Hi!
First don’t try any of the attacks against machines you don’t have permission to. To download metasploitable: https://information.rapid7.com/download-metasploitable-2017.html

A vulnerable service is discovered using a scanner tool like zenmap, but this a whole process. The Ethical Hacking or the Website Hcking courses show this kind of techniques.

Hope it helps!
Diego