Metasploitable 2 (even better than the original Metasploitable) is a great way to practice your hacking skills. I use it all the time for my sandbox setup phase.
Metasploitable 2 also comes with several vulnerable websites to practice your web exploitation skills. My favorite is Mutillidae. However, there is a small error in the Mutillidae setup on Metasploitable 2. Thankfully, it is easily fixable.
The problem is that the database specified in the Mutillidae config file is incorrect. You will know you are experiencing this problem if you click on something that requires the database and you get a bunch of header errors that don’t look quite right.
To fix it, log into Metasploitable 2 (msfadmin/msfadmin), and open up the /var/www/mutillidae/config.inc file (you may need to use sudo). Change the dbname field from “metasploit” to “owasp10″. Save it, and try the login page again.