Adeptus-Mechanicus

Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one


METASPLOITABLE ON VIRTUALBOX WITH CLI

Having the ability to target a machine without going to jail is a good thing. There are lots of these types of setups available, but one of the more well-known is the 'metasploitable' setup (see here). It is a great way to get to know your way around metasploit and practice some basic methods. More importantly, it is made to be run as a virtual machine. So what I am going to go through now is how to setup a 'attack' machine (kali) and a 'target' machine using virtualbox and the command line (why the command line? well, just because really).

First we need to get virtualbox, if I assume you are using ubuntu or debian, it would be:
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
sudo apt-get update
sudo apt-get install virtualbox-4.2


Then you want to get the extensions setup for the best functionality:
wget http://download.virtualbox.org/virtualbox/4.2.12/Oracle_VM_VirtualBox_Extension_Pack-4.2.12-84980.vbox-extpack

Now we will install it. This is the first use of the VBoxManage command, but not the last. This is the main command we will be using as it is able to do everything the GUI can:
VBoxManage extpack install --replace ./Oracle_VM_VirtualBox_Extension_Pack-4.1.6-74713.vbox-extpack

To start we will register our new virtual machine and setup the RAM and OS type. We also turn on pae to help with systems that expect newer processor features. We will also tell it to boot from the DVD:
VBoxManage createvm --name "kali" --register
VBoxManage modifyvm "kali" --memory 512 --acpi on --boot1 dvd
VBoxManage modifyvm "kali" --ostype Debian
VBoxManage modifyvm "kali" --pae on


Now we want to setup the networking. Virtualbox has a few options, but for these machines I want them to communicate with one another and the host but nothing else. So we do this:
VBoxManage hostonlyif create
VBoxManage hostonlyif ipconfig vboxnet0 -ip 10.10.10.1 -netmask 255.255.255.0
VBoxManage modifyvm "kali" --nic1 hostonly
VBoxManage modifyvm "kali" --hostonlyadapter1 vboxnet0


The first 2 commands above are a once-off, they setup the virtual interface the host will use to communicate with the guests. Now lets setup the storage for our virtual machine:
VBoxManage createhd --filename /virtuals/kali/kali.vdi --size 15000 
VBoxManage storagectl "kali" --name "IDE Controller" --add ide
VBoxManage storageattach "kali" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium /virtuals/kali/kali.vdi
VBoxManage storageattach "kali" --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /virtuals/kali-linux-1.0.2-i386.iso

Now when you start your virtual machine:
VBoxHeadless --startvm "kali" &

It will boot from the DVD and will enable RDP access to itself on port 3389. Once you have finished the install and want to eject the DVD (once the virtual machine is powered down), you can use this:
VBoxManage modifyvm "kali" --dvd none

And of course to shutdown your virtual machine, you can use:
VBoxManage controlvm "kali" poweroff

In your virtual machine you want to setup the networking so that it is using the same setup as your host-only virtual interface, and since 'kali' is a debian derivative, we need to edit the /etc/network/interfaces file and add this:
auto eth0
iface eth0 inet static
address 10.10.10.10
netmask 255.255.255.0
gateway 10.10.10.1


Now when the virtual machine restarts or you rerun the networking scripts, your eth0 will be setup to communicate with the host and any other host-only virtual machines. So this gives us our 'attack' machine, lets get our 'target' machine setup. When you download 'metasploitable' (here), you get a zip file that contains a vmware virtual machine. Now using the GUI to use/convert this file is easy, but we are using the command line. So we will use the qemu tools to convert it into a format virtualbox can convert:
apt-get install qemu
qemu-img convert ./Metasploitable2-Linux/Metasploitable.vmdk ./msfable.bin
VBoxManage convertdd ./msfable.bin ./msfable/msfable.vdi


Now we are going to use the same steps as above to create our new 'target' virtual machine:
VBoxManage createvm --name "msfable" --register
VBoxManage modifyvm "msfable" --memory 512 --acpi on
VBoxManage modifyvm "msfable" --pae on
VBoxManage modifyvm "msfable" --nic1 hostonly
VBoxManage modifyvm "msfable" --hostonlyadapter1 vboxnet0
VBoxManage storagectl "msfable" --name "IDE Controller" --add ide
VBoxManage storageattach "msfable" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium /virtuals/msfable/msfable.vdi


And the startup and shutdown uses the sames commands as above:
VBoxHeadless --startvm "msfable" &
VBoxManage controlvm "msfable" poweroff

One new thing though, if you start the machine up now, you will get an error because the first virtual machine is already listening on port 3389. So we need to change the port our second virtual machine listens on:
VBoxManage modifyvm "msfable" --vrdeport 3390

Now when we startup we can access the 'target' virtual machine's RDP access on port 3390. Once the 'metasploitable' virtual machine starts up, we will need to login as msfadmin/msfadmin and setup the networking. Since 'metasploitable' is also a debian derivative, we can edit /etc/network/interfaces:
auto eth0
iface eth0 inet static
address 10.10.10.20
netmask 255.255.255.0
gateway 10.10.10.1

After all is done, we have two virtual machines, each accessible via RDP (for remote RDP access, ssh onto the host and port forward the RDP ports) - one 'attack' virtual machine on 10.10.10.10 using 'kali' and one 'target' virtual machine using 'metasploitable' on 10.10.10.20. Give it a go and have fun.