Setting up Metasploitable 2 in a VM

The vulnerable virtual machine that we are going to use is Metasploitable 2. The famous H.D. Moore of Rapid7 created this vulnerable system.

There are other deliberately vulnerable systems besides Metasploitable 2 that you can use for your penetration testing learning process, as can be seen at the following site: https://www.vulnhub.com.

Metasploitable 2 has many vulnerabilities in the operating system, network, and web application layers.

Information about the vulnerabilities contained in Metasploitable 2 can be found on the Rapid7 site at https://community.rapid7.com/docs/DOC-1875.

To install Metasploitable 2 in VirtualBox, you can perform the following steps:

  1. Download the Metasploitable 2 file from http://sourceforge.net/projects/metasploitable/files/Metasploitable2/.
  2. Extract the Metasploitable 2 ZIP file. After the extraction process is completed successfully, you will find five files:
Metasploitable.nvram 
Metasploitable.vmdk 
Metasploitable.vmsd 
Metasploitable.vmx 
Metasploitable.vmxf 
  1. Create a new virtual machine in VirtualBox. Set the Name to Metasploitable2, the operating system to Linux, and the Version to Ubuntu.
  2. Set the memory to 1024MB.
  3. In the Virtual Hard Disk setting, select Use existing hard disk. Choose the Metasploitable files that we have already extracted in the previous step.
  4. Change the network setting to Host-only adapter to make sure that this server is accessible only from the host machine and the Kali Linux virtual machine. The Kali Linux virtual machine's network setting should also be set to Host-only adapter for pen testing local VMs.
  5. Start the Metasploitable2 virtual machine. After the boot process is finished, you can log in to the Metasploitable2 console using the following credentials:
    • Username: msfadmin
    • Password: msfadmin

The following is the Metasploitable 2 console after you have logged in successfully: