Metasploitable 2 – Finding Metasploitable with nmap

Once both systems are up and running you need to find the victim. What IP does it have so you can start your exploits against it?

This easiest method to find out this info would be to login to Metasploitable with the given creds (msfadmin/msfadmin) and run ‘ifconfig’ but in the interests of this experiment, how would we find the victim if we didn’t actually have access to the system in question?

The answer….. Nmap.

Well actually there are numerous methods you could use but Nmap is my choice.

Note: From here on in, we are not going to touch our Metasploitable box directly – we are going to use the Kali box throughout. As you use the environment over a period of days/weeks you will likely have to run through the below again and again as your IP’s will not necessarily remain the same.

High level steps:

  1. Find out the IP of your Kali box
  2. Use this info to determine the range to scan with Nmap.
  3. Scan with Nmap – find your target
Find your Kali IP

Open a terminal and run ‘ifconfig’:


So in the above screenshot I know my IP is This means (if both systems are in host only mode) that the IP of the Metasploitable system will be in in the range

So lets run Nmap to find out which IP it has:

nmap -sP

-sP = Ping scan

The results show the live IP addresses found by nmap. We know the .135 address is the Kali box. The .1 is the default gateway. So it would be fair to assume that the address is the Metasploitable box.

Nmap identify metasploitable

So now we know which system to target lets start some recon.

Metasploitable 2 – The Setup

In this series I am going to spend some time looking at the amazing Metasploitable2 kindly produced by Rapid7.

Metasploitable is an intentionally vulnerable Linux VM which is designed specifically for the intention of practicing on. There are many ways of exploiting the box – some are very simple and others require a little more thought.

I am going to document my attempts to exploit this in as many different ways as possible. There are many great tutorials and write ups out there but I wanted to try and keep some notes of my own and maybe someone else may find them of use.

First things first – a quick warning. Metasploitable is a vulnerable system – that’s the whole point of it. That being said as it is vulnerable you should NOT expose this directly to the internet or another untrusted network. Use NAT or host only mode for the virtual machine.

For info in my case my environment consists of two virtual machines running in Vmware Fusion:

  1. Kali 2 – The attacker
  2. Metasploitable 2 – The Victim

Once Metasploitable is up and running we should see the following:

Metasploitable2 login

Metasploitable 2 login prompt

The login creds are msfadmin/msfadmin but we aren’t planning on using these – we want to find alternative methods.