Mounting the environment

A successful penetration test largely depends on how well your work environment and labs are configured. Moreover, a successful test answers the following set of questions:

• How well is your test lab configured?
• Are all the necessary tools for testing available? How good is your hardware to support such tools?

  Before we start testing anything, we must make sure that all of the required sets of tools are available and updated.

Let's go ahead and set up Metasploit in a virtual environment.

Setting up Metasploit in a virtual environment

Before using Metasploit, we need to have a test lab. The best idea for setting up a test lab is to gather different machines and install different OSes on them. However, if we only have a single device, the best idea is to set up a virtual environment.

Virtualization plays an essential role in penetration testing today. Due to the high cost of hardware, virtualization plays a cost-effective role in penetration testing. Emulating different operating systems under the host OSes not only saves you money but also cuts down on electricity and space. However, setting up a virtual penetration test lab prevents any modifications from being made to the actual host system and allows us to perform operations in an isolated environment.

Moreover, the snapshot feature of virtualization helps preserve the state of the virtual machine (VM) at a particular point in time. This feature proves to be very helpful, as we can compare or reload a previous state of the operating system while testing a virtual environment, without reinstalling the entire software in case the files are modified after an attack simulation.

Virtualization expects the host system to have enough hardware resources, such as RAM, processing capabilities, drive space, and so on, to run smoothly.

Tip

For more information on snapshots, refer to https://www.virtualbox.org/manual/ch01.html#snapshots.

So, let's see how we can create a virtual environment with the Ubuntu operating system and install Metasploit 5 on it.

To create a virtual environment, we need virtual machine software. We can use either of the most popular ones, that is, VirtualBox or VMware Workstation Player. We will be using VMware Workstation Player throughout the book. So, let's begin with the installation by performing the following steps:

1. Download VMware Workstation Player (https://www.vmware.com/in/products/workstation-player/workstation-player-evaluation.html) and set it up for your machine's architecture.
2. Run the setup wizard and finalize the installation.
3. Download the latest Ubuntu ISO image (https://ubuntu.com/download/desktop).
4. Run the VM Player program, as shown in the following screenshot:
   

   Figure 1.3 – VMWare Workstation 12 Player

5. Next, choose the Create a New Virtual Machine icon, which will populate the following window:
   

   Figure 1.4 – New Virtual Machine Wizard

6. Browse to the downloaded Ubuntu image and click Next.
7. On the next screen, type in your full name and your desired User name and Password, as shown in the following screenshot:
   

   Figure 1.5 – Entering a user name and password

8. After choosing the desired name of the VM on the next screen, the Disk Capacity settings will populate, as shown in the following screenshot:
   

   Figure 1.6 – Choosing the disk capacity of the VM

9. By choosing a disk size of 40 GB, we will be shown the complete settings for the VM, as follows:
   

   Figure 1.7 – Settings overview

10. At this point, we can go ahead with the default settings, that is, 1 GB of RAM and a 1-core processor. Alternatively, we can customize these settings based on the hardware capacity of the host machine. I will choose to customize the hardware and set Memory to 4 GB and 2 cores as the processor. The modified stings should look something similar to the following:
    

    Figure 1.8 – Modified settings overview

11. After customizing the hardware requirements, we are ready to begin the installation process by clicking the Finish button. The installation process should begin and will look similar to the following screen:
    

    Figure 1.9 – Ubuntu installation page

12. After a successful install, we will be greeted with the login page of our newly installed Ubuntu machine, as shown in the following screenshot:
    

    Figure 1.10 – Ubuntu login screen

13. After successfully logging in with the password we set during the installation in step 7, we can set a root password using the sudo passwd root command, as follows:
    

    Figure 1.11 – Changing the root password in Ubuntu

14. By setting a root password, we can switch to root anytime using the su command. Let's install the curl and nmap packages by typing apt-get install curl and apt-get install nmap before installing Metasploit, as shown in the following screenshot:
    

    Figure 1.12 – Installing curl on Ubuntu

15. Next, we simply need to download Metasploit using the curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.er> msfinstall command, as shown in the following screenshot:
    

    Figure 1.13 – Downloading Metasploit using curl

16. Once Metasploit has downloaded, we need to provide 755 permissions to the installer file using the chmod 755 msfinstall command and run the installer using the ./msfinstall command, as follows:
    

    Figure 1.14 – Assigning permissions to the Metasploit installer

17. Metasploit should now be installed. Once the installation is complete, we can check for the Metasploit utilities by typinmsf, followed by a tab, as shown in the following screenshot:
    

    Figure 1.15 – Checking Metasploit utilities

18. With that, we have successfully installed Metasploit. Next, we need to initialize the Metasploit database using the msfdb init command, as follows:
    

    Figure 1.16 – Initializing the Metasploit database/web service

19. We will be prompted to set up a web service username and password during installation so that we can use the Metasploit API. We can choose any desired username and password. On successfully initializing the database, the web service will be live on port 5443, as shown in the following screenshot. We can use the credentials we set in the previous step to log into the web service:
    

    Figure 1.17 – Metasploit API overview

20. Finally, let's start the Metasploit console using the msfconsole command, as follows:

Figure 1.18 – Metasploit's msfconsole command

We have successfully installed Metasploit. Now, let's focus on some of the basic fundamentals before moving on to the actual testing.

Important Note

To set up a Metasploit development environment, refer to https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment.

Metasploit 5.0 is a part of the latest Kali image, which can be downloaded from https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/.