Metasploitable is an intentionally vulnerable virtual machine created for security training and ethical hacking practice. It is commonly used in Metasploit courses because it contains known weaknesses that allow learners to practise scanning, enumeration, exploitation, and post-exploitation in a safe and legal environment. Setting up Metasploitable correctly is an important step in building your lab.
In this topic, you learn how to import or create the Metasploitable virtual machine in a platform such as VirtualBox or VMware. Since Metasploitable is usually distributed as a prebuilt virtual machine image, the setup often involves adding the image to your virtualization software, assigning basic resources, and configuring the network adapter so it can communicate with your Kali machine. The goal is to keep it inside the lab network only and avoid exposing it to real networks because it is intentionally insecure.
You will also learn how to start the machine and confirm that it is running properly. This includes checking the assigned IP address, confirming network connectivity, and verifying that the system is reachable from your attacker machine for training exercises. In many labs, Metasploitable is used as the first target because it is designed for learning common techniques in a controlled setting.
By the end of this topic, you should have Metasploitable running as a virtual machine, correctly connected to your lab network, and ready for information gathering and Metasploit practice.
