Metasploitable

One of the problems you encounter when learning how to use an exploitation framework is trying to configure targets to scan and attack. Luckily, the Metasploit team is aware of this and released a vulnerable VMware virtual machine called 'Metasploitable'.

Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
The VM will run on any recent VMware products and other visualization technologies such as VirtualBox, VMFusion. You can download the image file of Metasploitable 2 from http://sourceforge.net/projects/metasploitable/files/Metasploitable2/.

The default login and password is msfadmin:msfadmin.
Never expose this VM to an untrusted network (use NAT or Host-only mode if you have any questions what that means).

Once you have downloaded the VM, extract the zip file, open up the vmx file using your VMware product of choice, and power it on. After a brief time, the system will be booted and ready for action.

For more information on the VM configuration, there is a blog posting here https://community.rapid7.com/docs/DOC-1875
But beware...there are spoilers in it.
To contact the developers, please send email to msfdev [a] metasploit [period] com