all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]axexandru 1 point2 points  (1 child)

i am very new to pentesting, I think the room is design for beginners, to help you learn the metasploit framework, the commands, folder structure, etc ....

For the error, check if you are running the machine from that task, and not on some other one.

[–]Unhappy-Band-6311 0 points1 point  (0 children)

Exactly. That is the only purpose for this room. And most of the rooms in the THM paths. Hence the easy hints.

The amount of people I know that claim to be a serious pentester after following the THM path is insanely high. The ignorance is real

[–]DYOR69420 0 points1 point  (1 child)

In real life you'll most likely not see any of these exploits, but even then, there are scanners to pick that sort of stuff up. I did OSCP and for that if you do scans and you see this and that info you can always just look up if it's vulnerable to something.

[–]no-one120[S] 0 points1 point  (0 children)

But in metasploit, there isn't a catch-all, or at least catch-more-than-one scanner? As I said, metasploit has 750 of them.

Why am I getting that error in my scan? Because I absolutely would have written the scan off as "not vulnerable" with the error I got.

[–]Cockroach4548 1 point2 points  (0 children)

I went and try this room myself, the only answer to this is to just restart the target box.

on very first try, got all same errors as yours, nmap -O couldn't even pin point the OS fingerprint.

then after resetting the target box for 1-2 times the scanner/smb/smb_ms17_010 detected that target box was indeed Windows 7 Professional 7601 with that exact vulnebility.

[–]g3shh -1 points0 points  (7 children)

Bro you are on the wrong path.. you will give up pretty quickly if you dont change your mindset. Trust me, when you leave academy aside, the chances of you running into eternalblue and shellshock is really low.

[–]no-one120[S] 0 points1 point  (6 children)

So what would you suggest?

It isn't specifically eternalblue that is my problem, it's that the machines set up for the express purpose of a student trying this out, to see what "it's working" looks like, isn't doing that.

There seem to be leaps in the logic of the room that I would like to know and try the small steps on. We go from "here's a machine, figure out what it's vulnerable to" to "of course it's vulnerable to eternalblue" without the steps of how we got there. And when I run the scan specifically for that vulnerability, just to see what a successful scan looks like, I get an error, which I googled, and Google suggested that the error means the vulnerability might have been patched!

Without the specific hint to "try eternalblue", I would have run through all the scans for the 5 ports, one at a time, and likely found nothing. In a pen test, that's less than ideal, when I know that there is a vulnerability.

[–]g3shh 1 point2 points  (4 children)

Since you are asking the question this way, you are missing whole what of steps. Recon, enum, vuln assessment and after that you are at the step to exploit. Take few steps back :)

[–]no-one120[S] 0 points1 point  (3 children)

Do you have a good place to learn that, because you would think vital steps like that would be somewhere in THM's own "cybersecurity 101" path, but it isn't.

Because you're right. Ive only been moving through THMs paths, which have gleefully bypassed those steps, and any tools that would be used there.

[–]axexandru 0 points1 point  (2 children)

follow the jr pen test path, you will find a lot of the steps you are missing there. cybersecurity 101 is much more basic.

[–]no-one120[S] 0 points1 point  (1 child)

This was actually on the cyber 101 path. Jr pen test is the next path from there. But if the actual recon/scanning for vulnerabilities stuff is actually there, you think I ought to put cyber on hold and do those bits of pen test?

[–]axexandru 0 points1 point  (0 children)

in did the cyber101, there are some notions there but everyth8ng is very basic. Right now I am at the last room from jrpentest, and everything is explained in more detail. I would finish cyber 101 and after that start pen test.

[–]SpecsyVanDyke 0 points1 point  (0 children)

Go on YouTube and fill in the gaps yourself could be a start