Normalizer 2020-06-16
??Metasploitable3是Metasploitable2的升级版本,它是一个虚拟靶机系统,里面含有大量未被修复的安全漏洞,它主要是用于metasploit-framework测试的漏洞目标。众所周知Metasploitable2由于年久失修,被更好的Metasploitable3给取代了。但是rapid7(官方)这次却没有提供VM镜像,而是仅仅提供动态构建VM镜像的方法。之前的Metasploitable2提供的是VM快照文件,这使得维护和更新变得非常麻烦,因此Metasploitable3利用动态构建的方法来让用户自行创建VM镜像。这种新的构建方法有很多好处:我们可以轻松地在多个操作系统上应用相同的漏洞利用,为多个虚拟化平台构建,最重要的是,可以接受社区的贡献。
??本文介将介绍如何在Kali Linux中下载官方脚本,并创建启动Metasploitable3虚拟机镜像。
??官方提供的安装脚本文件托管在Github上,其地址为:https://github.com/rapid7/Metasploitable3
??首先我们在特定的目录中创建一个名为:metasploitable3-workspace的目录,然后在该目录中curl Vagrantfile然后通过vagrant up进行构建VM镜像。
mkdir metasploitable3-workspace cd metasploitable3-workspace curl -O https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile && vagrant up
??如果你以为按照官方推荐的方法去构建就OK了,那么只能说 U A 2 young 2 simple?????? Kali Linux中默认是没有安装vagrant的,在正式构建前首先需要安装vagrant。通过命令apt-get install vagrant即可安装,安装大致过程如下:
? ~ apt-get install vagrant eading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: vagrant-libvirt The following NEW packages will be installed: vagrant vagrant-libvirt #.......安装过程省略
??按照官方推荐方法,进行构建过程如下:
? /media/root/软件1/VMware/metasploitable3-workspace curl -O https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile && vagrant up % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1550 100 1550 0 0 1681 0 --:--:-- --:--:-- --:--:-- 1679 Traceback (most recent call last): 25: from /usr/bin/vagrant:23:in `<main>‘ 24: from /usr/bin/vagrant:23:in `load‘ 23: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/bin/vagrant:200:in `<top (required)>‘ 22: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/environment.rb:290:in `cli‘ 21: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/cli.rb:67:in `execute‘ 20: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/plugins/commands/up/command.rb:87:in `execute‘ 19: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/plugin/v2/command.rb:186:in `with_target_vms‘ 18: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/plugin/v2/command.rb:186:in `each‘ 17: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/plugin/v2/command.rb:204:in `block in with_target_vms‘ 16: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/plugin/v2/command.rb:180:in `block in with_target_vms‘ 15: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/environment.rb:715:in `machine‘ 14: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/vagrantfile.rb:81:in `machine‘ 13: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/vagrantfile.rb:81:in `new‘ 12: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/machine.rb:146:in `initialize‘ 11: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/machine.rb:261:in `communicate‘ 10: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/registry.rb:27:in `get‘ 9: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/plugins/communicators/winrm/plugin.rb:15:in `block in <class:Plugin>‘ 8: from /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:92:in `require‘ 7: from /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:92:in `require‘ 6: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/plugins/communicators/winrm/communicator.rb:6:in `<top (required)>‘ 5: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/plugins/communicators/winrm/communicator.rb:6:in `require_relative‘ 4: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/plugins/communicators/winrm/shell.rb:8:in `<top (required)>‘ 3: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/lib/vagrant/util/silence_warnings.rb:8:in `silence!‘ 2: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.9/plugins/communicators/winrm/shell.rb:9:in `block in <top (required)>‘ 1: from /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:92:in `require‘ /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:92:in `require‘: cannot load such file -- winrm (LoadError)
??构建过程出现报错,报错信息大致是说缺少winrm插件。那么接下来就是安装缺少的必要插件。
??根据实际安装过程发现,如果要成功构建Metasploitable3需要安装winrm、winrm-fs、vagrant-vbguest、winrm-elevated、vagrant-reload这几个插件。安装过程如下:
? ~ vagrant plugin install winrm winrm-fs vagrant-vbguest Installing the ‘winrm‘ plugin. This can take a few minutes... Fetching vagrant-libvirt-0.1.2.gem Fetching erubi-1.9.0.gem Fetching gssapi-1.3.0.gem Fetching gyoku-1.3.1.gem Fetching little-plugger-1.1.4.gem Fetching logging-2.2.2.gem Fetching nori-2.6.0.gem Fetching rubyntlm-0.6.2.gem Fetching winrm-2.3.4.gem Installed the plugin ‘winrm (2.3.4)‘! Installing the ‘winrm-fs‘ plugin. This can take a few minutes... Fetching winrm-fs-1.3.4.gem Installed the plugin ‘winrm-fs (1.3.4)‘! Installing the ‘vagrant-vbguest‘ plugin. This can take a few minutes... Fetching micromachine-3.0.0.gem Fetching vagrant-vbguest-0.24.0.gem Installed the plugin ‘vagrant-vbguest (0.24.0)‘! Installing the ‘winrm-elevated‘ plugin. This can take a few minutes... Fetching winrm-elevated-1.2.1.gem Installed the plugin ‘winrm-elevated (1.2.1)‘! Installing the ‘vagrant-reload‘ plugin. This can take a few minutes... Fetching vagrant-reload-0.0.1.gem Installed the plugin ‘vagrant-reload (0.0.1)‘!
??这个构建的速度只要是取决与你的网速,下图是当时构建是我的截图,100Mbps的下载速度我大概用了5分钟。
下面是构建详细过程:
? ? /media/root/软件1/VMware/metasploitable3-workspace curl -O https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile && vagrant up % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1550 100 1550 0 0 1823 0 --:--:-- --:--:-- --:--:-- 1821 Bringing machine ‘ub1404‘ up with ‘virtualbox‘ provider... Bringing machine ‘win2k8‘ up with ‘virtualbox‘ provider... ==> ub1404: Box ‘rapid7/metasploitable3-ub1404‘ could not be found. Attempting to find and install... ub1404: Box Provider: virtualbox ub1404: Box Version: >= 0 ==> ub1404: Loading metadata for box ‘rapid7/metasploitable3-ub1404‘ ub1404: URL: https://vagrantcloud.com/rapid7/metasploitable3-ub1404 ==> ub1404: Adding box ‘rapid7/metasploitable3-ub1404‘ (v0.1.12-weekly) for provider: virtualbox ub1404: Downloading: https://vagrantcloud.com/rapid7/boxes/metasploitable3-ub1404/versions/0.1.12-weekly/providers/virtualbox.box Download redirected to host: vagrantcloud-files-production.s3.amazonaws.com ==> ub1404: Successfully added box ‘rapid7/metasploitable3-ub1404‘ (v0.1.12-weekly) for ‘virtualbox‘! ==> ub1404: Importing base box ‘rapid7/metasploitable3-ub1404‘... ==> ub1404: Matching MAC address for NAT networking... ==> ub1404: Checking if box ‘rapid7/metasploitable3-ub1404‘ version ‘0.1.12-weekly‘ is up to date... ==> ub1404: Setting the name of the VM: Metasploitable3-ub1404 ==> ub1404: Clearing any previously set network interfaces... ==> ub1404: Preparing network interfaces based on configuration... ub1404: Adapter 1: nat ub1404: Adapter 2: hostonly ==> ub1404: Forwarding ports... ub1404: 22 (guest) => 2222 (host) (adapter 1) ==> ub1404: Running ‘pre-boot‘ VM customizations... ==> ub1404: Booting VM... ==> ub1404: Waiting for machine to boot. This may take a few minutes... ub1404: SSH address: 127.0.0.1:2222 ub1404: SSH username: vagrant ub1404: SSH auth method: password ub1404: Warning: Connection reset. Retrying... ub1404: Warning: Remote connection disconnect. Retrying... ub1404: ub1404: Inserting generated public key within guest... ub1404: Removing insecure key from the guest if it‘s present... ub1404: Key inserted! Disconnecting and reconnecting using new SSH key... The private key to connect to this box via SSH has invalid permissions set on it. The permissions of the private key should be set to 0600, otherwise SSH will ignore the key. Vagrant tried to do this automatically for you but failed. Please set the permissions on the following file to 0600 and then try running this command again: /media/root/软件1/VMware/metasploitable3-workspace/.vagrant/machines/ub1404/virtualbox/private_key Note that this error occurs after Vagrant automatically tries to do this for you. The likely cause of this error is a lack of filesystem permissions or even filesystem functionality. For example, if your Vagrant data is on a USB stick, a common case is that chmod is not supported. The key will need to be moved to a filesystem that supports chmod.
??再上一个步骤,如果成功构建了Metasploitable3.那么会在/root/VirtualBox VMs目录中生成一个名为:Metasploitable3-ub1404的目录。该目录则是Metasploitable3的虚拟机文件目录。
? ~/VirtualBox VMs/Metasploitable3-ub1404 ls -l total 5693204 drwx------ 2 root root 4096 Jun 16 11:21 Logs -rw------- 1 root root 5833752576 Jun 16 11:32 metasploitable3-ub1404-disk001.vmdk -rw------- 1 root root 2933 Jun 16 11:21 Metasploitable3-ub1404.vbox -rw------- 1 root root 2933 Jun 16 11:21 Metasploitable3-ub1404.vbox-prev
??启动virtualbox,然后选择Machine-->add。然后点击上面的目录,virtualbox会自动加载我们构建好的虚拟机如下图所示:
??接下来就可以点击start开始享用吧,其中系统初始的用户名密码都是vagrant