Testing Metasploit against a vulnerable service

When learning security and hacking, one of the key tools that *everyone* uses is Metasploit. The downside is that to really play with it you need a vulnerable system, which unless you download some is a little harder to do. A few choices are (there are more I am sure, feel free to comment for others):



Broken Web Applications Project


OWASP WebGoat Project

Graceful VulnVM


Of course, the key here is that you have to build out a pen testing lab, to host all of the other Virtual Machines. To get an idea of where to start you can use this great article from the team at the InfoSec Institute: http://resources.infosecinstitute.com/building-your-own-pentesting-environment/

This will get you started on this approach. If you don’t want to, or don’t have the infrastructure to actually build out a full lab, then great news, as the Rapid7 team have released the Metasploit Vulnerable Service Emulator. The idea behind this is to help with training while learning how to use Metasploit, as well if testing new Metasploit modules you may be creating. You can find the project here in GitHub: https://github.com/rapid7/metasploit-vulnerability-emulator

To get started I have spun up a simple Ubuntu Desktop VM, you can use other versions of Linux or even utilize the service as part of a core Metasploit install you already have. I chose a single Ubuntu VM, as I can isolate it on my network and run both the emulator and Metasploit components for testing. If you have never installed Metasploit you can use the following guides:


On my Ubuntu machine, I ran the following command to ensure the dependency packages are installed.

sudo cpanm install IO::Socket::SSL Try::Tiny IO::Compress::Gzip Compress::Zlib Storable JSON

If you hit an issue with using “cpanm“, then this command: curl -L http://cpanmin.us | perl – –sudo App::cpanminus

Now we need to actually get the emulator down to the machine. This done by cloning it down using Git, the same as we did for getting Metasploit itself.

cd /opt
sudo git clone https://github.com/rapid7/metasploit-vulnerability-emulator.git
sudo chown -R ‘your user account’ /opt/metasploit-vulnerability-emulator

Now we can run the emulator by running the perl script and passing in what we want to run.

perl vulEmu.pl

This will then allow us to actually activate any of the exploits available and make it work within the Virtual Machine without the need to move off box. The exploits that are available by default in the emulator are listed in the “Service.cfg” file. You can modify this to add whatever you want to test, picking any of the existing exploit modules from Metasploit, or creating your own. To test one of the in-built ones, you can open the “Service.cfg” file and select one.

We will use one of the auxiliary scanners by typing:

activate auxiliary/scanner/ftp/anonymous

Within Metasploit we now enter the following:

use auxiliary/scanner/ftp/anonymous
setg RPORT 80

This will then return a successful response, nothing spectacular I know, however shows the principle. You can of course see the full list that is available in the “Service.cfg” or even add new ones as needed by following the JSON format outlined in GitHub.


All in all, this has great potential, as more of the JSON structures are added then testing any of the exploits or scanners could be possible. Great job by the Rapid7 team

Liam Cleary

Liam began his career as a Trainer of all things computer-related. He quickly realized that programming, breaking, and hacking was a lot more fun. He spent the next few years working within core infrastructure and security services until he found SharePoint. He is the founder and owner of SharePlicity, a consulting company that focuses on all areas of Technology. His role within SharePlicity is to help organizations implement technology that will enhance internal and external collaboration, document and records management, automate business processes, and of course security controls and protection. Liam also serves as the Principal Technology Advisor at Rencore, where he is helping to develop offerings that help organizations further understand and mitigate security and compliance risks, within SharePoint and Office 365 customization's. His core focus will is to identify, control, and protect whether they are full-fledged customization's or out-of-the-box Office 365 functionality. He is also a thirteen-time Microsoft MVP focusing on Architecture but also crosses the boundary into Development. He is also a Microsoft Certified Trainer (MCT). His specialty over the past few years has been security in SharePoint and its surrounding platforms. He can often be found at user groups or conferences speaking, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet or building Lego robots.

You may also like...