Metasploitable is an intentionally vulnerable VM that can be used to conduct security training, practice ethical hacking, and much more. It’s a test environment that provides a secure place to perform penetration testing and security research.

Step 1: Create a VM with no Media

Step 2: Create a folder in /var/lib/vz/ images

  • Command: mkdir 112
  • Make sure the folder number is the same as VM (It helps keeps things organize)

Step 3: Download the Metasploitable folder using wget

  • Command: wget 

Step 4: Unzip the folder you just downloaded

  • Command: unzip

Step 5: Convert the .vmdk file to a qcow2 file

  • Command: qemu-img convert -f vmdk Metasploitable.vmdk -O qcow2 Metasploitable.qcow2 

Step 6: Move the .qcow2 file to the root folder (112).

  • Command: mv Metasploitable.vmdk ../

Step 7: Edit the VM config file

  • Command: Nano /etc/pve/qemu-server/112.conf
  • Point the VM to the qcow2 file (See image below)

Things to Keep in mind

  • As I said earlier, Metersploitable is an intentionally vulnerable VM, so make sure you treat it as such. Turn it off when it’s not being used, segregated on your network if needed.
  • Metasploitabe 3 is out. I’m still trying to figure out how to get that set up on Proxmox. Once I do, I will create a video about it.

Emails Suck! Ours Don't!

Join the family. Subscribe and we will update you every time we post something Awesome.

About the author

Paul Koroma

Hey there, I'm Paul—a relentless seeker of knowledge and an IT enthusiast on a quest for personal growth. Soccer and IT have always ignited a fire within me, igniting my drive to create Koroma Tech. It's not just my own journey; it's an opportunity to uplift others as I forge my path in this ever-evolving field. Challenges excite me—they're the fuel for my growth. Every day presents a new hurdle, but it's a challenge I've learned to embrace wholeheartedly. I want to defy limits and inspire greatness in myself and others.