building metasploitable 3

i’ve not used metasploitable before, so this is my first time with one of their vms

i understand that previous iterations were distributed pre-built, which one merely downloaded and started

unfortunately metasploitable 3 is built from the ground up, by downloading and installing win2k8 and then scripting the download, installation and configuration of everything thereafter

i experienced a few problems with this approach

  1. you have to install dependencies
  2. it takes a hell of a long time
  3. there is sometimes no feedback at all on how long a certain stage will take
  4. it downloads masses of stuff, and if one of those downloads is on a go-slow, you could be waiting a long, long time

example: i decided to try out metasploitable 3.  2 hours later i was still waiting to try out metasploitable 3 :/  it had taken a long time already, but now it was stuck on downloading ‘manage engine’ with no feedback other than the url.  i tried downloading the url in my browser, and saw the problem: estimated completion time for a 128MB download: 10 hours!  this is not a problem my internet connection (i checked), it’s the server.  and for all i know it’s even throttling only the people (of which presumably there are a great many) who are building metasploitable 3, and who therefore are not even ‘real customers’, but sucking up their bandwidth

i ^C-ed and tried again with the last command, and to my amazement it recovered from where it left off. unfortunately it was still going to go incredibly slowly because of the server…

all in all… this way of doing things does not seem at all great

progress so far:

# following the document at…
https://github.com/rapid7/metasploitable3/blob/master/README.md

# install packer (note: ~/bin is already in my PATH via .bashrc)
https://www.packer.io/intro/getting-started/setup.html
https://www.packer.io/downloads.html
(select and download)
unzip packer*.zip
mv packer ~/bin

# install vagrant
https://www.vagrantup.com/downloads.html
(select and download)
sudo dpkg -i vagrant_1.9.1_x86_64.deb

# install vagrant-reload
https://github.com/aidanns/vagrant-reload#installation
vagrant plugin install vagrant-reload

# install and build metasploitable3
# note: the installation script barfed for me because it said i needed virtualbox 5.1.x+
# since i only had 5.0.24 and didn’t want to upgrade in case i broke something else, i simply
# modded the installation script to downgrade the minimum version required to what i actually had
# (seems to work fine, i had no errors at all)
git clone https://github.com/rapid7/metasploitable3.git
cd metasploitable3
build_win2008.sh <– takes a long time

# at some point during the install it will spit out an address you can rdp to, to see what is going on
rdesktop 127.0.0.1:5977

# start the vm
vagrant up <– takes a VERY long time because of a slow download

…to be continued. right now the vm ‘seems to be working’ but i’ve got shaky confidence in whether everything installed ok, because of the long downloads, aborts, retries etc… i will happily take a pre-built image from somewhere if i can find one (although it’s not on vulnhub).  i don’t mind a dodgy backdoored copy, since i can just run it in a private virtualbox network

Leave a Reply

Your email address will not be published. Required fields are marked *