What is Metasploitable?

If you are starting out in pentesting you will need a vulnerable machine to use as a target. As you get better and your understanding deepens you will be able to start trying to penetrate more secure systems. However, at the beginning of you pentest journey you will need a less secure machine to test your skills.

If you are getting started with Kali Linux and using Metasploit, you can get frustrated when you don’t get a shell opening up. Especially if you are targeting the latest patch versions of windows, almost all the vulnerabilities in Metasploit are not going to work! They are publicly available vulnerabilities and have been patched already. So until you are good enough to write you down zero-day exploits, you are limited to the tools and scripts built into metasploit.

That is where Metasploitable comes in. This is a linux machine that has been built with specific vulnerabilities already baked in. You can run this on a VM machine in a closed network with your Kali Linux installation and practice exploiting the vulnerabilities. This is as good a place to start as any. With this lab setup you will start to become familiar with the various exploits available, the basics of using Metasploit, the Meterpreter and shell windows. Once you are inside the target machine, what can you do, and how do you proceed? Simply getting a connection is only the beginning!

So how to setup metasploitable on your virtual box?

First go here and download it :-

Once you have the zip file downloaded, extract it. Open up virtual box, and create a new machine.

Name it (I use the name Metasploitable) and select a Linux type, with Linux Other 64 bit version.

Next just use thee default settings for the virtual memory

Now you will select to use an existing virtual disk

and then click the folder icon and navigate to your extruded metasploitable image.

Now click create, and you will fid your new virtual machine is setup.

Now the final thing we will do is setup the network so it’s part of our virtual network with our other virtual box machines. Click the settings and go to the network panel. Change from NAT to NAT Network and select the network name we are using for our virtual machine network.

Now you can start up your metasploitable machine, and login using the following

uName: msfadmin

pWord: msfadmin

now you will be able to hope over to your Kali Linux and run a NMAP, you will see your metasploitable system with all the ports and services open ready for attack.


3 thoughts on “Metasploitable

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: