Closed magnusstubman closed 4 years ago
Hey, thanks for add this case, it is very interesting and definitely should be handled.
However I don't think it is correct to handle it in _report_good_password
since it introduces two special cases that complicates too much the logic (print expired password and to not save ticket file) and don't reflect properly the difference of cases.
It would be a cleaner option to implement a function _report_expired_password
for this purpose, such as following.
def _report_expired_password(self, user, password):
with self.report_lock:
if user not in self.good_users:
self.good_users[user] = True
if user in self.good_credentials:
return
self.good_credentials[user] = password
logging.info('Stupendous (Expired password) => %s:%s' % (user, password))
if self.out_creds_file:
self.out_creds_file.write("%s:%s\n" % (user, password))
Is that okay with you?
Thank you again for the contribution.
Great!! Merging...
(Note: remember to use useful messages commits like implement _report_expired_password
, since in the global commits of branch master, it will be easier to look for changes)
Thank you
As is, kerbrute.py does not show correctly guessed passwords that have expired. IMO it should, as these may still be used (at least to change them).
Feel free to give feedback if this implementation isn't to your liking.
before
after