Backtrack 5 & Metasploitable Setup

TL;DR

This guide helps you set up Backtrack 5 R2 (a penetration testing Linux distribution) and Metasploitable 2 (a deliberately vulnerable virtual machine) for learning cyber security. It covers installation, networking, and basic vulnerability scanning.

Setting Up Backtrack 5 R2

1. Download Backtrack 5 R2: You can find the ISO image online from archive sites (search for ‘Backtrack 5 R2 download’). Be careful where you download from, and verify the checksum if possible.
2. Create a Virtual Machine: Use virtualization software like VirtualBox or VMware.
   • Allocate at least 1GB of RAM to the VM.
   • Give it around 20-30GB of disk space.
   • Select Linux as the operating system type and Debian (or a similar option) as the version.
3. Install Backtrack: Boot from the ISO image you downloaded.
   • Follow the on-screen instructions to install Backtrack.
   • Choose a username and password during installation. Remember these!
   • Ensure you have internet access during installation for updates.
4. Update Backtrack: After installation, open a terminal and run the following commands:

   sudo apt-get update

   sudo apt-get upgrade

   This will ensure your system has the latest packages.

Setting Up Metasploitable 2

1. Download Metasploitable 2: Search online for ‘Metasploitable 2 download’. It’s typically available as a VirtualBox OVA file.
2. Import the OVA File: In VirtualBox, go to File > Import Appliance and select the downloaded OVA file.
3. Start Metasploitable 2: Start the virtual machine.
   • Metasploitable 2 has a default username/password combination: msfadmin / msfadmin.
   • It takes a while to boot up, so be patient.

Networking Configuration

To allow Backtrack to access Metasploitable, you need to configure networking.

1. Bridged Networking (Recommended): In VirtualBox settings for both VMs:
   • Go to Network > Adapter 1.
   • Set the attachment type to ‘Bridged Adapter’.
   • Select your host machine’s network adapter. This gives Metasploitable an IP address on your local network.
2. Host-Only Networking: Alternatively, use Host-Only Adapter if you don’t want Metasploitable directly accessible from other devices on your network.
   • In VirtualBox settings for both VMs:
     Go to Network > Adapter 1.
   • Set the attachment type to ‘Host-only Adapter’.
3. Find Metasploitable’s IP Address: Once Metasploitable is running, open a terminal within it and use:

   ifconfig

   Look for the inet addr entry under your network interface (usually eth0). This is its IP address.

4. Ping Test: From Backtrack’s terminal, ping Metasploitable to confirm connectivity:

   ping [Metasploitable's IP Address]

   If you get replies, the network is configured correctly.

Basic Vulnerability Scanning with Nmap

Nmap is a powerful tool for discovering hosts and services on a network.

1. Scan Metasploitable: From Backtrack’s terminal, run the following command to scan Metasploitable:

   nmap -A [Metasploitable's IP Address]

   The -A option enables OS detection, version scanning, script scanning, and traceroute.

2. Interpret Results: Nmap will output a list of open ports, services running on those ports, and potential vulnerabilities.
   • Pay attention to the ‘Service’ column – this tells you what application is listening on each port.
   • Look for versions with known vulnerabilities (Nmap often highlights these).