def bf_user_pass(self, username, password):
try:
self.session.login(username, password) # <-- here
print(f'{username}:{password}')
except SessionError as se:
...
when using smbrute the -default option, in some cases when the guest session is disabled this might pass and result in a false positive and Error 32 Broken pipe on the next try (next username/password) as of right now I am unsure how to fix this, since I can't come up with an efficient way to tell if the session is still valid other than making another request to the server which would essentially double the amount of requests made (each username + password = 2 requests instead of 1, to determine if session is still up)
what is even more weird, is that if the username and password guest:<empty> come from a text document (e.g. via bf_userlist_passlist) the credentials are printed as valid (as false positive, same as with -default), but other trys for that username are skipped ant it will be proceeded with the next username instead of crashing the connection.
when using smbrute the
-default
option, in some cases when the guest session is disabled this might pass and result in a false positive and Error 32 Broken pipe on the next try (next username/password) as of right now I am unsure how to fix this, since I can't come up with an efficient way to tell if the session is still valid other than making another request to the server which would essentially double the amount of requests made (each username + password = 2 requests instead of 1, to determine if session is still up)output
what is even more weird, is that if the username and password
guest:<empty>
come from a text document (e.g. viabf_userlist_passlist
) the credentials are printed as valid (as false positive, same as with-default
), but other trys for that username are skipped ant it will be proceeded with the next username instead of crashing the connection.output
depending on how common this will become i'll fix it or not