So, I’ve been trying to solve some easy machines, i’m right starting into this and i don’t know how to proceed in some cases
For example, you know there’s a web app in a machine which has a vulnerability and that vulnerability is shared publicly, you can find the exploit for it… so my doubt is:
Should we take advantage of this information? or should we figure it out and find how to exploit this application? (should we reinvent the wheel to learn? the truth is that in a real scenario obv i would take the exploit and use it… but as i’m supposed to be learning, i dont know if i should take this advantage, or maybe taking the advantage is what i should learn?)
using exploits that already exist is a common thing to do and there is nothing wrong with that
but if you are just starting, i think its beneficial that you get to know how those vulnerabilities work, even just reading and understanding the exploit code
tools like metasploit and others are widely used because they are fast, reliable and the scripts are almost always stable but there will be some occasions in which these ready-made exploits dont work, and knowing how to manually exploit the vuln will help you a lot
so yes, you can use existing exploits and PoCs but dont just do it blindly, use them as a learning experience
great, i didnt know how was i supposed to proceed…
and that’s for sure… i mean, my case was that trying to solve a machine found an exploit and there i saw the path of the vulnerable file in the url and how to exploit it… so yes, i read the exploit and understood it, and so i got in doubt cos then i thought: should have i tried harder to enumerate this website? that was the feeling
Thank you very much for your answer! I guess thats why this machine is under easy category
