How to Set Up Metasploitable on a Virtual Machine: Build Your Own Cybersecurity Lab

Chris HolcombeChris Holcombe
3 min read

Creating a home cybersecurity lab is a critical step for anyone exploring ethical hacking, penetration testing, or security research. In this tutorial, we’ll walk through setting up Metasploitable on VirtualBox, from downloading the virtual disk image to configuring the network and logging in.

What is Metasploitable?

Metasploitable is a vulnerable-by-design virtual machine used for penetration testing and security research. It's an excellent tool for learning about exploit development, vulnerability assessment, and network analysis.

Step 1: Download Metasploitable

  1. Visit the official Metasploitable download page.

  2. Download the pre-configured .vmdk (Virtual Machine Disk) file.

Step 2: Set Up Metasploitable in VirtualBox

Create a New Virtual Machine

  1. Open VirtualBox and click New to create a virtual machine.

  2. Provide the following details:

    • Name: Metasploitable

    • Type: Linux

    • Version: Ubuntu (32-bit or 64-bit, depending on your download).

Configure Resources

  1. Allocate resources for the virtual machine:

    • Memory: 1 GB (1024 MB) is recommended.

    • Storage: You’ll link the .vmdk file, so no need to assign extra disk space.

Attach the Virtual Disk

  1. When prompted to select a hard disk, choose Use an existing virtual hard disk file and browse to the location of the .vmdk file you downloaded.

  2. Confirm the setup and click Finish.

Step 3: Troubleshooting the Installation

If you encounter issues during setup, follow these steps:

  1. Delete the Virtual Disk:

    • Go to File > Virtual Media Manager in VirtualBox, select the Metasploitable disk, and remove it.

  2. Clean the VirtualBox VM Directory:

    • Navigate to C:\Users\<YourUsername>\VirtualBox VMs (or your equivalent directory) and delete the Metasploitable folder.

  3. Re-extract the Files:

    • Re-extract the .vmdk file from your download and place it in your designated VM folder.

  4. Restart the Setup:

    • Follow the steps above to create a new virtual machine and attach the corrected .vmdk file.

Step 4: Configure the Network

  1. Network Setup:
    To communicate between your Metasploitable machine and tools like Kali Linux, configure a host-only or NAT network.

    • Go to Settings > Network for your VM.

    • Set the Adapter Type to NAT or Host-Only Adapter, depending on your lab needs.

Step 5: Launch Metasploitable

  1. Start the virtual machine by clicking Start in VirtualBox.

  2. Log in using the default credentials:

    • Username: msfadmin

    • Password: msfadmin
      (Both are lowercase.)

  3. Run the following command in the terminal to find your machine’s IP address:

     ifconfig

    This IP address is critical for connecting other tools, like Kali Linux, to your Metasploitable VM.

Tips and Tricks

  • Multiple VMs: For a comprehensive lab, set up a Kali Linux VM alongside Metasploitable and configure the network so they can communicate.

  • Snapshots: After the initial setup, take a snapshot of the VM in VirtualBox. This allows you to revert to a clean state if you break something during testing.

Setting up Metasploitable in VirtualBox is a straightforward process once you understand the steps. With this virtual machine running, you’ve laid the foundation for an effective cybersecurity lab to explore vulnerabilities, exploits, and ethical hacking techniques.

Stay Null. Stay Void. 🤘

0
Subscribe to my newsletter

Read articles from Chris Holcombe directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#Cybersecurity Lab #VM Setup #Vulnerable MachinesmetasploitableVirtualBox Ethical Hackingpenetration testingCyber Security Toolslinux-basics

Written by

Chris Holcombe
Chris Holcombe