In this article I go over how to install Metasploitable in VirtualBox. Metasploitable is a virtual machine with several intentional misconfigurations and vulnerabilities for you to exploit. This is a great tool for sharpening your penetration testing skills.
You can definitely get Metasploitable up and running with out a full lab, but I highly recommend you build a virtual penetration testing lab first.
Grab a copy of the Metasploitable virtual machine at: SourceForge
While you are waiting for the file to download you can start setting up the VM.
Create the VirtualBox VM
Create a new virtual machine in Virtual Box. Give the machine a descriptive name, and select Linux as the type.
Use an Existing Hard Disk
During the installation select Use an Existing Hard Disk File and select the downloaded Metasploitable vmdk file.
Once the machine has been created, go ahead and fire it up.
Start the VM
After the initial boot process you will be greeted by the Metasploitable login screen. The default username is “msfadmin”, and the default password is also “msfadmin”.
That is all it takes to install Metasploitable. Now you may be wondering where to begin…
Where to Start in Metasploitable
It can be overwhelming if you have no idea how to start. Running a simple nmap scan against Metasploitable should give you plenty of avenues to explore.
If you are still having trouble, there are tons of guides available for hacking your way through Metasploitable.
You may also find the cyber kill chain to be a good framework for pentesting any system.
Feel free to drop a comment below with any Metasploitable questions!