Useful to help you get started and it shouldn't give anything away that you quickly could find out for yourself. Remember: your goal is to read the root flag, not just to take a root shell. Virtual Machine Back to the Top. Some authors publish the checksums in the README files, on their homepages or sometimes inside compressed archive if it has been compressed. See how here. Using this website means you're happy with this. Virtual Machines single series all timeline. Some authors publish the checksums in the README files, on their homepages or sometimes inside compressed archive if it has been compressed.

Virtual Machine Back to the Top. You can send a phish to him too. Here are a few staples: Spin up a malicious Java Applet and visit it as Richard. Walkthrough Back to the Top. To check the checksum, you can do it here. To make sure that the files haven't been altered in any manner, you can check the checksum of the file. Happy pwning! Using this website means you're happy with this. Initial footstep is a bit flowed, but really not difficult. Boyd has the Linux versions of Firefox, Java, and Thunderbird.

Download Back to the Top. Yone: 1. Make sure you relay messages through this server. There are two flags on the box: a user and root flag which include an md5 hash. I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment. See how here. UnDiscovered: 1. If the author has agreed, we have created mirrors. Open up a terminal and find out the IP address of the VM. Details Download Author Profile.

Screenshots Back to the Top. Also, check the welcome page on port Or, generate an executable with your payload and run it as Richard. Metasploitable: 1. You can find out how to check the file's checksum here. Metasploitable is an Ubuntu 8. Metasploitable: 1. To make sure that the files haven't been altered in any manner, you can check the checksum of the file.

Useful to help you get started and it shouldn't give anything away that you quickly could find out for yourself. Screenshots Back to the Top. Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. To make sure everyone using VulnHub has the best experience possible using the site, we have had to limit the amount of simultaneous direct download files to two files, with a max speed of 3mb. It's configured in non-persistent-disk mode, so you can simply reset it if you accidentally 'rm -rf' it. Virtual Machines single series all timeline. Morning Catch: Phishing Industries. Legacy: HangTuah. We also offer the download via BitTorrent. Virtual Machine Back to the Top.

The other is a vulnerable Windows client-side attack surface. If you understand the risks, please download! Here you can download the mentioned files using various methods. Metasploitable: 1. Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Boyd has the Linux versions of Firefox, Java, and Thunderbird. A number of vulnerable packages are included, including an install of tomcat 5. Loly: 1. Groundhog Day: Boot2Root!

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. One desktop environment is a vulnerable Linux client-side attack surface. Details Download Author Profile. About Release Back to the Top. If the author has agreed, we have created mirrors. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link. Hint: The first impression is not always the right one! You can send a phish to him too. Metasploitable: 1. For these reasons, we have been in touch with each author asking for permission to mirror the files.

For these reasons, we have been in touch with each author asking for permission to mirror the files. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. Download Back to the Top. Have fun! If you know something that isn't listed, please submit it or get in touch and we would be glad to add it. Some authors publish the checksums in the README files, on their homepages or sometimes inside compressed archive if it has been compressed. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link. Difficulty: Easy Mercury is an easier box, with no bruteforcing required. To make sure everyone using VulnHub has the best experience possible using the site, we have had to limit the amount of simultaneous direct download files to two files, with a max speed of 3mb.

For download links and a walkthrough of some of the vulnerabilities and how to exploit them , please take a look at the Metasploitable 2 Exploitability Guide. Metasploitable is an Ubuntu 8. You can find out how to check the file's checksum here. You can find all the checksums here , otherwise, they will be individually displayed on their entry page. Virtual Machine Back to the Top. Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link. If you understand the risks, please download!

Hint: The first impression is not always the right one! The Firefox add-on attack exploit in the Metasploit Framework is a great candidate. Virtual Machines single series all timeline. Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. The Planets: Mercury. We have listed the original source , from the author's page. Small company Nully Cybersecurity hired you to conduct a security test of their internal corporate systems. We also offer the download via BitTorrent. A number of vulnerable packages are included, including an install of tomcat 5.

Metasploitable is an Ubuntu 8. Metasploitable: 2. Or, generate an executable with your payload and run it as Richard. Be smart and combine If the author has agreed, we have created mirrors. The other is a vulnerable Windows client-side attack surface. Webmail Morning Catch also includes RoundCube webmail for all of its users. For download links and a walkthrough of some of the vulnerabilities and how to exploit them , please take a look at the Metasploitable 2 Exploitability Guide. The Planets: Mercury. Description Back to the Top.

Hints: Nikto scans "case sensitive" and you need a minimum of 15 mins to get user! Morning Catch uses a bleeding edge version of WINE to run a few vulnerable Windows applications AND experiment with post-exploitation tools in a fun and freely re-distributable environment. About Release Back to the Top. A number of vulnerable packages are included, including an install of tomcat 5. The other is a vulnerable Windows client-side attack surface. I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment. And has 2 flags:user. This is an easy box. Morning Catch also includes RoundCube webmail for all of its users.

Useful to help you get started and it shouldn't give anything away that you quickly could find out for yourself. You can send a phish to him too. Virtual Machine Back to the Top. We also offer the download via BitTorrent. If you need hints, call me on twitter: R2d2 Have fun One of the questions that we often hear is "What systems can i use to test against? The Firefox add-on attack exploit in the Metasploit Framework is a great candidate. Metasploitable: 1. We also offer the download via BitTorrent. The other is a vulnerable Windows client-side attack surface.

About Release Back to the Top. Details Download Author Profile. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it. Virtual Machine Back to the Top. To make sure everyone using VulnHub has the best experience possible using the site, we have had to limit the amount of simultaneous direct download files to two files, with a max speed of 3mb. Lets separate the script-kids from script-teenies. Remember: your goal is to read the root flag, not just to take a root shell. Funbox: Next Level. Difficulty: Easy Mercury is an easier box, with no bruteforcing required.

Login as Boyd to get to the vulnerable Linux desktop. Funbox: Next Level. Or, generate an executable with your payload and run it as Richard. Boyd also has an SSH key for the Metasploitable 2 virtual machine. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. This VM includes a mail server to receive email for users at the morningcatch. Virtual Machines single series all timeline. We have listed the original source , from the author's page.

It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack. Download Back to the Top. The other is a vulnerable Windows client-side attack surface. It's configured in non-persistent-disk mode, so you can simply reset it if you accidentally 'rm -rf' it. To make sure everyone using VulnHub has the best experience possible using the site, we have had to limit the amount of simultaneous direct download files to two files, with a max speed of 3mb. Details Download Author Profile. Funbox: CTF. Open up a terminal and find out the IP address of the VM.

Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation. Virtual Machines single series all timeline. If you understand the risks, please download! There are two flags on the box: a user and root flag which include an md5 hash. Are you looking for some attacks to try? You can find all the checksums here , otherwise, they will be individually displayed on their entry page. We also offer the download via BitTorrent. This VM includes a mail server to receive email for users at the morningcatch. One of the questions that we often hear is "What systems can i use to test against? We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link.

Networking Back to the Top. File Information Back to the Top. Login as Boyd to get to the vulnerable Linux desktop. Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Happy pwning! Use this as a target to clone and harvest passwords from.

Download Back to the Top. Funbox: CTF. Have fun! Be smart and combine File Information Back to the Top. One of the questions that we often hear is "What systems can i use to test against? Some authors publish the checksums in the README files, on their homepages or sometimes inside compressed archive if it has been compressed. Use [email protected] as the address. These are untouched copies of the listed files.

Single single series all timeline. It's vmware based, i dont know if it works on VB you can test it if you want. Nully Cybersecurity - this is an easy-intermediate realistic machine. About: Wait minutes before starting for the machine to start its services. Networking Back to the Top. Networking Back to the Top. UnDiscovered: 1. For download links and a walkthrough of some of the vulnerabilities and how to exploit them , please take a look at the Metasploitable 2 Exploitability Guide. We have listed the original source , from the author's page.

Are you looking for some attacks to try? See how here. Using this website means you're happy with this. A number of vulnerable packages are included, including an install of tomcat 5. You can find out how to check the file's checksum here. You can find all the checksums here , otherwise, they will be individually displayed on their entry page. After getting access to Funbox: CTF, its nessesarry to find, read and understand the 2 and easy to find hints. File Information Back to the Top.

If you understand the risks, please download! Try to ssh to Metasploitable 2 as root and see what happens. UnDiscovered: 1. Using this website means you're happy with this. Screenshots Back to the Top. The Planets: Mercury. Lets separate the script-kids from script-teenies. Morning Catch: Phishing Industries. Happy pwning!

Walkthrough Back to the Top. Download Back to the Top. It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack. I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment. Hints: 'cat rockyou. Initial footstep is a bit flowed, but really not difficult. Try to ssh to Metasploitable 2 as root and see what happens. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it.

Login as Richard to get to the vulnerable Windows desktop. You can find out how to check the file's checksum here. Metasploitable: 2. It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack. Boyd also has an SSH key for the Metasploitable 2 virtual machine. It's configured in non-persistent-disk mode, so you can simply reset it if you accidentally 'rm -rf' it. Screenshots Back to the Top. There are 6 flags and each flag will lead to another flag and in the end it will lead to root access which will end the game.

You can find all the checksums here , otherwise, they will be individually displayed on their entry page. To check the checksum, you can do it here. It could possibly show you a way of completely solving it. Morning Catch also includes RoundCube webmail for all of its users. The Firefox add-on attack exploit in the Metasploit Framework is a great candidate. For download links and a walkthrough of some of the vulnerabilities and how to exploit them , please take a look at the Metasploitable 2 Exploitability Guide. Metasploitable: 1. To make sure that the files haven't been altered in any manner, you can check the checksum of the file.

Using this website means you're happy with this. Use [email protected] as the address. Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Initial footstep is a bit flowed, but really not difficult. This has been tested on VirtualBox so may not work correctly on VMware. Description Back to the Top. OnSystem: ShellDredd 1 Hannah. Also, check the welcome page on port See how here.

Nully Cybersecurity - this is an easy-intermediate realistic machine. It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack. The Planets: Mercury. Metasploitable is an Ubuntu 8. Download Back to the Top. To make sure everyone using VulnHub has the best experience possible using the site, we have had to limit the amount of simultaneous direct download files to two files, with a max speed of 3mb. After getting access to Funbox: CTF, its nessesarry to find, read and understand the 2 and easy to find hints. Happy pwning! Virtual Machine Back to the Top. Some authors publish the checksums in the README files, on their homepages or sometimes inside compressed archive if it has been compressed.

Virtual Machine Back to the Top. We also offer the download via BitTorrent. Metasploitable: 2. OnSystem: ShellDredd 1 Hannah. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. If the author has agreed, we have created mirrors. Spin up a malicious Java Applet and visit it as Richard. Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Loly: 1. Morning Catch: Phishing Industries.

Download Back to the Top. Try to ssh to Metasploitable 2 as root and see what happens. Using this website means you're happy with this. And has 2 flags:user. Download Back to the Top. To make sure that the files haven't been altered in any manner, you can check the checksum of the file. Networking Back to the Top. Open up a terminal and find out the IP address of the VM.

To check the checksum, you can do it here. You can find all the checksums here , otherwise, they will be individually displayed on their entry page. Lets separate the script-kids from script-teenies. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link. We also offer the download via BitTorrent. Here are a few staples: Spin up a malicious Java Applet and visit it as Richard. Download Back to the Top. This has been tested on VirtualBox so may not work correctly on VMware. Virtual Machine Back to the Top.

Nully Cybersecurity - this is an easy-intermediate realistic machine. OnSystem: ShellDredd 1 Hannah. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it. You can find all the checksums here , otherwise, they will be individually displayed on their entry page. Login as Richard to get to the vulnerable Windows desktop. Screenshots Back to the Top. Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Virtual Machine Back to the Top. I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment. Metasploitable: 1.

Funbox: CTF. Virtual Machine Back to the Top. There are two flags on the box: a user and root flag which include an md5 hash. Try to ssh to Metasploitable 2 as root and see what happens. Virtual Machines single series all timeline. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it. Walkthrough Back to the Top. Using this website means you're happy with this. About Release Back to the Top. It's vmware based, i dont know if it works on VB you can test it if you want.

Metasploitable: 1. Spin up a malicious Java Applet and visit it as Richard. Nully Cybersecurity: 1. Networking Back to the Top. Virtual Machine Back to the Top. It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack. Hints: Nikto scans "case sensitive" and you need a minimum of 15 mins to get user! Here are a few staples: Spin up a malicious Java Applet and visit it as Richard.

A number of vulnerable packages are included, including an install of tomcat 5. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. There are 6 flags and each flag will lead to another flag and in the end it will lead to root access which will end the game. OnSystem: ShellDredd 1 Hannah. This mentions the name of this release, when it was released, who made it, a link to 'series' and a link to the homepage of the release. Yone: 1. One of the questions that we often hear is "What systems can i use to test against? See how here. To make sure that the files haven't been altered in any manner, you can check the checksum of the file.

Metasploitable: 1. Difficulty: Easy Mercury is an easier box, with no bruteforcing required. A number of vulnerable packages are included, including an install of tomcat 5. Morning Catch: Phishing Industries. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. Description Back to the Top. This VM includes a mail server to receive email for users at the morningcatch. This mentions the name of this release, when it was released, who made it, a link to 'series' and a link to the homepage of the release.

For download links and a walkthrough of some of the vulnerabilities and how to exploit them , please take a look at the Metasploitable 2 Exploitability Guide. I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment. Lets separate the script-kids from script-teenies. Remember: your goal is to read the root flag, not just to take a root shell. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment. Hints: Nikto scans "case sensitive" and you need a minimum of 15 mins to get user! Legacy: HangTuah.

OnSystem: ShellDredd 1 Hannah. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link. Using this website means you're happy with this. Here are a few staples: Spin up a malicious Java Applet and visit it as Richard. Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation. You can find out how to check the file's checksum here. Happy pwning! Morning Catch uses a bleeding edge version of WINE to run a few vulnerable Windows applications AND experiment with post-exploitation tools in a fun and freely re-distributable environment.

To make sure everyone using VulnHub has the best experience possible using the site, we have had to limit the amount of simultaneous direct download files to two files, with a max speed of 3mb. Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Spin up a malicious Java Applet and visit it as Richard. Nully Cybersecurity: 1. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. This works better with VirtualBox rather than VMware. WorldCup: Useful to help you get started and it shouldn't give anything away that you quickly could find out for yourself. Loly: 1.

It's common for an author to release multiple 'scenarios', making up a 'series' of machines to attack. If you understand the risks, please download! The other is a vulnerable Windows client-side attack surface. One desktop environment is a vulnerable Linux client-side attack surface. Screenshots Back to the Top. These are untouched copies of the listed files. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. Use this as a target to clone and harvest passwords from. We have listed the original source , from the author's page. One of the questions that we often hear is "What systems can i use to test against?

It's vmware based, i dont know if it works on VB you can test it if you want. Mercury is an easier box, with no bruteforcing required. Difficulty: Easy Mercury is an easier box, with no bruteforcing required. A number of vulnerable packages are included, including an install of tomcat 5. Have fun! To make sure that the files haven't been altered in any manner, you can check the checksum of the file. Nully Cybersecurity: 1. To check the checksum, you can do it here. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link. The Planets: Mercury.

This has been tested on VirtualBox so may not work correctly on VMware. Details Download Author Profile. Discovery consists not in seeking new landscapes, but in having new eyes.. Virtual Machines single series all timeline. One desktop environment is a vulnerable Linux client-side attack surface. Using this website means you're happy with this. While working with the machine, you will need to brute force, pivoting using metasploit, via portfwd , exploitation web app, and using searchsploit. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications.

Metasploitable is an Ubuntu 8. Login as Boyd to get to the vulnerable Linux desktop. Make sure you relay messages through this server. Webmail Morning Catch also includes RoundCube webmail for all of its users. Using this website means you're happy with this. To check the checksum, you can do it here. Funbox: CTF. The Firefox add-on attack exploit in the Metasploit Framework is a great candidate.

Metasploitable: 2. We also offer the download via BitTorrent. Login Screen Your use of Morning Catch starts with the login screen. Hint: The first impression is not always the right one! Using this website means you're happy with this. Details Download Author Profile. OnSystem: ShellDredd 1 Hannah. Make sure you relay messages through this server.

A number of vulnerable packages are included, including an install of tomcat 5. To make sure that the files haven't been altered in any manner, you can check the checksum of the file. Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. About Release Back to the Top. Discovery consists not in seeking new landscapes, but in having new eyes.. We also offer the download via BitTorrent. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it. Make sure you relay messages through this server. One of the questions that we often hear is "What systems can i use to test against?

For download links and a walkthrough of some of the vulnerabilities and how to exploit them , please take a look at the Metasploitable 2 Exploitability Guide. If you understand the risks, please download! This has been tested on VirtualBox so may not work correctly on VMware. Screenshots Back to the Top. About Release Back to the Top. Spin up a malicious Java Applet and visit it as Richard. Virtual Machine Back to the Top. On this virtual machine, you will find: a website for a fictitious seafood company, self-contained email infrastructure to receive phishes, and two desktop environments. A number of vulnerable packages are included, including an install of tomcat 5. Metasploitable: 2.

These are untouched copies of the listed files. Lets separate the script-kids from script-teenies. To check the checksum, you can do it here. Have fun! Description Back to the Top. If you understand the risks, please download! One of the questions that we often hear is "What systems can i use to test against? For download links and a walkthrough of some of the vulnerabilities and how to exploit them , please take a look at the Metasploitable 2 Exploitability Guide.

Useful to help you get started and it shouldn't give anything away that you quickly could find out for yourself. Groundhog Day: Boot2Root! About Release Back to the Top. Using this website means you're happy with this. Happy pwning! This VM includes a mail server to receive email for users at the morningcatch. For download links and a walkthrough of some of the vulnerabilities and how to exploit them , please take a look at the Metasploitable 2 Exploitability Guide. To make sure that the files haven't been altered in any manner, you can check the checksum of the file. Difficulty: Easy Mercury is an easier box, with no bruteforcing required.

We have listed the original source , from the author's page. This mentions the name of this release, when it was released, who made it, a link to 'series' and a link to the homepage of the release. Mercury is an easier box, with no bruteforcing required. Metasploitable: 1. Morning Catch also includes RoundCube webmail for all of its users. Metasploitable is an Ubuntu 8. Loly: 1. To check the checksum, you can do it here. These are untouched copies of the listed files. Screenshots Back to the Top.

Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. About Release Back to the Top. For these reasons, we have been in touch with each author asking for permission to mirror the files. This has been tested on VirtualBox so may not work correctly on VMware. This is an easy box. If you understand the risks, please download! Lets separate the script-kids from script-teenies. Nully Cybersecurity: 1. Funbox: CTF. Open up a terminal and find out the IP address of the VM.

About Release Back to the Top. This has been tested on VirtualBox so may not work correctly on VMware. If you understand the risks, please download! About Release Back to the Top. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. Networking Back to the Top. WorldCup: To check the checksum, you can do it here. Using this website means you're happy with this.

OnSystem: ShellDredd 1 Hannah. Happy pwning! I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment. This mentions the name of this release, when it was released, who made it, a link to 'series' and a link to the homepage of the release. See how here. Groundhog Day: Boot2Root! Description Back to the Top. Try to ssh to Metasploitable 2 as root and see what happens. Funbox: Next Level. For these reasons, we have been in touch with each author asking for permission to mirror the files.

Boyd also has an SSH key for the Metasploitable 2 virtual machine. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link. For download links and a walkthrough of some of the vulnerabilities and how to exploit them , please take a look at the Metasploitable 2 Exploitability Guide. Here you can download the mentioned files using various methods. Funbox: CTF. Nully Cybersecurity - this is an easy-intermediate realistic machine. Description Back to the Top. Try to ssh to Metasploitable 2 as root and see what happens. Loly: 1. Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice.