I’m pretty new to all this stuff - so far I’ve only got root on 2 of the machines here (Bastion and Resolute).
I haven’t used Metasploit at all yet, but in a lot of people’s write ups or hints I see that’s what they used. Now unless I’m misunderstanding (which is entirely possible), it seems like it kind of does most of the work for you? Like you just identify which service it is you want to exploit, then all you do is pick the relevant metasploit module and next thing you know you’ve got a reverse shell as local system.
Maybe it isn’t that straight forward or easy in reality, but if it is… doesn’t that kind of defeat the point of a hacking “challenge”? If all you do is run a port scan, run some pre made script (Enum4Linux etc), then run a metasploit module. Isn’t that the definition of a “script kiddie”? Or am I missing something?
On the one hand I get it - why re invent the wheel or waste time manually looking through files etc when you can automate it. Plus in the real world, all that matters is the end result of you actually owning the system. But on the other hand I dunno it just seems at odds with the idea of doing these challenges to learn things or to test your skill.
So yeah, is it as simple as it seems or is there still a lot of skill/knowledge required to use it?