I made this repository so that it is easier to git pull down any changes to the Vagrantfile onto the kali lab machine.
Starting from the Metaspoitable2 download from rapid7:
-
download the metasploitable2 vmdk
wget http://downloads.metasploit.com/data/metasploitable/metasploitable-linux-2.0.0.zip unzip metasploitable-linux-2.0.0.zip && cd Metasploitable2-Linux -
Use virt-manager to create a new instance, using the
.vmdkas a source disk. Boot the instance. -
Edit
/etc/fstaband remove the line for/dev/sda. This should not be hard-coded -- if the vagrant box uses VirtIO, it will mount a disk as/dev/vdaand metasploitable2 will complain on boot. -
use
visudoto givemsfadminpasswordless-sudo. This is required so that vagrant can provision the host with an additional network interface, as specified in this repo's Vagrantfile. -
shut down the instance.
-
use
qemu-img convertto convert the now-ready .vmdk to .qcow2 format. (vagrant-libvirt only supports qcow2 at time of writing.)qemu-img convert -f vmdk -O qcow2 Metasploitable.vmdk Metasploitable.qcow2
-
use
vagrant-libvirt'screate_box.shconvenient script to package the qcow2 into a vagrant box.wget https://raw.githubusercontent.com/vagrant-libvirt/vagrant-libvirt/master/tools/create_box.sh bash create_box.sh Metasploitable.qcow2
-
optionally, add that box to vagrant, and test that it works, using the below Vagrantfile at a minimum.
vagrant box add Metasploitable.box --name Metasploitable
echo <<EOF > Vagrantfile Vagrant.configure("2") do |config| config.vm.box = "Metasploitable" config.ssh.username = "msfadmin" config.ssh.password = "msfadmin" config.ssh.insert_key = false config.vm.synced_folder ".", "/vagrant", disabled: true end EOF
-
publish the box to vagrant cloud.
vagrant cloud publish ...
- Note: Since
vagrant packagewasn't used to package it,VIRT_SYSPREPwas not ever called, so there is no concern about ssh-hostkeys having been removed, etc.
- Note: Since