Hi Guys,
Just a quick post while I am on the train to work, yes work, so much fun! Actually hopefully I can finish this work paper today and then get more involved on a source code review, fingers crossed.
Anyhow this post is about my dislike for the Metasploitable documentation, especially coming from a newbiew.
I will cut to the chase and say its because most of the stuff they do and show in the documentation DOES NOT work on the VM. Why have all this documentation that is supposed to be specific to the vulnerable Vm that they specifically MADE and not have it directly link to the VM.. ungh so silly and so frustrating.
It would be like having a bowl of soup and trying to eat with a fork.. Pointless. Bad analogy I know, I am very bad at them.
This problem happens from early on, by early on I mean I did not bother going past information gathering. How bad is that! Or perhaps lazy of me to see if the documentation got better.
Now the documentation explains how to use a password sniffer, which is great, but if you use it on the VM it fails, it barely gives any output of feedback in the terminal. So I must assume it did not find a password. Then SNMP sweeping is not worth going through either. The beautiful and useful output in the screenshots which is great for learning I might add, is not able to be replicated in the VM. Which is terrible, I like to be tactile and learn by DOING. but no you can't.
Being a newbie and having no direct path for ethical hacking coming across the metasploitabke documentation was too good to be true. So far it is! No direct path is great in that you are free to learn what you choose and find what is relevant for you, however no path at all creates a big opening to spend more time searching than learning (which I have done quite a lot). As such I am finding you need a great passion and great persistence with learning for this industry.
So I appear to have come to a love hate relationship with the Metasploitable documentation, it can give you a taste of how to, but not directly onto the VM, so perhaps it is worth googling and playing around, which is the idea of 'hackers' hey. If it was easy, everyone would do it!.
Hope this comes as a warning for newbies who wish to jump in on Metasploitable. Good Luck!... and be patient
Cheers
Haydn
No comments:
Post a Comment