How to Install Metasploitable in VirtualBox

In this article I go over how to install Metasploitable in VirtualBox. Metasploitable is a virtual machine with several intentional misconfigurations and vulnerabilities for you to exploit. This is a great tool for sharpening your penetration testing skills.

You can definitely get Metasploitable up and running with out a full lab, but I highly recommend you build a virtual penetration testing lab first.

Download Metasploitable

Grab a copy of the Metasploitable virtual machine at: SourceForge

Grab Metasploitable over at SourceForge

While you are waiting for the file to download you can start setting up the VM.

Create the VirtualBox VM

Create a new virtual machine in Virtual Box. Give the machine a descriptive name, and select Linux as the type.

Create virtual machine to install Metasploitable

Use an Existing Hard Disk

During the installation select Use an Existing Hard Disk File and select the downloaded Metasploitable vmdk file.

Install Metasploitable VMDK

Once the machine has been created, go ahead and fire it up.

Start the VM

After the initial boot process you will be greeted by the Metasploitable login screen. The default username is “msfadmin”, and the default password is also “msfadmin”.

Login screen after installing Metasploitable

That is all it takes to install Metasploitable. Now you may be wondering where to begin…

Where to Start in Metasploitable

It can be overwhelming if you have no idea how to start. Running a simple nmap scan against Metasploitable should give you plenty of avenues to explore.

If you are still having trouble, there are tons of guides available for hacking your way through Metasploitable.

Nmap scan after installing Metasploitable

You may also find the cyber kill chain to be a good framework for pentesting any system.

Feel free to drop a comment below with any Metasploitable questions!

2 thoughts on “How to Install Metasploitable in VirtualBox

Leave a Reply

Leave a Reply

Your email address will not be published.

The reCAPTCHA verification period has expired. Please reload the page.