Setting up the Lab Environment for Exploiting Metasploitable
Creating a safe and structured lab environment is essential for practicing ethical hacking and vulnerability exploitation. Below, I’ll describe how such an environment is structured to facilitate testing and experimentation.
1. Lab Environment Overview
This lab includes the following virtual machines:
Metasploitable 2: A deliberately vulnerable Linux machine designed for penetration testing practice.
Metasploitable 3: Available in either Windows Server 2008 or Ubuntu 14.04 versions, designed with a wide range of vulnerabilities.
Kali Linux: A penetration testing operating system equipped with numerous tools for ethical hacking.
Optional: Wazuh VM: A Security Information and Event Management (SIEM) tool to monitor logs and alerts from other VMs.
2. Virtual Network Setup and Configuration
These settings can be found on Virtual Box’s settings tab
The following adapters were set up for each virtual machine.
Adapter 1 : NAT
IP: 10.0.2.15 (you can change this on the network adapter settings)
Network Address Translation (NAT) allows for connection to the internet / external network from a virtual machine. The virtual acts much like a real computer that connects to the Internet through a router. The router, in this case, is the Oracle VM VirtualBox networking engine, which maps traffic from and to the virtual machine transparently.
Adapter 2 : Host-only network
Allows communication between virtual machines (e.g kali and ubuntu1404) and for communication between virtual machines and the host machine.
The host only network was also set up in the host machine by adding an IP address with the same subnet mask as the virtual host only network (vboxnet0).
Use the following command to set up connect the host-only network on the host machine (In this case, I was running it on Ubuntu 2404).
An IP address in the 192.168.56.0/24 subnet for the Host-Only adapter, either dynamically assigned or manually configured.
Example IP addresses you can configure for each machine for the vboxnet0 host only network adapter to ensure they are all in the same subnet.
Kali Linux : 192.168.56.102/24Metasploitable (ubuntu1404) : 192.168.56.101/24Metasploitable (win2k8): 192.168.56.105/24
3. Connectivity and Usage
Kali Linux acts as the attacker machine, scanning and exploiting vulnerabilities in Metasploitable machines.
Metasploitable 2 and 3 serve as the targets, with vulnerabilities like open ports, weak passwords, and outdated services.
Wazuh VM monitors logs from the other machines to analyze security events and potential exploits.
4. Testing the Environment
Once the environment is up and running:
Verify network connectivity between each virtual machine and kali linux using
ping.Run this command on the terminal of each virtual machine, using kali linux
<ip addr>. the same command will be run on kali linux using the exploitable machine’s IP address as<ip addr>.ping -c 4 <ip addr>
This command will send 4 packets and whether it will get a response to indicate connectivity. For example, the output when I ping metasploitable 2 from Kali should look something like this.
Note: To check for the ip address of each machine use the following commands on the terminal (Windows Powershell for win2k8)
ip addr show
- We will be using Metasploit to exploit the vulnerabilities in Metasploitable machines.
This lab environment is designed to replicate a controlled and safe network for ethical hacking and vulnerability exploitation. By combining Metasploitable machines with Kali Linux, you can explore various security concepts and practice real-world penetration testing techniques.