Metasploitable In The Cloud

There is no doubt that the best way to learn Information Security is hands-on, and to make this easier the guys from Rapid7 – Metasploit created Metasploitable, a vulnerable by design server. Beside their vulnerability as a server, they added more special “ingredients” (vulnerable by design applications) like Damn Vulnerable Web Application from RandomStorm or Mutillidae from OWASP.

Metasploitable represents the perfect “dish” for learning penetration testing (light intro level). Its popularity spread across InfoSec community and became a study framework for most of the infosec students as well as for some InfoSec Training Companies. One reason why had become so popular is that Metasploit  framework is the most popular PenTest framework according with this survey where it got an whoop 82% among PenTest frameworks – if you want to test Metasploit, you can always can test it on… Metasploitable. Moreover, Metasploitable isn’t mentioned only because of Metasploit Framework popularity… many PenTest OS, vendors like famous Offensive-Security’s BackTrack/Kali Linux, recommend it to practice their operating systems. There are 1800+ videos on  YouTube alone for “Metasploitable”

“Never heard about Metasploitable? Then you’re not into InfoSec Industry”. Yes, that’s how popular it has become.

Metasploitable it’s free, open source and if you want to use it, there are some specific steps to follow in order you to get it properly installed in your virtual environment. That was until… Today.

Today, we gladly announce that there is a new way to access Metasploitable, and practice FREE of charge in the cloud. Besides Helping Open Source Projects to Improve Their Security, we decided it is our duty to bring another free and open contribution to InfoSec Community, by offering Metasploitable in the cloud.

Why is special besides the fact that is free?

1) Being over The Internet, it’s close to real thing.

2) If you need someone to help you, you can use the CTF365 IRC service

3) You can create a video tutorial on the fly, without the need to create your own virtual environment

4) If you want to study using tutorials like the one from Offensive-Security Metasploit Unleashed

5) For your students, as a InfoSec instructors

6) If you want to test new PenTest Tools.

And I’m quite sure you can find few more reasons why.

At this moment it is deployment is as a non persistent image which means that we set up some period of time when we reset it to its initial state in case one of you will breaks it. In the future we hope to get enough hardware to make it an individual (persistent) instance .

All registered users get FREE access to Metasploitable 2. Once you register into CTF365 and setup your VPN you’ll be able to access Metasploitable at http://metasploitable.ctf. Please remember: No VPN, no access.

CTF365 it’s a top notch training platform with a focus on Security Professionals, System Administrators and Web Developers that offers five stars services regarding training, learning and improving offensive and defensive web security.

Any questions? Glad to answer. Stay secure while having fun. 🙂

Marius Corici

Lazy (energy efficient) entrepreneur: Thinking a lot to do less, preserving energy, providing simplicity.

You may also like...

14 Responses

  1. ZeroCool says:

    Please , even conected a VPN i cant acces metsploit on cloud.

  2. ZeroCool says:

    Even after conected a VPN , i cant reach metasploitable.ctf. The only host reachable for me is the router.

  3. huffao says:


    I’m using Kali Linux and OpenVPN, and I’m facing the same issue as ZeroCool.

    I see the tun0 up, and I can ping the router ( However, I cannot access, not even ping it.

    I have all files (client.conf, auth-user-pass.conf, cert files) at the same folder, and I’m running “openvpn –config client.conf”.


  4. huffao says:

    Thanks! It works with the IP addresses.


  5. Anon says:

    The domains (or DNS service) is not working for me… But on the IP’s and you’ll have all kinds of vulnerable apps. Sooo Nice!

    As far I can see we’ve got:

    Metasploitable 2

    Of course after being connected to the provided CTF365 VPN. Great platform!

  6. Subash says:

    I have installed the OpenVPN client in the windows, but I don’t know how to connect with metasploitable. Is there any blogs or videos for this?

  1. March 10, 2014

    […] all users can build a fortress. All registered users can start to “play” with “Metasploitable In The Cloud” after setup their VPN. You can read down bellow (pct. 4) how to setup your […]

  2. May 9, 2014

    […] we launched, we added Metasploitable in the Cloud so our users could obtain practical, hands-on experience. Now we’ve introduced […]

  3. August 5, 2014

    […] already have Metasploitable and bWAPP in the cloud. Now we have more great news for CTF365 free account members. As we […]

Leave a Reply

Your email address will not be published. Required fields are marked *