Project 3: Setting Up VMs (15 points)

You need to set up these three virtual machines:
  1. Kali Linux 2.0 with Nessus and additional software
  2. Windows Server 2008 with several vulnerable software packages
  3. Metasploitable 2

Installing VMware

If you are working in S214, VMware is already installed. If you are using some other machine, you need to install some virtualization software. I recommend VMware.

Download VMware Player

VMware Fusion for Mac OS X: https://www.vmware.com/products/fusion/

Downloading VMs

Download the three VMs shown below. Each of them is a 7-zip archive.

Download metasploitable Size: 865,084,584
      SHA-256: 2ae8788e95273eee87bd379a250d86ec52f286fa7fe84773a3a8f6524085a1ff

Download Win2008-124 Size: 2,180,234,212
      SHA-256: dc496623ef74fe1dac1dfb3053acea312350f02d83189bd15d2b48d6eb49be22

Download Kali Linux 32 bit VM PAE

Getting 7-Zip

7-Zip is installed in S214. If you need to get it, use these links:

7-Zip for Windows: http://www.7-zip.org/

Ez7z for Mac OS X: https://samsclass.info/124/proj14/ez7z214.dmg

Using VirtualBox

Some students prefer to use VirtualBox. If you want to do that, these links should help:

How to Download and Install Metasploitable in VirtualBox

Download Kali Linux VirtualBox Images


VM 1: Kali Linux and Nessus

Unzip the Kali file and launch the VM.

Logging In to Kali Linux

The default username is root

The default password is toor

Turning off "Blank Screen" in Kali

By default, Kali 2.0 will keep locking the screen after a few seconds of inactivity, which is irritating. To fix this, on the left side of the Kali 2.0 desktop, click the bottom button to "Show Applications", as shown below.

On the right side of the Kali 2.0 desktop, click the lowest circle to show the bottom screen.

Then click Settings, as shown below.

In the "All Settings" window, click Power.

Set "Blank screen" to Never, as shown below.

Testing Networking

Open a Terminal window and ping google.com, as shown below. You should get replies.

Capturing a Screen Image

Make sure the Kali desktop is visible, as shown above.

Click in the host system, capture a whole-desktop image, and save it as "Proj 3a".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT


VM 2: Windows 2008 with Vulnerable Software

Unzip the Win2008-124.7z file you downloaded above. Launch the VM. It will automatically log in, but for future reference the default username is Administrator and the default password is P@ssw0rd

VirtualBox Instructions

If you prefer to use VirtualBox, download this file:
Win2008-124-ovf.7z Size: 3,839,642,200
      SHA-256: b4ac58beba22561845ab09153d7fa5c22600561a3b61c9626020c1138a6c5c77

Unzip it. Then open VirtualBox and click File, "Import Appliance". Navigate to the Win2008-124.ovf file, and click Continue.

In the "Appliance settings" box, make these adjustments:

  • Name: Win2008-124
  • Guest OS Type: Windows 2008 (32-bit)
  • Video Memory: 128 MB
  • Storage: Remove the 102 MB disk
Click Import.

The new VM appears in the list, and you can start it normally.

Viewing Listening Ports

In Windows Server 2008, open a Command Prompt window, maximize it, and execute this command:
netstat -an | findstr LISTEN
You should see the three listening ports shown below (21, 25, and 80), among others.

Capturing a Screen Image

Make sure the three listening ports shown above are visible.

Capture a whole-desktop image and save it as "Proj 3b".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT


VM 3: Metasploitable

Unzip the metasploitable file you downloaded above and launch the VM. Log in with the default credentials: username and password both msfadmin

VirtualBox Instructions

If you prefer to use VirtualBox, download this file:
Metasploitable2-vbox.7z Size: 692,100,274
      SHA-256: 02b128198cb9db2304f0cf45061f186abf326350e6d3dc6da1cebae66027d59d

Unzip it to create a Metasploitable2-Linux.vdi file.

Then open VirtualBox and click Machine, New.

In the "Name and operating system" box, make these entries:

  • Name: Metasploitable2
  • Type: Linux
  • Version: Ubuntu (32-bit)
Click Continue.

In the "Memory size" box, accept the default selection and click Continue.

In the "Hard disk" box, click the "Use an existing virtual hard disk file" button, click the little folder icon, and navigate to the Metasploitable2-Linux.vdi file. Click Open. Click Create.

The new VM appears in the list, and you can start it normally.

A text-only console is visible, as shown below.

Capturing a Screen Image

Make sure the "Linux metasploitable" message is visible, as shown above.

Capture a whole-desktop image and save it as "Proj 3c".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Turning in Your Project

Email the images to cnit.124@gmail.com with a subject line of "Proj 3 From YOUR NAME", replacing "YOUR NAME" with your real name.

Send a Cc to yourself.

Last Modified: 8-28-17 5 pm