Adding Vulnhub VMs to Our VirtualBox Cyber Range

In this module, we will look at two different ways, based on file type, to import VMs from Vulnhub into our home lab.

8 months ago   •   4 min read

By 0xBEN
Table of contents

This module is a part of a larger series of building a security lab in VirtualBox. Click here to be taken back to the series landing page.

Building a Security Lab in VirtualBox
In this post, we we will take a look at an in-detail process of setting up an entry-level cybersecurity lab using VirtualBox

Example 1: Metasploitable 2

With this method, we are going to download a VM from Vulnhub and import it using the .vmdk file from an archive.

Go to Search for metasploitable.

Use the official Vulnhub mirror

Once finished downloading, unzip this file to extract the virtual disk.

The .vmdk file is what we're after here.

Open VirtualBox and click New

Give it a name and set VM type
Add a disk
Click the add disk icon
Go to the folder where you unzipped metasploitable2
Open the folder
Select the .vmdk file
Select choose

Click Create but do not start the VM yet! Right-click the Metasploitable2 VM and choose Settings

Open Metasploitable2's network settings
Put it on the ISOLATED network

You can now start the VM.

If you wish, you can login with msfadmin:msfadmin to check that the system grabbed an IP from the DHCP server. I got the IP address which is right what we want.

Ping Kali from Metasploitable2

Using the IP address
Using the local DNS suffix

Ping from Metasploitable2

Ping test fails as it should

Ping Metasploitable2 from Kali

Ping test succeeds as it should

Example 2: Mr. Robot

VM Info on Vulnhub:,151/
Download link:

With this method, we are going to download VM from Vulnhub and import it using the .ova file.

.OVA File

This is an Open Virtual Appliance file and is an open standard for packaging virtual machines for reuse with other hypervisors. The .ova format is directly compatible with VirtualBox.

You will notice in the directory where you downloaded the file, the file type is automatically associated with VirtualBox.

Import the VM

Double-click the mrRobot.ova file

Set the name to Mr. Robot

Set the MAC address policy

Click Import

Adjust the VM Settings

Right click the Mr. Robot VM and choose Settings

Add the VM to the ISOLATED network
Click OK

Turn on the VM, it should get an IP address from pfSense in the Isolated LA. If you configured your firewall correctly, Kali can route to this LAN.

Next Step: Building the Active Directory Lab

Adding an Active Directory Forest to Our VirtualBox Lab
In this module, we will cover the steps to set up a small Active Directory forest in VirtualBox, including a domain controller and two client computers

Spread the word

Keep reading