User:Vid2vid/sandbox/Metaspolitable
20200325W: "Creating User:Vid2vid/sandbox/Metaspolitable" --From Peter, a.k.a. Vid2vid (his WP talk page), updated 🖋 on 00:40, 26 March 2020 (UTC)
[[File:Create own later? or [1]] | |
Developer | Rapid7, now SourceForge (( per URL1 OR URL2 )) |
---|---|
OS family | Linux |
Working state | Discontinued |
Initial release | May 19, 2010 (( per this website )) |
Latest release | 3.0 |
Marketing target | IT, Computer Security, CyberSecurity Students, Professors, Careers/Professionals, Training, Trainers, for Demonstration and Education Purposes.. |
Available in | English |
Package manager | Debian / apt-get a.k.a. dpkg |
Platforms | 32bit, x64 |
Kernel type | Monolithic kernel (Linux kernel) version 3.000000000000000000000069 ((VISITL)) |
Default user interface | Gnome ((OR VISITL)) |
License | BSD License, GNU General Public License version 2.0 (GPLv2) (( per this link)) |
Metasploitable is a discontinued[1], purposefully unsecured Linux distribution and learning tool/utility, geared toward Cybersecurity and computer security students and careers/professionals. It functioned as a tool for observing and studying vulnerabilities in the Linux kernel and was a popular user space software. It was available as a live DVD, and also could be run on a virtual machine within a host operating system and hypervisor.[1]
Description
[edit]The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMWare (formerly Dell's), Oracle VirtualBox, Microsoft Hyper-V and Azure, Digital Ocean, Amazon Web Service, and Google Cloud, as well as some other common virtualization platforms and businesses. By default, Metasploitable's network interfaces are bound to the NAT and Host-only network adapters, and the image should never be exposed to a hostile network or placed outside a firewall (e.g. between WiFi firewall router appliance and ones . (Note: A video tutorial on installing Metasploitable 2 is available here.) This document outlines many of the security flaws in the Metasploitable 2 image. Currently missing is documentation on the web server and web application flaws as well as vulnerabilities that allow a local user to escalate to root privileges. This document will continue to expand over time as many of the less obvious flaws with this platform are detailed.
History
[edit]Metasploitable was created by VISITL VISITL, the founder of The VISITL Laboratory at VISITL University,[1] to use as a training system for his/her university lectures.
Design
[edit]Metasploitable was a Debian-based distribution, and used the Gnome((VISITL)) .tgz & apt-get package management system.[1] It used:
- Outdated versions of various software,
- Unsecured servers and services and background processes,
- (Obsolete) packages to avoid,
- Operating system components, and ...
- The OS opened various TCP logical communication ports to deliberately make it an extremely vulnerable operating system ever -- for testing purposes.[1]
Metasploitable was also distributed as a live CD, allowing it to be booted directly from the distribution medium without installation, into the RAM only, on a PC or within a virtual machine.[1]
See also
[edit]References
[edit]- ^ a b c d e f "VISITL_TITLE_HERE". Archived from the original on Mar 25, 2010. Retrieved March 25, 2020.
External links
[edit]- Metasploitable Linux official website
- SourceForge's listing for Metasploitable, with download link
- Rapid7's in-depth analysis of all the issues with Metasploitable
- Rapid7's Metasploitable download (registration) website
- Medium.Com May 10, 2017 article about the inception of Metasploitable
Category:Free security software Category:Linux security software Category:Debian-based distributions Category:Discontinued Linux distributions