Metasploitable is an intentionally vulnerable VM that can be used to conduct security training, practice ethical hacking, and much more. It’s a test environment that provides a secure place to perform penetration testing and security research.
Step 1: Create a VM with no Media
Step 2: Create a folder in /var/lib/vz/ images
- Command: mkdir 112
- Make sure the folder number is the same as VM (It helps keeps things organize)
Step 3: Download the Metasploitable folder using wget
- Command: wget https://newcontinuum.dl.sourceforge.net/project/metasploitable/Metasploitable2/metasploitable-linux-2.0.0.zip
Step 4: Unzip the folder you just downloaded
- Command: unzip metasploitable-Linux-2.0.0.zip
Step 5: Convert the .vmdk file to a qcow2 file
- Command: qemu-img convert -f vmdk Metasploitable.vmdk -O qcow2 Metasploitable.qcow2
Step 6: Move the .qcow2 file to the root folder (112).
- Command: mv Metasploitable.vmdk ../
Step 7: Edit the VM config file
- Command: Nano /etc/pve/qemu-server/112.conf
- Point the VM to the qcow2 file (See image below)
Things to Keep in mind
- As I said earlier, Metersploitable is an intentionally vulnerable VM, so make sure you treat it as such. Turn it off when it’s not being used, segregated on your network if needed.
- Metasploitabe 3 is out. I’m still trying to figure out how to get that set up on Proxmox. Once I do, I will create a video about it.