Recently I attempted to build the new Rapid 7 Metasploitable 3 VM for use in my pentest lab on Ubuntu 16.10. Followed the instructions on their Github page to the letter, but failed in variety of areas. The good news is that I was able to hack my way through all them to get it built. This blog entry is going the steps you need to take to successfully build the VM on a Ubuntu/Debian based system. I’m assuming you may run into similar issues on a Fedora-type system, but your mileage may vary.
No issues with Packer, beyond just installing it with:
sudo apt-get install packer
First you to need to install Vagrant:
sudo apt-get install vagrant
Second, you before you can build the vagrant-reload plugin, you need to install the ruby-dev package with:
sudo apt-get install ruby-dev
Now you can install the plugin with:
vagrant plugin install vagrant-reload
Due to the dependency upon WinRM and with the Vagrant version in the Ubuntu/Debian repo you will need to install:
vagrant plugin install winrm --plugin-version 1.8.1
vagrant plugin install winrm-fs
The 1.8.1 version is key in order for the build to complete successfully.
Metasploitable 3 Build Script
The Metasploitable 3 build script has some checks that fail due to the latest version of Virtualbox that’s in the Ubuntu/Debian repo. The main reason is they are checking for a specific version of Virtualbox and since with Ubuntu/Debian your running a newer version than what the build script requires, it fails.
Since we know we already have the necessary dependencies built, we can just run the build commands manually:
TMPDIR=/home/tmp packer build windows_2008_r2.json
The TMPDIR directive was another gotcha as I only had 1GB of space allocated to my /tmp filesystem and the process ran out of space. Point the TMPDIR variable to a path where you have enough space.
Now we can create the Vagrant box with:
vagrant box add windows_2008_r2_virtualbox.box --name metasploitable3
And then start it up with just:
vagrant up and your good to go.