Posted on 5 Comments

Hacking Metasploitable : Information Gathering

This howto is part of  a  series called  Hacking Metasploitable.  So it would be good if you follow this as part of that series. Today we will see scanning and banner grabbing of Metasploitable. Scanning is the second stage of hacking where we gather more information about our target. Imagine a scenario where we got the IP address range  of our target and we want to check how many live systems are there. This is network scanning. There are many tools in our attacker system but we will use Zenmap.  Open a terminal and type command “zenmap”. It would open a GUI tool as shown below. Give the IP address range as shown below. (192.168.25.100-130, it may differ for you ) and select “ping scan” . Then click on “scan”. It will show all the live systems. In our case, only Metasploitable.

Now let’s do port scanning of the live system. Now in target field, specify only the IP address of Metasploitable. In Profile, select “slow and comprehensive scan” and click on “scan”. It will show all the open ports as shown below.

But there is another tool which is widely used for port scanning. Enter nmap. Nmap is a versatile port scanner. (Zenmap is the GUI version of Nmap). The default way to use Nmap is shown below. It would list all the open ports.

Next we will see how to grab banners.  Banners display information about  the type of service running at the open ports of our target. This can reveal some important information about our target which can be used for hacking. The Nmap command for banner grabbing  and its results are shown below. We got a lot of banners.

Next we will use Nmap to find out the operating system of our target. The command is given below.

The OS details are given below.

There is another way of grabbing banners. It is telnetting to each port as shown below. The results can also be seen.

That’s all in Hacking Metasploitable : information Gathering stage.

Posted on 27 Comments

Create Virtual pentesting Lab in VirtualBox

Hello aspiring hackers. In this howto you will see how to create virtual pentesting lab in Virtualbox.  Sometime back, I wrote an article on how to set up a virtual penetration testing lab using Vmware Workstation. But Vmware Workstation is a commercial product.

Today I am going to show you how to create a pen test lab in VirtualBox absolutely free of cost. I hope this tutorial will be helpful for many beginners into cyber security domain.

What do we need?

1. Oracle VirtualBox. (Download)

2. Kali Linux. (Download)

3. Metasploitable 2. (Download)

Oracle VirtualBox is the virtualization software we will be using to create our lab. We will be using Kali Linux as the attacker machine and Metasploitable 2 as the victim machine. Install Kali Linux and Metasploitable 2 in VirtualBox.

See how to install Kali Linux in VirtualBox.

See how to install Metasploitable in VirtualBox.

Select Kali Linux, Go to settings > network. Enable “network adapter 1″. Set the “Attached to” option to “internal network”. Set the name of the network adapter to “intnet”. Click on “OK” to save the settings.

Do the same for Metasploitable virtual machine.

Power on the metasploitable VM. Log into the system. Default username and password are “msfadmin”.

Type the command “ifconfig” to see the IP addresses of interfaces.

The ‘lo’ interface is the loopback. Now we are going to set the IP address on the interface “eth0”. Type the command “sudo ifconfig eth0 10.10.10.2 netmask 255.0.0.0 up”. The sudo password is “msfadmin. Verify that the IP address is set by typing command “ifconfig”.

Power on Kali Linux. In the terminal, type command “ifconfig eth0 10.10.10.1 netmask 255.0.0.0 up”. Verify if the IP address is set by typing command “ifconfig”.

Test whether this system can communicate with victim system by pinging the victim machine as shown below.

The connection is successful. Our virtual pentesting lab is ready. Happy practicing.

Posted on 8 Comments

Installing Metasploitable in VirtualBox

In this howto, you will installing metasploitable in VirtualBox. What is Metasploitable? Learning penetration testing or ethical hacking requires practical knowledge and good practice needs a vulnerable target. That is where Metasploitable comes into picture. It is an intentionally vulnerable operating system made by the makers of Metasploit themselves so that aspiring ethical hackers can practice and hone their hacking skills. As its name conveys Metasploitable is loaded with vulnerabilities that can be exploited with Metasploit modules. 

This virtual machine can be used to conduct security training, test security tools, and practice common penetration testing techniques.  For this i am going to use Metasploitable 2 which can be downloaded from here. After downloading the zip archive, extract the files into a folder. The file contents look like below.

Open VirtualBox and click on “New Virtual machine wizard”. Type the name of your choice. I am using ‘Metasploitable-2‘. Choose ‘Type’ as Linux and ‘version’ as Ubuntu. Click on “Next”.

Choose the memory size appropriate to the availability of RAM on your host machine although 512MB is more than enough. Click on “Next”.

In the hard drive creation window, select option “Use an existing virtual hard drive”, browse to the folder where we have extracted our zip files and select the ‘vmdk’ file available. Click on “Create”.

Then you are automatically booted into the metasploitable OS. The default username and password are “msfadmin”.


With this we successfully finished installing Metasploitable in Virtualbox. See how to create a penetration testing lab.