Obtaining the IP address of a virtual machine to use Metasploit

I'd actually disagree with most here and advise you to go to host only mode. This means go to File > Preferences > Network and click on the add adapter button. This creates a virtual network interface on your computer.

At that point you can go to your vulnerable VM > settings > network > Host-only adapter. This means only your main PC which is running the VM or other virtual machines can interact with the VM. You still get separate IP addresses etc, but you should really never have deliberately vulnerable machines on your live network. It will be perfectly suitable for pen testing, and is infact the recommended setting for deliberately vulnerable VM's such as metasploitable.

Find your IP address the way you would for that style of machine, typically typing ipconfig in cmd for windows or ifconfig in terminal for a linux based system.

This protects you accidentally exposing it externally.

Edit: Dammit I didn't see this had been raised from ages ago for some reason.


When I use VirtualBox I set the network to "Bridged adapter", that way I can get a ip from the DHCP server on the network. And once I have that I can us the tools that are built in the OS (ifconfig/ipconfig) to get the ip I am assigned right now.

And in order to connect to the Machine I either start the machine from VirtualBox directly so I get a "head" (get a virtual screen) or using headless with RDP enabled (so I can connect using some sort of RemoteDesktop client to connect to VirtualBox and get the Virtual monitor remotely).

Simpler instructions for VirtualBox: Open the VirtualBox Manager, select your virtual machine. Then choose settings for this machine, network and change the dropdown that says "NAT" to "bridged" a new dropdown will be activated where you have to select what network (card) it should bridge with. Once this is done, simply "Start" the virtual machine, log in to it and if it is linux/unix use "ip addr show" from a console, if it is windows start a "cmd" and use "ipconfig" (or check from the control panel)


Not really a security related question but here you go:

Depending on the configuration, you may find it hard to connect to your VM if it's configured as NAT. NAT insulates your VM from the outside world but it's a layer of complexity you probably don't want to deal with when learning.

If you're using something like Metasploitable it comes with so many services running that you really don't want to bother pinholing them all through the NAT configuration.

When configuring a VM that you may want to interface with, it's usually a better idea to configure it in "bridged" networking mode so that it can be available on your network.

If you're running DHCP on your network the VM will get the address from your DHCP server and you can connect to it from any host on your network. You can find the IP address of a Linux system by issuing the comment ip addr list.