Metasploit Unleashed Requirements

Prepare your Metasploit Lab Environment

Before learning how to use the Metasploit Framework, we first need to make sure that our setup will meet or exceed the system requirements outlined in the following sections. Taking the time to properly prepare your Metasploit Lab Environment will help eliminate many problems before they arise later in the course. We highly recommend using a system that is capable of running multiple virtual machines to host your labs.

Launching msfconsole

Metasploit Unleashed Hardware Requirements

All of the values listed below are estimated or recommended. You can get away with less in some cases but be aware that performance will suffer, making for a less than ideal learning experience.

Hard Drive Space

You will need to have, at minimum, 10 gigabytes of available storage space on your host. Since we are using virtual machines with large file sizes, this means that we are unable to use a FAT32 partition since large files are not supported in that filesystem, so be sure to choose NTFS, ext3, or some other filesystem format. The recommended amount of space needed is 30 gigabytes.

If you decided to create clones or snapshots of your virtual machine(s) as you progress through the course, these will also take up valuable space on your system. Be vigilant and do not be afraid to reclaim space as needed.

Available Memory

Failing to provide enough memory to your host and guest operating systems will eventually lead to system failure and/or result in being unable to launch your virtual machine(s). You are going to require RAM for your host OS as well as the amount of RAM that you are dedicating for each virtual machine. Use the guide below to help in deciding the amount of RAM required for your situation.

• Linux “HOST” Minimal Memory Requirements
• 1 GB of system memory (RAM)
• Realistically 2 GB or more
• Kali “GUEST” Minimal Memory Requirements
• At least 1 GB of RAM (2 GB is recommended) // more never hurts!
• Realistically 2 GB or more with a SWAP file of equal value
• Metasploitable “GUEST” Minimal Memory Requirements
• At least 256 MB of RAM (512 MB is recommended) // more never hurts!
• (Optional) Per Windows “GUEST” Minimal Memory Requirements
• At least 256 MB of RAM (1 GB is recommended) // more never hurts!
• Realistically 1 GB or more with a page file of equal value

Processor

To ensure the best experience, we recommend a 64-bit quad-core CPU or better. The bare-minimum requirement for VMware Player is a 400MHz or faster processor (500MHz recommended) but these speeds are inadequate for the purposes of this course. The more horsepower you can throw at your lab, the better.

Internet Accessibility

Getting your lab set up will require downloading some large virtual machines so you will want to have a good high-speed connection to do so. If you choose to use “Bridged” networking for your virtual machines and there is no DHCP server on your network, you will have to assign static IP addresses to your guest VMs.

Metasploit Unleashed Software Requirements

Before jumping in to the Metasploit Framework, we will need to have both an attacking machine (Kali Linux) and a victim machine (metasploitable 2) as well as a hypervisor to run both in a safe and secluded network environment.

Hypervisor

Our recommended hypervisor for the best out-of-the-box compatibility with Kali and metasploitable is VMware Player. While VMware Player is “free”, you will have to register in order to download it, and the virtualization applications and appliances are well worth the registration if you do not already have an account. You may also use VMware Workstation or VMware Fusion but neither of these is free.

There are also other options available when it comes to which hypervisor you would like to use. In addition to VMware, two other commonly used hypervisors are VirtualBox and KVM but they are not covered here. Instructions for installing Kali Linux can be found on the Kali Training site.

Kali Linux

Kali Linux is an advanced Penetration Testing and Security Auditing Linux distribution that will be used throughout this course. Kali Linux comes with Metasploit pre-installed along with numerous other security tools that you can try out against your victim machine. You can download the latest version of Kali at:

• http://www.kali.org/downloads/

Once you have downloaded Kali, you can update Metasploit to the latest version in the repos by running apt update && apt upgrade in a terminal.

Metasploitable

One of the problems you encounter when learning how to use an exploitation framework is trying to find and configure targets to scan and attack. Luckily, the Metasploit team is aware of this and released a vulnerable VMware virtual machine called ‘Metasploitable’.

Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox. You can download the image file of Metasploitable 2 from SourceForge.

Never expose Metasploitable to an untrusted network, use NAT or Host-only mode!

Once you have downloaded the Metasploitable VM, extract the zip file, open up the .vmx file using your VMware product of choice, and power it on. After a brief time, the system will be booted and ready for action. The default login and password is msfadmin:msfadmin.

The Metasploitable virtual machine

For more information on the VM configuration, there is a Metasploitable 2 Exploitability Guide on the Rapid7 website  but beware…there are spoilers in it.

To contact the developers of Metasploit, please send email to msfdev [a] metasploit [period] com

Windows

Microsoft has made a number of virtual machines available that can be downloaded to test Microsoft Edge and different versions of Internet Explorer. We will be able to use these VMs when working with some of the exploits and tools available in Metasploit. You can download the VMs from the following URL:

• https://dev.windows.com/en-us/microsoft-edge/tools/vms/

Once you have met the above system requirements, you should have no trouble running any tutorials from the Metasploit Unleashed course.

source: https://www.offensive-security.com/metasploit-unleashed/requirements/

Whiskey in the Jar Poznan (Poland)

What with Stary Rynek being most people’s first port of call, it’s always good to have a bit of variety. Whiskey in the Jar ticks the box for 'good-old-fashioned rock ‘n’ roll bar,' but this isn’t your typical grubby rock pub - rather a classy joint serving steaks and burgers and killer cocktails guaranteed to leave your head spinning (Don’t believe us? See how many of their Jack Daniel’s Whisky Jars you can work your way through in one sitting).

10 More Useful Travel Websites You Need To Know About

Sometimes a little insider knowledge goes a long way. These days we are our own travel agents. We research, re-search and search some more to find the best travel destinations and deals online. But what if we can make it just that little bit easier for ourselves? Here are 10 travel websites you need to know about, pronto!

Rome 2 Rio

R2R is the bomb dot com. Well, not really… its rome2rio.com, but if there could be just one website to top the list of helpful travel resources, this website would be it. In a nutshell: you type the destination you want to travel from and the destination(s) you want to travel to. R2R robots work some magic behind the scenes and BAM! The R2R fairies will tell you how to get from point A to point B the fastest and cheapest ways – listing them in order of best-worst. They’ll even calculate an estimate on how much the flight will cost or how much petrol will be used. Genius. 

Roadtrippers

It baffles me that some (many) Americans don’t know about this website. If you’re an offender, it’s okay. I forgive you. Welcome to road trip planning heaven – your life will never be the same again. In a nutshell: Roadtrippers is the ultimate resource for roadtripping around the USA. It will pinpoint all of the hotels, all of the attractions, all of the weird kooky stuff and everything in between, and save it for you as a map. Awesome.

Skyscanner

I get the shock of my life every time someone tells me they haven’t yet heard about Skyscanner. In Australia and Europe its a staple go-to-website for booking flights, but somehow ye Americans haven’t yet caught on to the flight comparing search engine. In a nutshell: Skyscanner compares flights and shows you the cheapest option. But my favourite feature is the ‘everywhere’ button. Say for instance I want to go on a trip from Melbourne, Australia, but I’m not sure where to. I simply select “everywhere” and the magic elves behind the screen will tell me my options from cheapeast – most expensive. Great for the spontaneous travellers.

Air BnB

Once upon a time you wouldn’t be able to travel to popular cities without booking accommodation months in advance to ensure you weren’t a) stuck out on the street or b) left to pay a fortune for a last-minute room. Gone are the days of low supply and high demand, and in are the days of choices, choices, choices. In a nutshell: AirBnB makes it possible to rent someone else’s private apartment or a room inside for a night, week, month or more. Great for those who enjoy a more local, authentic experience outside of hotels.

Viator

If Viator didn’t insist on making their tours and airport transfers way more expensive than the norm, I’d use them all the time. But because they insist on hiking the prices on unsuspecting travellers, I only ever use this website as a first port of call, followed by booking the tours direct once I know whats out there in a city. In a nutshell: A directory of tours, airport transfers and private city tours. Its much more expensive than booking direct, but a great searching tool.

Spotted by Locals

If you like to explore a city more like a local and less like a visitor, this is a great resource for you on the road. In a nutshell: Spotted by locals offer city guides catered to the traveller who likes a more local, ‘off-the-beaten-path’ experience. 

Airhelp

Chances are you don’t know your airline rights. That’s okay, most of us don’t. But when things do go wrong, you’re gonna wish you did. Airhelp is a great resource for recovering money when things go wrong and knowing your rights. In a nutshell: A website that helps you get money back. Now that’s a winner!

Skift

A great resource to find out what is happening in the travel industry. Who’s doing what, what’s news, what’s old news, breaking industry news… you get the gist. In a nutshell: Skift is a news website for travel geeks. Hoorah!

Skiplagged

Another resource to help you find cheap flights in a less-traditional route. Skiplagged lets you find cheap flights by highlighting hidden cities. For example, say you want to fly from Boston to Philadelphia. It may be cheaper for you to book a flight through to an alternative destination with Philadelphia as a stopover. You book that flight (found for you by the skiplagged fairies) and simply get off at your connecting airport. In a nutshell: A genius little invention for one-way travellers.

Travel Blogs (Google is your friend)

Last but not least, the world wide web is full of great travel blogs (you’re on one right now – hah!). But on a serious note, there are truly some great travel blogs out there. There are many reasons why blogs are a better resource than guides – first off, they’re free! You can peruse blogs for hours and find loads of relevant information without paying a cent. But my favourite reason for choosing blogs over traditional travel guides is the personality behind them. You can match up your personality with that of a travel blogger and trust their travel tips to suit your own personal needs. In a nutshell: blogs are the way to go in the present day! A great way to keep up with your favourite blogs is to follow them on Bloglovin’ (a site that allows you to save blog posts for future reference and discover new blogs you’ll love along the way!!). But of course, google is a great way to search for great blogs. Simply type in a few key words or a phrase that will help you find what you’re looking for and google will do the hard work for you. The best blogs out there will come up on the first page of the search engine. Problem(s) solved!

So, over to you! What are some great travel blogs you can recommend to other readers!? Would love to see your recommendations in the comments below!

International Holocaust Remembrance Day

photo by logarithmo // licenced by creative commons // free distribution

International Holocaust Remembrance Day, is an international memorial day on 27 January commemorating the tragedy of the Holocaust that occurred during the Second World War. 

It commemorates the genocide that resulted in the death of an estimated 6 million Jewish people, 200,000 Romani people, 250,000 mentally and physically disabled people, and 9,000 homosexual men by the Nazi regime and its collaborators. 

It was designated by the United Nations General Assembly resolution 60/7 on 1 November 2005 during the 42nd plenary session.The resolution came after a special session was held earlier that year on 24 January 2005 during which the United Nations General Assembly marked the 60th anniversary of the liberation of the Nazi concentration camps and the end of the Holocaust. 

On 27 January 1945, Auschwitz-Birkenau, the largest Nazi concentration and death camp, was liberated by the Red Army. Prior to the 60/7 resolution, there had been national days of commemoration, such as Germany's Tag des Gedenkens an die Opfer des Nationalsozialismus (The Day of remembrance for the victims of National Socialism), established in a proclamation issued by Federal President Roman Herzog on 3 January 1996; and the Holocaust memorial day observed every 27 January since 2001 in the UK. The Holocaust Remembrance Day is also a national event in the United Kingdom and in Italy.

Why Your Phone's Airplane Mode Isn't Just for Flying

istock / creative commons / free distribution

There are plenty of steps you can take to boost your productivity: You can design the perfect home office, buy an organizer, and pack your schedule efficiently. But none of that matters if you can’t help but check your phone every five minutes once you finally start a project. To avoid this distraction, Tim Ferriss, author of the 4-Hour Workweek, uses a surprisingly simple trick that he recently shared on his podcast.

As Business Insider reports, Ferriss has his phone on airplane mode for 80 percent of his day. That includes the hours after he's finished dinner and is winding down for bed all the way through the morning hours when he's planning the day ahead.

Cutting yourself off from all calls, texts, emails, and social media isn't always practical, especially during the work day when your coworkers might need to contact you. But if you ever set aside time to be alone, either for mindful reflection, personal projects, or general downtime, the only way to make sure you're really alone is to unplug. Leaving your phone in another room or powering down all together might be agitating if you're addicted to your phone, and even on vibrate mode phones can still be distracting. By switching it to airplane mode, you can get the mental comfort of checking your phone compulsively without the actual notifications to pull you away from your task.

For some people, breaking their addiction to technology isn't as easy as activating a setting on their phone. If you're serious about reducing your screen time, try these tips.

[h/t Business Insider]

My Name is Sotiris

My Name is Sotiris