I had been trying for a while to set up a couple of virtual machines in such a way that I could demonstrate the working of Metasploit on my Mac. At last today, I have figured out how to do it.
What you’ll need:
1. A Mac (I have a MacBook Pro running OS 10.5.7)
2. VMWare Fusion (I run version 1.1.2, but this should not matter too much)
3. BackTrack 4 (DVD iso can be downloaded from here. NB not the VMWare image!!!)
4. Some old Windows installation cd (can be Windows 2000 or Windows XP)
Setting up BackTrack
1. Download the iso from the link given above
2. Set up BackTrack 4 as a virtual machine in VMWare Fusion:
3. Set BackTrack network to ‘Bridged’:
4. Start networking:
Remember this IP address (192.168.178.26). This will be the local (‘attacker’) IP address later on!
5. Start KDE:
6. Start Metasploit (the web version, msfweb):
7. Wait about 15 seconds, then open a browser and go to http://127.0.0.1:55555:
8. BackTrack 4 and Metasploit are all set!
Setting up Windows 2000
9. Install Windows 2000 (no screenshots provided, use the VMWare help if this should prove difficult)
10. Set network to bridged:
11. Check the Windows IP:
Lo and behold! The windows IP address is 192.168.178.21! This will be the ‘target’ address later on.
Demonstrate Metasploit
12. Start ‘Exploits’ on your BackTrack 4 virtual machine:
13. Search for ‘rpc dcom’ and click:
14. Click on the target link provided (if you’re into reading, you can also click the ‘external references’):
15. At ‘target address’, type in the IP address of the windows virtual machine (refer to step 11 above):
16. At ‘local address’, type in the BackTrack 4 virtual machine IP address (refer to step 4 above), then ‘launch exploit’:
16. Are you sure you want to send unencrypted data? 
17. The VNC session will be started, and you will have gained control over the other virtual machine:
Leave a Reply