Metasploitable is a Linux distro, deliberately configured with numerous vulnerabilities. It’s main purpose is to practice exploiting these vulnerabilities in a legal environment (home network). Since it is configured with lots of security flaws, be sure not to run it on a live, production network.
With this series, I’m going to go through the majority of security holes, showing how to exploit each one using Metasploit, and when possible, how to exploit each one without Metasploit. If you’re looking to become a professional pen-tester, there may be situations where you don’t always have access to your favorite tools, so knowing how to manually exploit a flaw can be invaluable. Automated tools can cut down on testing time, but you need to know how to manually verify the results, as there may be some things the tools just won’t give you.
For this series, we’ll be using the Metasploitable VM as the target, and Kali Linux as the attacker. Both of these are running in Virtualbox. Once you fire up Metasploitable, login with the default credentials (msfadmin:msfadmin), then run “ifconfig” to get the IP address (you’ll need this to run through the scenarios).
From the menu, you can select each of the flaws discovered in Metasploitable, and view the corresponding walkthrough.