Setting Up Metasploitable2 on VMware: A Step-by-Step Installation Guide

In this blog, I’ll walk you through the step-by-step installation process of Metasploitable 2 on VMWare Workstation.

What is Metasploitable 2?

Metasploitable2 is a deliberately vulnerable virtual machine that is designed for security testing and training purposes. It is part of the Metasploit Project, a popular open-source penetration testing framework. Metasploitable2 is created to simulate a variety of vulnerabilities, misconfigurations, and exploitable scenarios commonly found in real-world systems

Key Features:

1. Vulnerabilities: The virtual machine intentionally includes a range of vulnerabilities, such as weak passwords, outdated software versions, and misconfigured services.
2. Realistic Environment: Metasploitable2 emulates a realistic network environment with multiple services and applications commonly found in Linux-based systems.
3. Training Tool: Security professionals, ethical hackers, and students use Metasploitable2 to enhance their skills in penetration testing and ethical hacking. It provides a safe and controlled environment for learning and practicing security techniques.
4. Metasploit Integration: Metasploitable2 is specifically designed to work seamlessly with the Metasploit framework, allowing users to practice exploiting vulnerabilities and testing various penetration testing tools.
5. Hands-On Experience: Users can gain hands-on experience in identifying, exploiting, and securing vulnerabilities, making it a valuable resource for learning about cybersecurity and ethical hacking.

Let’s get started with the installation….

1. Download Metsaploitable2.zip file from the internet. You can follow the given link as well- https://sourceforge.net/projects/metasploitable/

2. Unzip the downloaded zip file and you should see a new Metasploitable2-Linux directory created with the following contents.

3. Select and right click on the Metasploitable.vmx file and you should see the option Open with VMWare Workstation. In case you don’t see that option, simply click on Open with Other Application and select VMWare from the list of applications.

4. After opening the file using VMWare Workstation, you should be able to see the following type of screen.

5. Now simply start the machine by clicking on the play button located on the toolbar at the top. Then click on “I copied It” if you see the following pop-up.

6. The installation/setup process will commence and is expected to finish within a minute. Subsequently, the following screen will appear on the terminal.

7. The login credentials are already displayed on the terminal, so just login using the default credentials (msfadmin/msfadmin).

8. Voila! We are now inside the Metasploitable 2 VM. Next, check the ip address of the VM using the command given below and you will be able to see the ip address of the VM on the terminal.

ifconfig

9. Launch a web browser on your host machine and enter the IP address (192.168.250.135) assigned to the Metasploitable2 virtual machine. This action will bring up the default Metasploitable2 webpage/homepage.

10. Click on DVWA to launch the web application. Login using the default credentials- admin/password

And there you have it! We’re now inside the DVWA web app, all set to explore and test various attacks.

11. Similarly you can explore the other web apps listed on the Metasploitable2 homepage.

Note: Metasploitable2 is intentionally designed to be vulnerable for educational and testing purposes. Exercise caution and use it responsibly within a controlled environment. Avoid deploying it in live or production networks, as it poses inherent security risks. Always adhere to ethical hacking practices and legal guidelines when engaging with Metasploitable2 for learning and testing purposes.

Thank you for joining me on this Metasploitable2 installation journey. Wishing you insightful learning and successful security testing. If you have any questions or feedback, feel free to share. Happy hacking and stay secure!