Back to course

Setting up a Vulnerable Target Machine (Metasploitable)

Cyber Security Mastery: From Zero to Hero

The Essential Target: Metasploitable

To practice offensive techniques safely and legally within your Virtual Lab, you need a target machine specifically designed to be insecure.

Metasploitable is a deliberately vulnerable Linux VM, maintained by Rapid7, designed to be exploited using the Metasploit Framework.

Setup Instructions

  1. Download: Obtain the Metasploitable 2 or 3 VM image (often a .vmdk or similar file).
  2. Import: Import the VM into VirtualBox.
  3. Network Configuration: Crucially, ensure both your Kali Linux VM and your Metasploitable VM are connected to the same isolated network (e.g., using a VirtualBox Host-Only Adapter or Internal Network mode).
    • NEVER connect Metasploitable directly to your home network or the public internet. It will be immediately compromised.

Initial Check

Once Metasploitable boots (default login: msfadmin/msfadmin), ensure Kali can ping its IP address. This confirms network communication is working for your upcoming attacks.