Setup VirtualBox with Kali Linux and Metasploitable

Setting up VirtualBox with Kali Linux and Metasploitable so that both VMs are on the same network and can reach each other is useful for practicing penetration testing locally. Kali Linux has many tools for penetration testing and Metasploitable is an intentionally vulnerable Linux virtual machine

Install VirtualBox

Download here. VirtualBox 6.1 (6.1.28 r147628) was used. There are some differences with previous version in setting up a Host Network Adapter.

Setup Kali Linux VM

Download here. This is a pre-made VM for VirtualBox. It is an .ova file and all you need is to File - Import Appliance and select the .ova file.

Setup Metasploitable VM

Download here. Extracting the zip file there is a .vmdk file which will be used to create the VM. Create a New VM and select an appropriate location on hard disk: Screenshot 2021-11-10 at 11.43.06 AM.png Continue with suggested memory size and in the next step choose "Use an existing virtual hard disk file" and select the downloaded .vmdk file. Screenshot 2021-11-10 at 11.47.29 AM.png Click "Create" and the VM will be ready.

Setup the Network

We need both operating systems connected to the same network in order to be able to access each other. Go to File - Host Network Manager and Create a new network. Screenshot 2021-11-10 at 11.54.13 AM.png Then select each VM and click Settings. On the Network tab set the Host-only Adapter option and select the created network. Screenshot 2021-11-10 at 11.56.19 AM.png

Start VMs and Check the Network

Start both VMs.
Credentials for Kali Linux: kali/kali
Credentials for Metasploitable: msfadmin/msfadmin
In metasploitable run: ifconfig and notice the inet addr.
Go to Kali Linux, run the browser application and type this address as the URL. The page sent by Metasploitable will appear. Screenshot 2021-11-10 at 12.01.26 PM.png The system is ready to explore Metasploitable vulnerabilities and practice penetration testing. Happy hacking.