Metasploitable 2 – Finding Metasploitable with nmap

Once both systems are up and running you need to find the victim. What IP does it have so you can start your exploits against it?

This easiest method to find out this info would be to login to Metasploitable with the given creds (msfadmin/msfadmin) and run ‘ifconfig’ but in the interests of this experiment, how would we find the victim if we didn’t actually have access to the system in question?

The answer….. Nmap.

Well actually there are numerous methods you could use but Nmap is my choice.

Note: From here on in, we are not going to touch our Metasploitable box directly – we are going to use the Kali box throughout. As you use the environment over a period of days/weeks you will likely have to run through the below again and again as your IP’s will not necessarily remain the same.

High level steps:

  1. Find out the IP of your Kali box
  2. Use this info to determine the range to scan with Nmap.
  3. Scan with Nmap – find your target
Find your Kali IP

Open a terminal and run ‘ifconfig’:


So in the above screenshot I know my IP is This means (if both systems are in host only mode) that the IP of the Metasploitable system will be in in the range

So lets run Nmap to find out which IP it has:

nmap -sP

-sP = Ping scan

The results show the live IP addresses found by nmap. We know the .135 address is the Kali box. The .1 is the default gateway. So it would be fair to assume that the address is the Metasploitable box.

Nmap identify metasploitable

So now we know which system to target lets start some recon.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s