How to Setup and Configure Metasploitable

What is Metasploitable?

Metasploitable is an intentionally vulnerable machine for the purpose of performing pentests and security research. This is a great way to practice honing your pentesting skills and/or develop new ones using tools such as Nmap, Nessus and many others. This guide will go through steps on how to setup and configure Metasploitable so that you can practice your cybersecurity/pentesting skills on a vulnerable machine.

Prerequisites

For this project you’re going to need VirtualBox, a VM image of Metasploitable and a network connection. You can use other Virtualization software such as VMware however, for consistencies sake, we are going to use VirtualBox. You can install VirtualBox and Metasploitable from the links listed below.

VirtualBox: https://www.virtualbox.org/wiki/Downloads

Metasploitable: https://sourceforge.net/projects/metasploitable/


Installation

Once you have VirtualBox installed and have downloaded the VM image for Metasploitable lets begin by creating the machine.

1. Open VirtualBox, click the Machine option at the top, select new.

2. Create the machine.

· Name and OS: Name your VM Metasploitable (or any name you prefer), pick the folder you want to save your image in, leave ISO as not selected, choose Linux as the type and Ubuntu (64-bit) as the version. Skip the unattended install section.

· Hardware: base memory should be at least 512 MB of RAM however, 1024 MB or more is recommended. One processor is fine.

· Hard Disk: Select use an existing virtual hard disk file, select the Metasploitable image you downloaded in the prerequisite section. It’s the .vmdk file. Click finish.

3. Configure the VM Settings

· Network: Click on the Metasploitable VM, click settings > network > host-only adapter. This will allow Metasploitable to talk to the host machine as well as other VMs within VirtualBox. This is isolated to only the VMs and the host. No other computers can access the machine, nor can it connect to the internet.

4. Start the Metasploitable VM

· Boot the VM: Select the Metasploitable VM, click start.
· Login: Once the VM boots up, you should see a terminal with a login prompt. The default credentials are
- Username: msfadmin
- Password: msfadmin

5. Things to know when using Metasploitable
· Metasploitable is designed to be intentionally vulnerable. Do not expose it to the internet or any other untrusted networks.
· Consider running Metasploitable in a completely isolated network or within a dedicated lab environment to prevent accidental exposures to vulnerabilities.
· Use tools like Metasploit, Nmap, Nessus and other security tools to explore and practice your cyber security skills.

By following this guide, you should be able to set up and run Metasploitable in a VM environment providing you with a safe basis to practice your pen testing and security skills.