Metasploitable: A Vulnerable Linux Virtual Machine
Metasploitable is a purposely vulnerable Linux virtual machine. This virtual machine can be used to perform the security training, tools of security test as well as carry out the regular dissemination testing techniques.
Or you can say in other words that the Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux which is designed for testing the security tools as well as representing the common vulnerabilities. The version 2 of this virtual machine is present for download and transports with still there are more vulnerabilities than the real image.
This virtual machine is well-matched with VMWare, VirtualBox as well as many other similar platforms of virtualization. By default, the network interfaces of Metasploitable are jumped to the NAT and the network adapters of the only Host and also the image should never be uncovered to a hostile network.
Vulnerable Web Services:
Metasploitable 2 has intentionally vulnerable web applications which are already pre-installed. Automatically the web server initiates, when Metasploitable 2 is booted. To contact the web applications that unlock a web browser as well as go through the URL HTTP://<IP> where <IP> is the IP address of Metasploitable 2.
There is only one way to complete this and for is to install the Metasploitable 2 that is performed as a guest operating system in Virtual Box as well as modify the settings of the network interface from "NAT" to "Host Only".
To access a specific web application you just click on one of the offered links. Particular web applications that may furthermore be accessed by attaching the application with the directory name onto HTTP://<IP> to create URL HTTP://<IP>/<Application Folder>/. Such as - the Mutillidae application that may be accessed in this example at the address http://192.168.56.101/mutillidae/. The applications are already installed in Metasploitable 2 in the /var/www directory. Here are the applications which are available in the current version of this application which is as follows:
- Mutillidae (NOWASP Mutillidae 2.1.19)
- dvwa (Damn Vulnerable Web Application)
- tiki wiki (TWiki)
- tiki wiki-old
- dav (WebDav)