What is Metasplotable?
Metasploitable2 is a purpose-built virtual machine designed for cybersecurity professionals and penetration testers. Packed with intentional vulnerabilities and security flaws, it provides a realistic environment for testing security tools and conducting assessments. Fully compatible with the Metasploit Framework, Metasploitable2 is an excellent resource for hands-on security testing. In this guide, we’ll walk you through the step-by-step process of installing and using Metasploitable2 on VirtualBox, making it easy to set up your own testing environment.
Step 1: Download Metasploitable2
Click the following link to download Metasploitable2: Metasploitable2 Download Link. After the download completes, store the zip file on your computer for extraction.
Step 2: Extract the Downloaded File
Locate the downloaded zip file, then right-click it and select “Extract Here.” The extracted folder will contain a virtual machine image in VMDK or OVF format, which will be used for setup. (Shell to Meterpreter Transition in Metasploit)
Step 3: Create a New Virtual Machine in VirtualBox
- Open VirtualBox and click the “New” button to start creating a virtual machine.
- Enter a name for your VM, such as “Metasploitable2.”
- (Optional) Specify a folder path to store the virtual machine files if you’d like to keep them in a specific directory.
- Set “Linux” as the operating system type and “Other Linux (64-bit)” as the version.
- Click “Next” to proceed.
Step 4: Adjusting System Resources
Before finalizing your virtual machine setup, adjust the RAM and CPU allocation based on your needs. While the default settings work fine, allocating more resources can improve performance, especially for intensive testing.
Step 5: Adding an Existing Virtual Hard Disk
Select “Use an existing virtual hard disk file.”
Locate and add the extracted Metasploitable2 file to VirtualBox.
At this stage, your virtual machine image is successfully loaded and ready to configure.
Step 6: Configuring Network Settings
Right-click on the Metasploitable2 virtual machine and select “Settings.”
Navigate to the “Network” tab to adjust your VM’s connectivity.
Choose the appropriate network mode—NAT or Bridged Adapter—to manage external connections and ensure proper communication for security testing. In my case I chose the pfsense-LAN so I can monitor traffic alerts using snort. Here is a write up on how to set up pfsense here.
Conclusion
Your Metasploitable2 virtual machine is now successfully set up in VirtualBox. To start the VM, simply double-click on it. Once Metasploit launches, you can interact with the system using your keyboard.
At the login screen, enter the credentials:
- Username:
msfadmin - Password:
msfadmin
From here, you’re ready to conduct penetration tests and analyze security vulnerabilities using the Metasploit Framework. Follow this guide closely to ensure a smooth setup and testing process.
