The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms. By default, Metasploitable’s network interfaces are bound to the NAT and Host-only network adapters, and the image should never be exposed to a hostile network.
As this VM has many vulnerabilities in common with version 1, I will only be covering the newer vulnerabilities on the system. For a comprehensive walkthrough on version 1 of the VM you can check out my previous blog post here.