Practicing on Metasploitable2 for the first time can be overwhelming, but this guide keeps things simple. It walks you step-by-step through real vulnerability scanning and exploitation techniques. Whether you're a cybersecurity student, a SOC analyst in training, or an aspiring penetration tester, this walkthrough gives you practical, hands-on experience in a safe lab environment.

Before we dive in, remember: this guide is for educational purposes only. Metasploitable2 is intentionally vulnerable and must be used in a controlled lab environment. Do not attempt these techniques on systems you do not own or have explicit permission to test. You are fully responsible for your actions.

What Is Metasploitable2

Metasploitable2, developed by Rapid7, is a deliberately vulnerable Linux virtual machine used for practicing penetration testing and exploitation techniques. It helps cybersecurity analysts and penetration testers sharpen skills such as:

• Vulnerability scanning

• Service enumeration

• Exploitation using Metasploit

• Manual exploitation

• Post-exploitation techniques

This walkthrough demonstrates how to discover and exploit weaknesses across multiple open ports using Kali Linux.

1. Discovery Phase: Identifying the Target System

Before exploitation, the first step in any penetration testing engagement is information gathering and discovery. We begin by identifying the IP address of the Metasploitable2 machine.

Step 1: Log in to Metasploitable2

The default login credentials are:

• Username: msfadmin

• Password: msfadmin

This gives you access to the vulnerable system’s terminal.

Step 2: Find the Metasploitable2 IP Address

In the Metasploitable2 terminal, run:

This displays the system’s network configuration, including its assigned IP address. You will use this IP as the target for scanning and exploitation.

Step 3: Scan the Target with Nmap from Kali Linux

Now switch to your Kali Linux attack machine. Use Nmap, one of the most essential tools for SOC analysts and penetration testers, to scan for open ports and services running on Metasploitable2.

What this command does:

• -sV detects service versions
• -Pn skips host discovery
• <target-ip> is the IP discovered using ifconfig

Let’s Start With FTP (Port 21)

FTP is a simple file‑transfer protocol, and on Metasploitable2, it runs an outdated version that’s easy to exploit. Using Metasploit, we can take advantage of the known vsftpd 2.3.4 backdoor to gain instant access.

Commands used:

Congratulations the exploit worked, and we now have root access through the vulnerable FTP service.

After wrapping up the FTP exploit, let’s move on to another weak service running on Metasploitable2: Telnet.

2. Telnet Exploitation (Port 23)

Telnet is a plain‑text remote access protocol that sends everything including passwords with zero encryption. That makes it a perfect target during penetration testing.

On your Kali terminal, connect to the service:

If the service is misconfigured, Telnet will grant direct access to the system without proper authentication.

Congratulations! You have successfully gained root access through the Telnet service.