Exercise: Setting up a DVWA Lab in Metasploitable with Kali Linux in VirtualBox

Step 1: Download and Install VirtualBox

● Download the latest version of VirtualBox from the official website:
https://www.virtualbox.org/wiki/Downloads
● Install VirtualBox by following the instructions provided in the installation wizard.

Step 2: Download the Metasploitable and Kali Linux virtual machine images

● Download the Metasploitable virtual machine image from the following link:
https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
● Download the Kali Linux virtual machine image from the following link:
https://www.kali.org/downloads/

Step 3: Create a new virtual machine for Metasploitable

● Open VirtualBox and click on the “New” button to create a new virtual machine.
● Name the virtual machine as “Metasploitable” and select “Linux” as the type and
“Other Linux” as the version.
● Allocate at least 1GB of RAM for the virtual machine and create a new virtual hard
drive.

Step 4: Create a new virtual machine for Kali Linux

● Repeat the same process as step 3 to create a new virtual machine named “Kali
Linux”
● Allocate at least 2GB of RAM for the virtual machine and create a new virtual hard
drive.

Step 5: Import the virtual machine images

● Click on the “File” menu and select “Import Appliance”
● Import the Metasploitable virtual machine image and Kali Linux virtual machine
image that you have downloaded earlier.

Step 6: Configure the network settings

● Go to the “Settings” of both the virtual machines and select “Network”
● Change the “Attached to” option to “Bridged Adapter” to allow the virtual machines to
access the host’s network.

Step 7: Start the virtual machines

● Start the virtual machines by clicking on the “Start” button.
● Log in to the virtual machines using the default credentials provided on the
Metasploitable and Kali Linux websites.

Step 8: Install and setup DVWA in Metasploitable

● Open a terminal in the Metasploitable virtual machine and run the following
commands to install Apache, PHP and MYSQL

sudo apt-get update
sudo apt-get install apache2 -y
sudo apt-get install php -y
sudo apt-get install mysql-server -y
sudo apt-get install php-mysql -y

● Download the DVWA application from the following link:
https://github.com/ethicalhack3r/DVWA/releases/download/v1.10/dvwa-1.10.zip
● Extract the contents of the downloaded zip file and copy the extracted folder to the
/var/www/html directory
● Rename the extracted folder to dvwa
● Change the permissions of the dvwa folder by running the following command: sudo
chmod -R 777 /var/www/html/dvwa
● Start the apache service by running the command: sudo service apache2 start
● Open a web

Reference:
● VirtualBox official website: https://www.virtualbox.org/
● Metasploitable Project website: https://www.vulnhub.com/entry/metasploitable-2,29/
● Kali Linux official website: https://www.kali.org/
● DVWA (Damn Vulnerable Web Application) website: http://www.dvwa.co.uk/
● A guide to installing and setting up DVWA on Metasploitable:
https://www.hackingarticles.in/dvwa-installation-on-metasploitable-2-tutorial/
● A tutorial on how to use VirtualBox: https://www.virtualbox.org/manual/ch01.html

Note:
● Keep in mind that Metasploitable is a deliberately vulnerable machine and should not
be used in a production environment.
● Make sure that your host machine has enough resources (RAM, CPU, and storage)
to run two virtual machines simultaneously

Open chat
Hello 👋.
Tell me, how can I help you?