Kali2搭建Metasploitable3靶机

Metasploitable3简介

Metasploitable3是Metasploitable2的升级版本，它是一个虚拟靶机系统，里面含有大量未被修复的安全漏洞，它主要是用于metasploit-framework测试的漏洞目标。不过Metasploitable3的好处是除了是升级版之外，还可以生成Windows版本和Linux版本，具体就是指可以生成windows_2008_r2和ubuntu_1404这两种不同的系统

官方文档提示所需条件

System Requirements:

OS capable of running all of the required applications listed below

VT-x/AMD-V Supported Processor recommended

65 GB Available space on drive

4.5 GB RAM

大概意思：操作系统需要支持安装以下的应用，主机CPU需要支持虚拟化，硬盘空间65GB以上，内存至少4.5GB

以下是需要安装的应用

Requirements:

Packer

Vagrant

Vagrant Reload Plugin

VirtualBox, libvirt/qemu-kvm, or vmware (paid license required), or parallels (paid license required)

Internet connection

这里Kali本身是运行在Esxi上，需要开启硬件虚拟化嵌套，这个是前提条件，务必开启，如图所示

安装依赖包前的一些系统环境配置

1，切换到root用户

新手才用sudo，老司机直接上root！

sudo用户在下面命令前自动添加sudo！

sudo passwd root	# 交互模式配置root密码
su - root		# 切换到root

2，更改shell环境

新版本的Kali默认使用zsh作为shell环境，zsh很优秀，但是习惯了bash环境的用起来多少有点不顺手，如果想适应zsh的也可以不换

切换后需要退出当前会话重新登录或者新建登录标签才能生效

chsh -s /bin/bash	# 切换bash
chsh -s /bin/zsh	# 切换zsh

3，更新source源

默认官方源慢的要死，虽然有CDN会自动适配国内源，但速度不稳定，直接更换aliyun源，速度原地飞起！

sed -i 's#deb http://http.kali.org/kali#deb https://mirrors.aliyun.com/kali#g' /etc/apt/sources.list

4，安装更新

升级安装包到最新版本

apt update
apt full-upgrade -y
[ -f /var/run/reboot-required ] && reboot -f	# 按需重启Kali

开始安装依赖包

如果按照rapid7官方Github说明安装依赖后直接启动Vagrant up，基本是不会成功的，下面是踩坑后的总结，希望可以帮助到新手朋友！

1，安装VirtualBox

这是Kali官方的文档发布的安装方式，务必按此方式安装，其它方式（比如默认源或deb包的方式）安装会出现各种问题！

apt update
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | gpg --dearmor | tee /usr/share/keyrings/virtualbox-archive-keyring.gpg
# 上一条命令执行后可能会出现一堆乱码，正常！
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/virtualbox-archive-keyring.gpg] http://download.virtualbox.org/virtualbox/debian buster contrib" | tee /etc/apt/sources.list.d/virtualbox.list
apt update && apt install -y dkms virtualbox virtualbox-ext-pack

查看VirtualBox版本，这里不报任何Warning信息说明可以正常使用！

┌──(rootkali)-[~]
└─# virtualbox -h
Oracle VM VirtualBox VM Selector v6.1.22_Debian
(C) 2005-2021 Oracle Corporation
......

2，安装Vagrant并加载插件

官方说明文档只加载vagrant-reload一个插件，这里是一个坑！若按他的说明文档，安装后会各种报错，这里整理好了所需的全部插件，全部安装后才可以正常构建虚拟机镜像！

apt update && apt -y install vagrant
vagrant plugin install vagrant-reload vagrant-vbguest winrm winrm-fs winrm-elevated

查看vagrant版本

┌──(rootkali)-[~]
└─# vagrant -v
Vagrant 2.2.14

3，安装Packer

Packer是一款构建镜像的工具，这里默认安装即可！

apt update && apt -y install packer

查看Packer版本

┌──(rootkali)-[~]
└─# packer -v
1.6.6

获取metasploitable3并创建虚机镜像

以上依赖包安装完成并没有报错信息后，可以执行安装命令

cd /opt && mkdir metasploitable3-workspace && cd metasploitable3-workspace
curl -O https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile && vagrant up

执行后会从网上下载文件并自动构建镜像，持续过程大概十几分钟，如图所示

执行完成后，生成的ubuntu1404镜像虚拟机自动导入到了VirtualBox并且是启动状态，图形界面打开VirtualBox可以看到，如文章最后一张图所示

至此ubuntu1404镜像自动构建完成，但是windows2008的镜像不会自动构建，若要构建windows2008还需要修改Vagrantfile配置文件

配置文件里支持windows2008的虚拟机除了VirtualBox还有libvirt和hyper-V，如果不注释掉会各种报错，这里又是一个坑！

我们需要把不相关的配置全部注释，如图所示

有效配置文件内容如下

┌──(root??kali)-[/opt/metasploitable3-workspace]
└─# cat Vagrantfile |grep -v "^#"                                                                                                             130 ?

Vagrant.configure("2") do |config|
  config.vm.synced_folder '.', '/vagrant', disabled: true

  config.vm.define "win2k8" do |win2k8|
    # Base configuration for the VM and provisioner
    win2k8.vm.box = "rapid7/metasploitable3-win2k8"
    win2k8.vm.hostname = "metasploitable3-win2k8"
    win2k8.vm.communicator = "winrm"
    win2k8.winrm.retry_limit = 60
    win2k8.winrm.retry_delay = 10

    win2k8.vm.network "private_network", type: "dhcp"

    # Configure Firewall to open up vulnerable services
    case ENV['MS3_DIFFICULTY']
      when 'easy'
        win2k8.vm.provision :shell, inline: "C:\\startup\\disable_firewall.bat"
      else
        win2k8.vm.provision :shell, inline: "C:\\startup\\enable_firewall.bat"
        win2k8.vm.provision :shell, inline: "C:\\startup\\configure_firewall.bat"
    end

    # Insecure share from the Linux machine
    win2k8.vm.provision :shell, inline: "C:\\startup\\install_share_autorun.bat"
    win2k8.vm.provision :shell, inline: "C:\\startup\\setup_linux_share.bat"
    win2k8.vm.provision :shell, inline: "rm C:\\startup\\*" # Cleanup startup scripts
  end
end

虚拟机登录的用户名和密码默认都是vagrant，至此ubuntu1404和windows2008全部构建完成！

#####################################分割线#########################################

使用vagrant up命令构建windows2008，到最后时可能有如下报错信息，还在研究原因，但目测不会影响使用

==> win2k8: Machine booted and ready!
[win2k8] GuestAdditions versions on your host (6.1.22) and guest (6.0.8) do not match.
Downloading VirtualBox Guest Additions ISO from https://download.virtualbox.org/virtualbox/6.1.22/VBoxGuestAdditions_6.1.22.iso
Copy iso file /root/.vagrant.d/tmp/VBoxGuestAdditions_6.1.22.iso into the box $env:TEMP/VBoxGuestAdditions.iso
The term 'Mount-DiskImage' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ Mount-DiskImage -ImagePath $env:TEMP/VBoxGuestAdditions.iso
+ ~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Mount-DiskImage:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
Unmounting Virtualbox Guest Additions ISO from: The term 'Get-DiskImage' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:2 char:11
+           Get-DiskImage -ImagePath $env:TEMP/VBoxGuestAdditions.iso
+           ~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Get-DiskImage:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
The term 'Dismount-DiskImage' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ Dismount-DiskImage -ImagePath $env:TEMP/VBoxGuestAdditions.iso
+ ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Dismount-DiskImage:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
==> win2k8: Checking for guest additions in VM...
    win2k8: The guest additions on this VM do not match the installed version of
    win2k8: VirtualBox! In most cases this is fine, but in rare cases it can
    win2k8: prevent things such as shared folders from working properly. If you see
    win2k8: shared folder errors, please make sure the guest additions within the
    win2k8: virtual machine match the version of VirtualBox you have installed on
    win2k8: your host and reload your VM.
    win2k8:
    win2k8: Guest Additions Version: 6.0.8
    win2k8: VirtualBox Version: 6.1
The following WinRM command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

Dismount-DiskImage -ImagePath $env:TEMP/VBoxGuestAdditions.iso

Stdout from the command:

Stderr from the command:

The term 'Dismount-DiskImage' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ Dismount-DiskImage -ImagePath $env:TEMP/VBoxGuestAdditions.iso
+ ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Dismount-DiskImage:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

参考文档

https://github.com/rapid7/metasploitable3

https://www.kali.org/docs/virtualization/install-virtualbox-host/