Installing vulnerable servers

In this section, we will install a vulnerable virtual machine as a target virtual machine. This target will be used in several chapters of the book, when we explain particular topics. The reason we chose to set up a vulnerable server in our machine instead of using vulnerable servers available on the internet is because we don't want you to break any laws. We should emphasize that you should never pentest other servers without written permission. Another purpose of installing another virtual machine would be to improve your skills in a controlled manner. This way, it is easy to fix issues and understand what is going on in the target machine when attacks do not work.

In several countries, even port scanning a machine that you don't own can be considered a criminal act. Also, if something happens to the operating system using a virtual machine, we can repair it easily.

In the following sections, we will be setting up the Metasploitable 2 and Metasploitable 3 virtual machines as vulnerable servers. Metasploitable 2 is older but easier to install and configure. Metasploitable 3 is more recent and so has been updated to reflect updated vulnerabilities, but the installation is a bit different and sometimes problematic for new users. For this reason, we provide the readers with the option of Metasploitable 2 and 3, although we do recommend trying them both, should you have the available resources.