- Mastering Metasploit
- Nipun Jaswal
- 605字
- 2021-06-25 21:35:46
Setting up Kali Linux in a virtual environment
Before using Metasploit, we need to have a test lab. The best idea for setting up a test lab is to gather different machines and install different operating systems on them. However, if we only have a single device, the best idea is to set up a virtual environment.
Virtualization plays an essential role in penetration testing today. Due to the high cost of hardware, virtualization plays a cost-effective role in penetration testing. Emulating different operating systems under the host operating system not only saves you money but also cuts down on electricity and space. However, setting up a virtual penetration test lab prevents any modifications on the actual host system and allows us to perform operations in an isolated environment. A virtual network enables network exploitation to run in an isolated network, thus preventing any modifications or the use of network hardware of the host system.
Moreover, the snapshot feature of virtualization helps preserve the state of the virtual machine at a particular point in time. This feature proves to be very helpful, as we can compare or reload a previous state of the operating system while testing a virtual environment without reinstalling the entire software in case the files are modified after attack simulation.
Virtualization expects the host system to have enough hardware resources, such as RAM, processing capabilities, drive space, and so on, to run smoothly.
For more information on snapshots, refer to: https://www.virtualbox.org/manual/ch01.html#snapshots.
So, let's see how we can create a virtual environment with the Kali operating system (the most favored operating system for penetration testing, which contains the Metasploit framework by default).
You can always download pre-built VMware and VirtualBox images for Kali Linux here: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/.
To create a virtual environment, we need virtual machine software. We can use any one of two of the most popular ones: VirtualBox and VMware Workstation Player. So, let's begin with the installation by performing the following steps:
- Download VMware Workstation Player (https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/14_0) and set it up for your machine's architecture.
- Run the setup and finalize the installation.
- Download the latest Kali VM Image (https://images.offensive-security.com/virtual-images/kali-linux-2017.3-vm-amd64.ova)
- Run the VM Player program, as shown in the following screenshot:
- Next, go to the Player tab and choose File | Open.
- Browse to the extracted *.ova file for Kali Linux and click Open. We will be presented with the following screen:
- Choose any name and select a storage path (I prefer creating a separate folder on a drive with maximum available space) and click on Import.
- The import may take a little time. Be patient and listen to your favorite music in the meantime.
- After a successful import, we can see the newly added virtual machine in the list of virtual machines, as shown in the following screenshot:
- Next, we just need to start the operating system. The good news is that the pre-installed VMware Image of Kali Linux is shipped along with VMware Tools which makes features such as drag and drop, mounting shared folders, and so on to be available on the fly.
- The default credentials for Kali Linux are root:toor, where the root is the username and toor, is the password.
- Let's quickly open a Terminal and initialize and start the Metasploit database, as shown in the following screenshot:
- Let's begin the Metasploit framework by issuing the msfconsole command, as we can see in the following screenshot:
For the complete persistent install guide on Kali Linux, refer to: https://docs.kali.org/category/installation.
To install Metasploit through the command line in Linux, refer to: http://www.darkoperator.com/installing-metasploit-in-ubunt/.
To install Metasploit on Windows, refer to an excellent guide here: https://www.packtpub.com/mapt/book/networking_and_servers/9781788295970/2/ch02lvl1sec20/installing-metasploit-on-windows.