and power it on. After a brief time, the system will be booted and ready for action. The default login and password is msfadmin:msfadmin.
For more information on the VM configuration, there is a blog post here: Metasploitable 2 Exploitability Guide
But beware…there are spoilers in it.
To contact the developers of Metasploit, please send email to msfdev [a] metasploit [period] com
Once you have met the above system requirements you should have no trouble running any tutorials from the Metasploit Unleashed course.