Metasploitable 2: Lab Setup

Metasploitable 2: Lab Setup

Image for post

Metasploitable 2 is a vulnerable server created for pentesting training. In this suite of articles I?ll guide you through the vulnerabilities and exploit them with the metasploit framework and other tools.

Setting our environment

Our environment will be composed of several virtual machines. Our first task is making sure out host machine is capable of running multiple guest OSes.


There are several hypervisers available (VMWare, Virtualbox, Hyper-V, etc). I?m currently running Virtualbox but feel free to chose your own.

Kali Linux

It?s possible to download and install Kali Linux from the project?s site. I advise to download a preconfigured ISO from Offensive Security (


Kali has lots of tools for pentesting. It?s paramount to keep them updated. Open the terminal and type:

$ apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y && apt-get autoremove -y


The metasploitable ISO is availble in Rapid 7?s site or on Sourceforge ( The ISO is VMWare format.

Virtualbox (optional)

Unzip the file. Create a new VM. Choose Linux->Ubuntu (64bit), give it at least at least 1024MB RAM and do not create a HDD. Wait and add the disk *.vmdk:

Image for post

Change the network configuration:

Image for post


Start the machine and determine its IP address:

$ ip address

Image for post

Lets now start our pentest.

Image for post

Worspace settings

Now open the terminal and prepare the DB:

$ sudo service postgres start

$ msfdb init

$ msfconsole

Image for post

Lets check for DB status, create our workspace and set our global RHOSTS:

> db_status

> help workspace

> workspace -a metaploitable2

> setg RHOSTS

> save

Finnaly, we?ll check for open ports in metasploitable. We know it?s a vulnerable machine so let?s expand our port scan:

> db_nmap -p-

Image for post

We can use nmap scan, or msf syn scanners:

> use auxiliary/scanner/portscan/syn

> run

Image for post


We?re now ready to start pentesting our metasploitable machine without the worry of breaking the law.


No Responses

Write a response