Easy guide to setup Metasploitable on Virtual Box

Setting up Metaexplitable OS for penetration testing is easy. This article explains step-by-step configuration you can follow to setup Metaexplitable & Kali Linux on Oracle Virtual Machine.


Metasploitable on Virtual Box

Metasploit Framework (MSF) Vs. Metasploitable OS

The Metasploit Framework (MSF) is a collection of exploitation and vulnerability validation tools freely available for security professionals.

The Metasploitable is a virtual machine based on Linux which contains intentional vulnerabilities. Penetration testers can use the configured Metasploitable environment to test known vulnerabilities either using Metasploit Framework (MSF) or other exploitation tool.

Installing dependencies:

1. Download Kali Linux:

We will be using Kali Linux Virtual Image distribution from Offensive Security [https://www.offensive-security.com/] as our testing environment which has Metasploit Framework (MSF) pre-installed.

Download link : https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/#1572305786534-030ce714-cc3b

2. Download Metaexploitable:

The Metaexploited is an open-source project and we can dowloand it from Source-Forge. The current distribution of Metaexplitebloe is available as a VMware virtual machine (VMX).

Download link : https://sourceforge.net/projects/metasploitable/

3. Download Oracle VirtualBox:

The Oracle VM VirtualBox is a free and open-source hosted hypervisor developed by Oracle Corporation.

Download link: https://www.virtualbox.org/wiki/Downloads

Kali Image Configuration:

For detail steps on how to configure Kali Linux on Virtual Box please read our article on Running Kali Linux on VirtualBox

Once you spin up the Kali Linux instance, open a Terminal window and type :


Result should something similar to the below image. (Note the marked IP address)

Kali Linux Setup - Check IP Address

Configure Metasploitable Virtual Image:

1. Create a Virtual Machine instance for Metasploitable:

Metasploitable Setup - Image selection

2. Allocate memory size to be utilised by Metasploitable:

Metasploitable Setup - memory allocation

3. Select the extracted Metasploitable.vmdk file to load as a Hard Disk:

Metasploitable Setup - Image selection

4. Update the network settings :

To allow our Metasploitable virtual machine to be accessed using Kali Linux we need to change the below network settings.

Metasploitable Setup - Change Network settings

Attached to: -> Bridge Adopter

Name: wlp1s0

5. Metasploitable Welcome screen:

Spin up your Virtual Device and you should see the below Metasploitable Welcome screen:

Metasploitable Setup - Welcome Screen

The Metasploitable login is “msfadmin”; the password is also “msfadmin”.

6. Check the Metasploitable IP address:

You can use the below command to view the IP address.

Metasploitable Setup - Check IP Address

Access Metasploitable from Kali Linux:

Remember, we only need access to Metasploitable instance which has a local IP address assigned (

To confirm we can access Metasploitable from Kali Linux, use the below command:


You should see an output similar to the below scree:

Now you can use the Metasploit Framework (MSF) to start testing!

Cite this article as: Sam Muller, "Easy guide to setup Metasploitable on Virtual Box," in Cyber Memos, April 25, 2020, https://cybermemos.com/cyber-security/easy-guide-to-setup-metasploitable-on-virtual-box/.

Leave a Reply

Your email address will not be published. Required fields are marked *