On GitHub you can see all the vulnerabilities that Metasploitable 3 detects. For example, you can find open ports, insecure passwords or the most common applications that we can find on the network. All of this will be ready for us to perform attacks and exploit vulnerabilities.
Steps to use it
In order to use Metasploitable you have to have a computer that is compatible with the necessary dependencies and then download it. It may not work on all computers, so you should know what the minimum specifications that you will require to start using it:
- Processor that supports virtualization features (VT-x or AMD-V)
- At least 4.5 GB of RAM
- 65 GB of free hard disk space
In addition, it is necessary to install on the computer tools such as packers, Vagrant or Vagrant Reload Plugin. Also a virtualization system, such as VMWare or VirtualBox. Later, you can download the already compiled versions of Metasploitable or do it yourself.
However, they are not specifications that a normal team today has problems to assume. If your equipment is older or has more limited features, you must take into account what it requests as a minimum in order to function correctly and not run into problems.
You can find the necessary information for Metasploitable 3 based on Windows Server and also for Ubuntu version. They are not the most recent versions of these operating systems, as you can see. It is likely that in the future they will release a new update with more current OS.
In the event that you are going to mount Metasploitable 3 in Ubuntu, you would have to run the following box in Vagrant:
Vagrant.configure("2") do |config|
config.vm.box = "rapid7/metasploitable3-ub1404"
config.vm.box_version = "0.1.12-weekly"
end
Why ethical hacking tools are important
exist many security threats In the net. Whenever we open a page, log in to a service or install any program, we can be victims of malware and different attacks. But on many occasions this is due to vulnerabilities that exist. For example, failures that can allow a cybercriminal to enter a server, an error that causes passwords to be exposed or that a system can be exploited.
To counteract all this, it is essential to have a constant review to detect errors as soon as possible and correct them. That is where ethical hacking tools come into play, for which we can find a large number of alternatives. One of them is the one we have seen from Metasploitable 3.
However, there are even operating systems that we can install, such as Kali Linux, which is one of the most popular. This type of Linux distributions They have a wide range of options to run tools with which to test Wi-Fi networks that may be vulnerable, detect insecure passwords, etc. The objective is to carry out tests of all kinds to see what possible vulnerabilities exist and can be a problem for a computer system in the event that a hypothetical hacker manages to exploit the flaw and take control of that device.
They are very useful to protect systems, servers and business networks and large organizations. In this type of case there may be vulnerabilities of all kinds. It is necessary to study computer security experts or hackers who carry out tests to detect those errors and offer a solution. There, once again, ethical hacking tools appear on the scene.
To make correct use of applications and tools such as Metasploitable, it is necessary to have a minimum knowledge of computer security and how these programs work. In this way we can make the most of the operation and detect vulnerabilities or test the different functions that are available to us.
Conclusions about Metasploitable
We can say that Metasploitable is one of the more complete environments that we can find to carry out this type of ethical hacking practices. However, not everything is perfect. A negative point that we can see is that it does not receive updates frequently. In fact, the latest version is already several years old. It would be important if you could offer updates to the latest programs and vulnerabilities that could be exploited.
Similarly, operating systems They should be more up to date. Although they are functional, it would be nice to be able to use more current versions to test security and thus detect vulnerabilities. Also, since it is possible to use it with Vagrant, it should be possible to include different difficulty levels. In this way we could create different virtual instances with different characteristics depending on whether we want something more complex or we are interested in something more basic.
Another point that may be important to many users is that requires certain knowledge. It is not enough to find a compiled virtual machine, download and mount it on platforms like VirtualBox or VMWare. With Vagrant, if you don’t have practice with this tool it’s going to be a bit complicated and you’re going to need to spend more time.
However, despite the negative points that we have seen, which are basically the fact that it is somewhat outdated and the difficulty in using it, otherwise it is a fairly complete and interesting tool. One more option within the wide range of ethical hacking tools that we can install on our systems and carry out all kinds of tests. If you are looking for something to detect vulnerabilities and exploit them, it is a good solution that you can try.
