Exercise: Setting up a Virtual Penetration Testing Lab using VirtualBox and Metasploitable and Kali Linux

Lab Setup Guidance for Metasploitable and Kali Linux Machine in VirtualBox:

Step 1: Download the VirtualBox software

● Download the latest version of VirtualBox from the official website:
https://www.virtualbox.org/wiki/Downloads

Step 2: Download the Metasploitable and Kali Linux virtual machine images
● Download the Metasploitable virtual machine image from the following link:
https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
● Download the Kali Linux virtual machine image from the following link:
https://www.kali.org/downloads/

Step 3: Install the VirtualBox software
● Install the VirtualBox software by following the instructions provided in the installation
wizard.

Step 4: Create a new virtual machine for Metasploitable
● Open VirtualBox and click on the “New” button to create a new virtual machine.
● Name the virtual machine as “Metasploitable” and select “Linux” as the type and
“Other Linux” as the version.
● Allocate at least 1GB of RAM for the virtual machine and create a new virtual hard
drive.

Step 5: Create a new virtual machine for Kali Linux
● Repeat the same process as step 4 to create a new virtual machine named “Kali
Linux”
● Allocate at least 2GB of RAM for the virtual machine and create a new virtual hard
drive.

Step 6: Import the virtual machine images
● Click on the “File” menu and select “Import Appliance”
● Import the Metasploitable virtual machine image and Kali Linux virtual machine
image that you have downloaded earlier.

Step 7: Configure the network settings
● Go to the “Settings” of both the virtual machines and select “Network”
● Change the “Attached to” option to “Bridged Adapter” to allow the virtual machines to
access the host’s network.

Step 8: Start the virtual machines
● Start the virtual machines by clicking on the “Start” button.
● Log in to the virtual machines using the default credentials provided on the
Metasploitable and Kali Linux websites.

Step 9: Test the connectivity
● Test the connectivity between the virtual machines by pinging one machine IP from
another machine.

Note:
● Make sure that your host machine has enough resources (RAM, CPU, and storage)
to run two virtual machines simultaneously
● Keep in mind that Metasploitable is a deliberately vulnerable machine and should not
be used in a production environment.

References:
● VirtualBox official website: https://www.virtualbox.org/
● Metasploitable Project website: https://www.vulnhub.com/entry/metasploitable-2,29/
● Kali Linux official website: https://www.kali.org/
● Setting up a penetration testing lab using VirtualBox:
https://www.hackingarticles.in/setting-up-a-penetration-testing-lab-using-virtualbox/
● A guide to using Metasploitable for penetration testing:
https://www.hackingarticles.in/metasploitable-tutorial-for-beginners/
● A tutorial on how to use VirtualBox: https://www.virtualbox.org/manual/ch01.html

Open chat
Hello 👋.
Tell me, how can I help you?