With -sC you will have the default scripts run, not the vuln ones.
The EternalBlue script is a vuln one, so you will need to run it either specifically,
or using broader --script vuln
When running a Metasploit exploit in the TryHackMe labs,
don't forget to check the local host IP, as it may be the LAN one instead of the TryHackMe VPN one.
I think I lost quite some time because of that…
I've run hashcat on another machine, but I then don't have the screenshots
Note that here, I was heading to generic (weak) passwords. I wouldn't have found the actual one from this.
It is recommanded to use the rockyou.txt passwords from the seclists package
In the hashdump result, first hash is LM (empty here) and second is NTLM (our target password).
We don't need to crack the first one using hashcat, just the second one, so that's faster.
If you're not "root" (SYSTEM), then such search might not return results,
as you may not have access to the folder where the flag is.
Also, this would fail if flag was named user.txt or root.txt