Metasploitable3 is a free virtual machine that allows you to simulate cyber attacks in a safe environment. It is developed by Rapid7. You can use Metasploitable3 to teach yourself how to use Metasploit to exploit common system vulnerabilities.
Metasploitable3 is actually two(2) vulnerable virtual machines. It includes a Linux system and a Windows system. Sounds complex but if you already have Vagrant and VirtualBox in your machine you can easily setup both machines with four(4) steps.
mkdir metasploitable– make directory for virtual machine
cd metasploitable– move into directory
wget https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile– download Vagrantfile for Metasploitable3
vagrant up– setup and start virtual machines
vagrant up command will take a while depending on your internet speeds. The virtual machines should also take a considerable amount of your memory.
It’s also important to note that the virtual machines use 2GB of RAM each by default. If you are limited in terms of memory resources you can switch one off.
vagrant halt ub1404– shutdown the Ubuntu VM (Virtual Machine)
vagrant halt win2k8– shutdown the Windows VM
You can also change a line in the Vagrantfile to make each machine use 1GB of RAM:
v.memory=1024 under provider settings. However, if you have already setup the machines you can always change that on the VirtualBox app window.
With that you have two (2) virtual machines that you can practise vulnerability assessment and penetration testing on. For more information on how you can customize the virtual machines visit the GitHub repo.