1
00:00:00,960 --> 00:00:01,920
Instructor: Remember I told you

2
00:00:01,920 --> 00:00:05,910
that we must have a vulnerable machines that we can scan

3
00:00:05,910 --> 00:00:08,640
and before we actually proceed to performing

4
00:00:08,640 --> 00:00:11,670
scanning and covering different tools that we will use,

5
00:00:11,670 --> 00:00:15,210
let us first see where we can get a vulnerable machine

6
00:00:15,210 --> 00:00:16,953
and how we can install it.

7
00:00:18,060 --> 00:00:20,460
And trust me, it is pretty easy.

8
00:00:20,460 --> 00:00:23,010
So just type "top 10 vulnerable machines"

9
00:00:23,010 --> 00:00:25,687
and you will see this rapid7 link that says

10
00:00:25,687 --> 00:00:29,340
"10 places to find vulnerable machines for your lab".

11
00:00:29,340 --> 00:00:32,610
Click on that link and down here

12
00:00:32,610 --> 00:00:34,500
if I scroll all the way down,

13
00:00:34,500 --> 00:00:38,370
I should see a list of 10 different vulnerable machines

14
00:00:38,370 --> 00:00:41,403
that we can use as a hacker to practice our skills.

15
00:00:42,360 --> 00:00:45,030
And for this section we are going to be going

16
00:00:45,030 --> 00:00:46,740
with the first one.

17
00:00:46,740 --> 00:00:49,590
So the name of it is "Metasploitable".

18
00:00:49,590 --> 00:00:52,020
Click on it and it will route you

19
00:00:52,020 --> 00:00:54,540
to another page of Rapid7 website

20
00:00:54,540 --> 00:00:55,447
and it will tell you,

21
00:00:55,447 --> 00:00:57,867
"Metasploitable Virtual Machine to Test".

22
00:00:58,710 --> 00:01:01,050
You can read through this if you want

23
00:01:01,050 --> 00:01:02,790
as it tells you some of the information

24
00:01:02,790 --> 00:01:04,890
about the metasploitable,

25
00:01:04,890 --> 00:01:07,530
but what's the most important part is down here.

26
00:01:07,530 --> 00:01:09,360
In order to download this machine

27
00:01:09,360 --> 00:01:12,420
you must fill in this information.

28
00:01:12,420 --> 00:01:13,320
Now it is up to you

29
00:01:13,320 --> 00:01:16,230
what information you will fill right here,

30
00:01:16,230 --> 00:01:18,030
but as soon as you fill all of this

31
00:01:18,030 --> 00:01:19,380
you can click on submit

32
00:01:19,380 --> 00:01:20,760
and it will lead you to a page

33
00:01:20,760 --> 00:01:23,370
where you can download metasploitable.

34
00:01:23,370 --> 00:01:27,000
Up here, it tells us that metasploitable is free to use

35
00:01:27,000 --> 00:01:29,880
after we fill out the form.

36
00:01:29,880 --> 00:01:31,830
So this is something that you must do,

37
00:01:31,830 --> 00:01:35,100
in order to download it from the official website.

38
00:01:35,100 --> 00:01:37,110
And after you finish downloading it,

39
00:01:37,110 --> 00:01:39,090
you should finish up with a file

40
00:01:39,090 --> 00:01:40,710
that looks something like this.

41
00:01:40,710 --> 00:01:43,470
So metasploitable linux.zip.

42
00:01:43,470 --> 00:01:45,270
You want to extract this file.

43
00:01:45,270 --> 00:01:47,700
As you can see, I have already extracted it

44
00:01:47,700 --> 00:01:51,210
and you should see these files right here.

45
00:01:51,210 --> 00:01:55,290
This vmdk file is our hard disc that we're going to use

46
00:01:55,290 --> 00:01:56,760
in a virtual machine.

47
00:01:56,760 --> 00:01:58,533
So let's see how we can install it.

48
00:01:59,460 --> 00:02:01,150
Go open up your virtualbox

49
00:02:02,130 --> 00:02:05,370
and we want to be creating a new virtual machine.

50
00:02:05,370 --> 00:02:06,870
We already know how to do that.

51
00:02:06,870 --> 00:02:09,509
Click on this new button right here

52
00:02:09,509 --> 00:02:12,030
and it'll ask us for the name of virtual machine

53
00:02:12,030 --> 00:02:13,353
and the operating system.

54
00:02:14,190 --> 00:02:15,107
You can name it anything you want.

55
00:02:15,107 --> 00:02:17,383
I will just name it "Metasploitable 2".

56
00:02:19,920 --> 00:02:21,540
And the reason why I'm naming it "2" is

57
00:02:21,540 --> 00:02:23,610
because I already have it installed right here,

58
00:02:23,610 --> 00:02:25,503
so the names differ.

59
00:02:26,460 --> 00:02:27,870
In the type of operating system,

60
00:02:27,870 --> 00:02:29,820
you want to select "Linux"

61
00:02:29,820 --> 00:02:31,740
and in the version of operating system

62
00:02:31,740 --> 00:02:33,570
you want to scroll all the way down

63
00:02:33,570 --> 00:02:35,540
and select "Other Linux (64-bit)".

64
00:02:36,690 --> 00:02:39,990
Once you got these settings ready, click on "Next".

65
00:02:39,990 --> 00:02:41,880
And this is what they talked about.

66
00:02:41,880 --> 00:02:44,550
These virtual machines will use very little

67
00:02:44,550 --> 00:02:47,520
hardware resources from your physical machine.

68
00:02:47,520 --> 00:02:50,580
That's why for this virtual machine, for the metasploitable

69
00:02:50,580 --> 00:02:54,060
we can leave 512 megabytes of ram.

70
00:02:54,060 --> 00:02:56,850
It is more than enough for this machine to run.

71
00:02:56,850 --> 00:02:58,680
It will even work if you lower

72
00:02:58,680 --> 00:03:03,680
it to 256 megabytes of ram, but 512 is recommended.

73
00:03:04,260 --> 00:03:06,450
So let us leave it on 512.

74
00:03:06,450 --> 00:03:09,000
And if you don't have this much RAM to use

75
00:03:09,000 --> 00:03:13,800
you can leave it on 256, then proceed "Next"

76
00:03:13,800 --> 00:03:14,910
and in this step

77
00:03:14,910 --> 00:03:17,280
instead of creating a virtual hard disc now,

78
00:03:17,280 --> 00:03:20,283
we want to use an existing virtual hard disc.

79
00:03:21,360 --> 00:03:23,130
Once you select this option,

80
00:03:23,130 --> 00:03:26,883
click on this icon right here and click on add.

81
00:03:27,750 --> 00:03:30,150
Then find your virtual hard disc,

82
00:03:30,150 --> 00:03:32,460
wherever you got metasploitable downloaded.

83
00:03:32,460 --> 00:03:36,120
For example, I got it on my desktop right here.

84
00:03:36,120 --> 00:03:36,953
Here it is.

85
00:03:36,953 --> 00:03:39,870
Find this vmdk file, select it

86
00:03:39,870 --> 00:03:43,770
and then select it right here again and click on "Choose".

87
00:03:43,770 --> 00:03:46,680
Once you do that, you can click on "Create"

88
00:03:46,680 --> 00:03:48,690
and this is pretty much it.

89
00:03:48,690 --> 00:03:51,300
We got our metasploitable created.

90
00:03:51,300 --> 00:03:54,330
All we are left to do right now are two things.

91
00:03:54,330 --> 00:03:56,823
The first thing is navigate to settings.

92
00:03:58,140 --> 00:03:59,850
Go to the network settings

93
00:03:59,850 --> 00:04:02,580
and switch from that to "Bridged Adapter"

94
00:04:02,580 --> 00:04:05,430
the same thing we did with our Kali Linux machine.

95
00:04:05,430 --> 00:04:08,007
Then choose your adapter and click on "OK".

96
00:04:08,910 --> 00:04:10,530
This will just make our metasploitable

97
00:04:10,530 --> 00:04:14,850
to IP address belong to the IP range of our network.

98
00:04:14,850 --> 00:04:16,923
Once you do that, click on "Start"

99
00:04:18,600 --> 00:04:20,310
and this will start the process

100
00:04:20,310 --> 00:04:23,730
of installing metasploitable for you.

101
00:04:23,730 --> 00:04:26,040
Unlike in Kali Linux right here,

102
00:04:26,040 --> 00:04:28,380
you don't need to do anything.

103
00:04:28,380 --> 00:04:30,450
This will install machine on its own

104
00:04:30,450 --> 00:04:34,023
and it'll take about a minute or two, maybe even less.

105
00:04:35,190 --> 00:04:37,110
So at the end, after this finishes

106
00:04:37,110 --> 00:04:39,990
it should prompt us with a login.

107
00:04:39,990 --> 00:04:41,010
And you will notice

108
00:04:41,010 --> 00:04:44,490
that this machine doesn't have a desktop or anything else.

109
00:04:44,490 --> 00:04:46,530
It is a command line machine.

110
00:04:46,530 --> 00:04:48,330
That means we can only navigate

111
00:04:48,330 --> 00:04:50,640
through this machine using commands

112
00:04:50,640 --> 00:04:53,730
and those commands are simply terminal commands.

113
00:04:53,730 --> 00:04:57,510
So just picture this as one big terminal.

114
00:04:57,510 --> 00:05:00,030
As we can see, the installation has finished.

115
00:05:00,030 --> 00:05:02,880
And down here we got metasploitable login.

116
00:05:02,880 --> 00:05:06,093
And if you read through this website right here,

117
00:05:07,140 --> 00:05:09,960
if you read through this paragraph, it tells us right here

118
00:05:09,960 --> 00:05:13,200
that the metasploitable login is "msfadmin"

119
00:05:13,200 --> 00:05:15,687
and the password is also "msfadmin".

120
00:05:16,560 --> 00:05:17,880
So let's try it out.

121
00:05:17,880 --> 00:05:20,343
Go to our machine type "msfadmin"

122
00:05:21,900 --> 00:05:24,927
and under password, again, "msfadmin".

123
00:05:26,220 --> 00:05:27,930
And here we are.

124
00:05:27,930 --> 00:05:30,570
We managed to log in to our metasploitable.

125
00:05:30,570 --> 00:05:34,050
Just to check our network type "ifconfig"

126
00:05:34,050 --> 00:05:39,050
and it'll tell me that my IP address is 182.168.1.3.

127
00:05:39,090 --> 00:05:42,390
That is because it set it to be over bridged adapter.

128
00:05:42,390 --> 00:05:45,693
And if we try to ping Google for example,

129
00:05:46,650 --> 00:05:47,730
it will work.

130
00:05:47,730 --> 00:05:49,380
So our machine is set up

131
00:05:49,380 --> 00:05:51,843
and it is ready to be scanned and attacked.

132
00:05:52,890 --> 00:05:55,050
You see, this was pretty simple to do

133
00:05:55,050 --> 00:05:56,400
and in the next video

134
00:05:56,400 --> 00:05:59,250
we are ready to start our scanning process.

135
00:05:59,250 --> 00:06:00,083
See you there.