Homework 1 – Creating Kali and Metasplotable VMs This is an individual assignment, and worth 20 points. The due date and time is 2:30 (Sec 01) / 5:30 (Sec 76) on Thursday, September 3 You need to provide your outcomes to the “Homework1-Outcome.docx.” Change the file name

following the naming convention. The naming convention is as follows: homework, hypen, last name, first initial, and extension (e.g., Homework1-ImG.docx). If you do not follow the convention, I will deduct 1.

Make screenshots small so that you can save space. Do not copy the screenshots that are provided below. Collaboration is allowed for troubleshooting, but

students should do their own work.

1. Overview

• The objective of this assignment is to create Kali and Metasplotable virtual machines on the Oracle VirtualBox environment. After the successful creation, students are required to test the networking of each virtual machine by checking network settings. Furthermore, on Kali, students are asked to install Armitage.

• This learning objective is measured by examining the outputs through the screenshots after conducting several tests.

• Kali: This is a Debian-derived Linux VM. It is used for security training, digital forensics,

and penetration testing. Currently, Offensive Security maintains it. • Metasplotable: This is an intentionally vulnerable Linux VM. This VM is used for security

training and penetration testing. • Armitage: Armitage is a GUI-based front-end for the Metasploit Framework. The GUI

provides visualization of the security environment and facilitates the execution of security commands. In this assignment, you are going to install Armitage on the Kali VM.

2. Preparation

• Enabling Virtualization in the BIOS on Windows. This is NOT applicable to MAC computer. 1) To be able to create virtual machines, you should enable virtualization in the BIOS on Windows. To enable virtualization, use the following steps:

a) First, restart your computer and launch the BIOS setup by pressing a key. The key to press depends on the system, but is usually F2, F10, or Delete. The key for the BIOS setup is usually displayed while Windows is launched.

b) Second, after entering the BIOS setup, locate the setting for virtualization and turn it on.

c) Last, after enabling the setting, save and exit the BIOS setup.

1

• Go to the Oracle VirtualBox website and download the VirtualBox binary on your host machine. You need to select the binary that is aligned with your operating system. https://www.virtualbox.org/wiki/Downloads

• Install VirtualBox.

3. Creating a Kali Linux VM

• Go to the following site and download a Kali Linux VirtualBox Image. This image is a prebuilt Kali image for VirtualBox. https://www.offensive - security.com/kali - linux - vmware - virtualbox - image - download/

• Open Oracle VM VirtualBox manager. Go to the VirtualBox menu and click File > Import Appliance. Locate the *.ova

image file to import.

Check the location of the imported virtual machine.

2

Launch VirtualBox.

Import using the default configurations.

Start the virtual machine by clicking on Start arrow.

Log in by providing the default ID and password: kali/kali. Launch a command shell by clicking on the terminal emulator.

Get the IP address of the Kali VM by running ifconfig (not ipconfig) command on the current shell. Do you get any result? Contrary to the previous version of the Kali VM, the Kali VM 2020 has the new default ID and password you have just used. The default account kali is a standard, unprivileged user. Therefore, you cannot run any meaningful commands. To be able to run commands, you need to run commands as a superuser. To switch into a superuser account, use suso su command.

FYI: su switches you into the superuser account. sudo runs a single command with root privileges.

3

The following screen shows the outcome of running the ifconfig command. What do you think is the IP address of this Kali VM? The network interface of this VM is eth0. Now you should be able to figure out the IP address of this VM. Focus on the IPv4 address and ignore the IPv6 address.

Run ping command and confirm that your Kali VM is talking to others over the Internet.

Try the www.nyt.com site. You can control the number of ping by using the option “-c number.” Replace number with the numeric value you want. See the sample screen as an example. Take a screenshot (#1).

4

4. Creating Metasploitable VM

• Go to the following site and download Metasploitable. This image is a prebuilt Metasploitable VMware image. https://sourceforge.net/projects/metasploitable/

• Create a directory to store virtual machine images and move the downloaded file onto the directory. Then unzip it.

• On Hard Disk, you should select the third option. Currently, you may see the Kali Linux disk in the box. Click on the folder icon on the bottom right to replace the disk with the one for Metasploitable.

5

Give the proper name for the VM and change the type and version as shown below.

. NewVM, click on Metasploitable a To create

• Click on Add and locate the Metasploitable folder you have created and choose *.vmdk file.

• Click on the Create button. That’s it! • What happens is that your Metasploitable VM is connected to the Metasploitable disk file

you have selected. So, you should not change the location of the Metasploitable directory while you are using that VM.

6

• Start the Metasploitable VM by using the default username and password: msfadmin/msfadmin. You can change the username and password after log in and become root.

• Get the IP address of Metasploitable VM by running ifconfig command. Run ping command and confirm that your Metasploitable VM is talking to others over the

Internet. Try the www.nyt.com site. Take a screenshot (#2).

• Compare the IP addresses between the Kali and Metasploitable VMs. Are they the same? If

they are, you are in a big trouble. • What is going on is that the default network setting of VirtualBox is NAT and each VM has

the same network IP address. We can solve the problem by changing the network setting to NAT Network.

7

• Shut down both VMs. • On VirtualBox, go to File > Preference > Network > Add new NAT Network. Then, you will

see a new NAT router “NatNetwork.” Click OK.

• Start both VMs and check their IP addresses. Are they different? If yes, you did a great job.

Congratulations!!

8

VM.Metasploitable same to the Do the

. NAT Networkto dapter 1Aand change the setting of etworkNClick on

.SettingsAnd click on first. VM Kali the Select

• On Kali, ping Metasploitable. To ping a partner, you should type “ping the-IP-address-ofthe-partner.” Replace the-IP-address-of-the-partner with the real IP address of the partner. Take a screenshot (#3).

• On Metasploitable, ping Kali. Take a screenshot (#4).

9