Metasploit Framework (Part 1): Setting up Metasploitable2 in VirtualBox

Setting up an intentionally vulnerable machine for pentesting

Today’s the start of a series on using Metasploit Framework to learn penetration testing (or pentesting for short).

In order to learn the ropes of Metasploit, we will need a vulnerable machine to practice finding vulnerabilities and exploiting them.

So, in order to provide a legal and safe environment for pentesting, we can use Rapid7’s Metasploitable, a Ubuntu Debian-based machine, which has been made intentionally vulnerable.

Downloading Metasploitable

1. First of all, make sure you have VirtualBox installed on your machine.

2. Let’s navigate to Metasploitable website: https://sourceforge.net/projects/metasploitable/files/Metasploitable2/ and hit on the green Download button

3. Once the zip file has been downloaded, extract its content to a location where you usually keep your VirtualBox virtual machines.

Setting Up Metasploitable in VirtualBox

1. Now fire up VirtualBox, and click on ‘New’ to create a virtual machine for Metasploitable2

2. In the ‘Create Virtual Machine’, enter the VM name, and set the OS (operating system) Type to Linux, and Version to Ubuntu (64 bit)

3. Make sure that the memory is not below 512 MB

4. Now open the toggle next to Hard Disk. We’ll choose ‘Use an Existing Virtual Hard Disk file’ option, in order to use the .vmdk file in the Metasploitable unzipped folder.

5. Click on the folder icon next to the option. We’ll be asked to either add a new Virtual Hard Disk file, or use an existing one. We will go for the former, and click on ‘Add’ icon.

6. Then navigate to the folder where we unzipped Metasploitable contents, and select the file like in the screenshot below:

7. Now, choose the Metasploitable vmdk file in ‘Hard Disk selector’

8 . Once we hit the ‘Choose’ button, we’re back to the ‘Create Virtual Machine’ window. Click on Finish to complete the configuration for our Metasploitable machine. You’ll notice a new VM appear in the list of VMs

Starting Up Metasploitable Machine

1. Start the newly created Metasploitable machine. Wait for the VM to boot up (it may take a while). We will be brought to the following screen, which is Metasploitable login screen.

2. The default login credentials are msfadmin:msfadmin. Let us log in with these credentials.

Once we’re logged in, we’ve got Metasploitable up and running!

In next part, we will set up our Kali Linux pentesting machine and Metasploitable machine on the same network (crucial, otherwise you won’t be able to send payloads to the target machine), and explore various interfaces under Metasploit Framework.

Happy hacking!