I have been practicing my skills on Try Hack Me, specifically, I have been practicing Metasploit module Metasploit: Exploitation. I will admit I have been dabbling and not paying proper attention. As a result I find my self reviewing the completed tasks before moving on.
So I am breezing through and getting the results already recorded in the questions until I come to the final question. Basically I need to discover a user login using smb_login. Having already completed this task before I go thru the motions
I have already found the module
• search smb_login
• use 0
Now I search options ( to see which options need updating)
set RHOSTS --- Done! ( use the Ip of the of the machine)
set SMBUser--- done ( according to the question the user is penny)
set pass_file —- (this is the user list given earlier in task one: /usr/share/wordlists/MetasploitRoom/MetasploitWordlist.txt
Now here is where I have a brain blurb I simply need to set pass_file to finish my review and move on to complete the room. Now the perceptive reader will see immediately where I am going to fail at this task, and you are correct. But I will tell you that eventually ended up looking for an explanation of this on Youtube. After trying multiple solutions- I should also mention that during this review I was doing at least two other things and not paying proper attention- I finally discovered my error…
set PASS_FILE (notice the case… details matter)
and just like that its done.
What have I learned?
1. Case matters I had entered pass_file instead of PASS_FILE multiple times even though in show options, it is clearly listed in all uppercase letters
2. When you are learning it is good to practice a skill until it becomes familiar. I went over this task so many times that my fingers now know what to do once I open Metasploit!
Well I have a few more task to review before I complete this room. I’ve got to keep my skills sharp and practice is the only way to create that muscle memory that will serve me well on my journey to Pentesting.
