I have not tried these specific steps yet, nor looked at the whole walkthrough, but if you’re looking to get started with and be held snugly while attacking Metasploitable3, this series of blog posts at the Infosec Institute look like a promising place to consult.