Posted on 7 Comments

Installing Metasploitable in VirtualBox

In this howto, you will installing metasploitable in VirtualBox. What is Metasploitable? Learning penetration testing or ethical hacking requires practical knowledge and good practice needs a vulnerable target. That is where Metasploitable comes into picture. It is an intentionally vulnerable operating system made by the makers of Metasploit themselves so that aspiring ethical hackers can practice and hone their hacking skills. As its name conveys Metasploitable is loaded with vulnerabilities that can be exploited with Metasploit modules. 

This virtual machine can be used to conduct security training, test security tools, and practice common penetration testing techniques.  For this i am going to use Metasploitable 2 which can be downloaded from here. After downloading the zip archive, extract the files into a folder. The file contents look like below.

Open VirtualBox and click on “New Virtual machine wizard”. Type the name of your choice. I am using ‘Metasploitable-2‘. Choose ‘Type’ as Linux and ‘version’ as Ubuntu. Click on “Next”.

Choose the memory size appropriate to the availability of RAM on your host machine although 512MB is more than enough. Click on “Next”.

In the hard drive creation window, select option “Use an existing virtual hard drive”, browse to the folder where we have extracted our zip files and select the ‘vmdk’ file available. Click on “Create”.

Then you are automatically booted into the metasploitable OS. The default username and password are “msfadmin”.


With this we successfully finished installing Metasploitable in Virtualbox. See how to create a penetration testing lab.

7 thoughts on “Installing Metasploitable in VirtualBox

  1. […] ← How to install Metasploitable in VirtualBox. […]

  2. Hello,

    Just a small problem
    When I input the login and press return, following line is password (as expected) but machine is blocked…

    Thanks for your help

    1. Hey Pascal, make sure your cursor is over the virtualbox interface while typing your passw ord. If the problem still persists, allocate more RAM to Metasploitable.

      1. Nope, that wont help to solve the problem. All keys are blocked except the “return” or “enter” key. As soon you enter the user “msfadmin” and press “enter” or “CTRL+J” then proceed to enter the password, no matter if your mouse is inside virtual machine, you click on it a thousand times, or open the “soft-keyboard” using input>keyboard>Soft keyboard option inside Virtual Machine, the keyboard is simply blocked and it wont accept any other key except “enter” causing an “incorrect login” therefore being unable to login and use metasploitable at all.

        1. In Metasploitable, just like many Linux machine, the password is not displayed while being typed. This is a security measure. Just type the password and hit ENTER. It should work.

  3. Thanks for the information

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.