There are many ethical hacking resources and tools for testing computer security. The goal is to be able to detect vulnerabilities, find bugs that could be a danger to a device. But they also serve to learn, to put yourself in the place of an attacker and carry out experiments. One of these options is Metasploitable . It is a virtual machine that we can use to carry out all kinds of tests without compromising the security of our equipment.
How Metasploitable works
It is an open source project focused on computer security. It is used to detect vulnerabilities and obtain information on how to solve problems that may appear. It is used to execute exploits against a device remotely and thus test its security.
This project is already quite a few years old and over time it has been improving and incorporating new features. This preconfigured virtual machine allows you to debug and use different tools, such as Metasploit. There are a total of three versions: Metasploitable 1, 2 and 3, which is the most recent version and the one you will probably end up using.
The most advisable option is to use Metasploitable 3 , which is the newest and the one that will work better. In it you can test your cybersecurity skills and detect vulnerabilities. In this case, to be able to easily build the image on the system depends on Vagrant and Packer. Previous versions were snapshots of virtual machines.
On GitHub you can see all the vulnerabilities that Metasploitable 3 detects. For example, you can find open ports, insecure passwords or the most common applications that we can find on the network. All of this will be ready for us to perform attacks and exploit vulnerabilities.
Steps to use it
In order to use Metasploitable you have to have a computer that is compatible with the necessary dependencies and then download it. It may not work on all computers, so you should know what the minimum specifications are that you will require to start using it:
- Processor that supports virtualization features (VT-x or AMD-V)
- At least 4.5 GB of RAM
- 65 GB of free hard disk space
In addition, tools such as Packer , Vagrant or Vagrant Reload Plugin need to be installed on the computer. Also a virtualization system, such as VMWare or VirtualBox. Later, you can download the already compiled versions of Metasploitable or do it yourself.
However, they are not specifications that a normal team today has problems to assume. If your equipment is older or has more limited features, you must take into account what it requests as a minimum in order to function correctly and not run into problems.
You can find the necessary information for Metasploitable 3 based on Windows Server and also for Ubuntu version. They are not the most recent versions of these operating systems, as you can see. It is likely that in the future they will release a new update with more current OS.
In the event that you are going to mount Metasploitable 3 in Ubuntu, you would have to run the following box in Vagrant:
Vagrant.configure("2") do |config|
config.vm.box = "rapid7/metasploitable3-ub1404"
config.vm.box_version = "0.1.12-weekly"
end
Why ethical hacking tools are important
There are many security threats on the network. Whenever we open a page, log in to a service or install any program, we can be victims of malware and different attacks. But on many occasions this is due to vulnerabilities that exist. For example, failures that can allow a cybercriminal to enter a server, an error that causes passwords to be exposed or that a system can be exploited.
To counteract all this, it is essential to have a constant review to detect errors as soon as possible and correct them. That is where ethical hacking tools come into play, for which we can find a large number of alternatives. One of them is the one we have seen from Metasploitable 3.
However, there are even operating systems that we can install, such as Kali Linux, which is one of the most popular. This type of Linux distribution has a wide range of options to run tools with which to test Wi-Fi networks that may be vulnerable, detect insecure passwords, etc. The objective is to carry out tests of all kinds to see what possible vulnerabilities exist and can be a problem for a computer system in the event that a hypothetical hacker manages to exploit the flaw and take control of that device.
They are very useful to protect systems, servers and business networks and large organizations. In this type of case there may be vulnerabilities of all kinds. It is necessary to study computer security experts or hackers to carry out tests to detect these errors and offer a solution. There, once again, ethical hacking tools appear on the scene.
To make correct use of applications and tools such as Metasploitable, it is necessary to have a minimum knowledge of computer security and how these programs work. In this way we can make the most of the operation and detect vulnerabilities or test the different functions that are available to us.
Conclusions about Metasploitable
We can say that Metasploitable is one of the most complete environments that we can find to carry out this type of ethical hacking practice. However, not everything is perfect. A negative point that we can see is that it does not receive updates frequently. In fact, the latest version is already several years old. It would be important if you could offer updates to the latest programs and vulnerabilities that could be exploited.
Likewise, operating systems should also be more up-to-date . Although they are functional, it would be nice to be able to use more current versions to test security and thus detect vulnerabilities. Also, since it is possible to use it with Vagrant, it should be possible to include different difficulty levels. In this way we could create different virtual instances with different characteristics depending on whether we want something more complex or we are interested in something more basic.
Another point that may be important for many users is that it requires certain knowledge . It is not enough to find a compiled virtual machine, download and mount it on platforms like VirtualBox or VMWare. With Vagrant, if you don’t have practice with this tool it’s going to be a bit complicated and you’re going to need to spend more time.
However, despite the negative points that we have seen, which are basically the fact that it is somewhat outdated and the difficulty in using it, otherwise it is a fairly complete and interesting tool. One more option within the wide range of ethical hacking tools that we can install on our systems and carry out all kinds of tests. If you are looking for something to detect vulnerabilities and exploit them, it is a good solution that you can try.
