Setting Up a Vulnerable Target
A test environment provides a secure place to perform penetration testing and security research. For your test environment, you need a Metasploit instance that can access a vulnerable target. The following sections describe the requirements and instructions for setting up a vulnerable target.
Downloading and Setting Up Metasploitable 3
The easiest way to get a target machine is to use Metasploitable 3, which is a vulnerable virtual machine (offered in both Ubuntu Linux and Windows Server flavors) intentionally designed for testing common vulnerabilities. This virtual machine (VM) is compatible with VMWare, VirtualBox, and other common virtualization platforms.
The Metasploitable 3 project can be found at:
Metasploitable 3 supports Vagrant for easy setup. See the quick-start guide to get up and running. If you prefer, you can build a Metasploitable 3 VM from scratch.
Powering on Metasploitable 3
Once you've set up (or built) your Metasploitable 3 VM, you can power it on using the
vagrant up command:
1cd metasploitable3-workspace2vagrant up
And you can easily check the status of the Metasploitable 3 VM to see if it is running or not:
1cd metasploitable3-workspace2vagrant status
Logging into Metasploitable 3
The login for Metasploitable 3 is
Identifying Metasploitable 3's IP Address
After you log in to Metasploitable 3, you can identify the IP address which has been assigned to the virtual machine. Just enter
ifconfig (at a Linux terminal prompt) or
ipconfig (at a Windows PowerShell or cmd prompt) to see the details for the virtual machine.
The command will return the configuration for eth0. You'll need to take note of the inet address. This will be the address you'll use for testing purposes.
Help with Metasploitable 3
For more information on Metasploitable 3, check out the wiki.