Closed nrathaus closed 1 month ago
Setup of LDAP server:
docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.5.0
Setup the $LDAP_CID
value based on the container that is created
docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/new-user.ldif -H ldap://ldap.example.org -ZZ
Add another user:
ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -H ldap://127.0.0.1:389
Give it this text:
dn: uid=test,dc=example,dc=org
uid: test
cn: test
sn: 3
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/test
uidNumber: 14583102
gidNumber: 14564100
userPassword: {SSHA}j3lBh1Seqe4rqF1+NuWmjhvtAni1JC5A
mail: test@example.org
gecos: Test User
Metasploit test:
use scanner/ldap/ldap_login
set PASSWORD_SPRAY true
set USER_FILE /tmp/users.txt
set PASS_FILE /tmp/passwords.txt
set RHOSTS 127.0.0.1
run
Thanks for the PR; I don't quite have the cycles to review this fully, but if this is building an in-memory array of permutations before executing things - then that pattern won't scale well for large user/password lists unfortunately
That's something I ran into with the older brute force mixin - https://github.com/rapid7/metasploit-framework/pull/15115 - that I believe the credential_collection
doesn't suffer from in its current state of yielding values
@adfoster-r7 I agree that on large arrays (user count * password count) it can become very big and probably consume a lot of memory, so I reverted the patch and made a "duplicate" of the function with _password_first
focus on it, and a yield
picking between the two options
I don't have enough Ruby understanding to make sure it works (my Ruby skills aren't that great at the moment)
Also I don't see any unit-tests I can use to verify it works as expected on all scenarios
I did check it on FTP and LDAP with username/password files - seems to work as expected
Also I don't see any unit-tests I can use to verify it works as expected on all scenarios
Hmm - do these work? Or do we need to add more 👀
@adfoster-r7 opps, I have no idea how to use these as unittest - any guidance in Metapsloit guides or elsewhere on how to run these as standalone?
VS doesn't show them as tests
Sorry for the delay; Do these steps work?
Looks like it will help, I will give it a try
@adfoster-r7
bundle rspec ./spec/path/to/your/tests_1.rb ./spec/path/to/your/tests_2.rb
Should be:
bundle exec rspec ./spec/path/to/your/tests_1.rb ./spec/path/to/your/tests_2.rb
Is the DB error I am getting for rspec, related to this step:
cd ~/metasploit-framework/config &&
cp database.yml.example database.yml
My bad, I misinterpreted the outcome, on main
I see no errors:
$ bundle exec rspec spec/lib/metasploit/framework/credential_collection_spec.rb
Overriding user environment variable 'OPENSSL_CONF' to enable legacy functions.
Run options:
include {:focus=>true}
exclude {:acceptance=>true}
All examples were filtered out; ignoring {:focus=>true}
Randomized with seed 29966
Metasploit::Framework::CredentialCollection ...................
Top 10 slowest examples (0.0159 seconds, 56.5% of total time):
Metasploit::Framework::CredentialCollection#empty? when :username is set and :password is not set is expected to eq true
0.00427 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:205
Metasploit::Framework::CredentialCollection#each is expected to yield with args(Metasploit::Framework::Credential)
0.00242 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:35
Metasploit::Framework::CredentialCollection#each when given a userspass_file is expected to yield successive args(#<Metasploit::Framework::Credential "asdf:jkl" >, #<Metasploit::Framework::Credential "foo:bar" >)
0.00149 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:87
Metasploit::Framework::CredentialCollection#each when given a username, user_file and pass_file is expected to yield successive args(#<Metasploit::Framework::Credential "my_username:asdf" >, #<Metasploit::Framework::Credential "my_username:jkl" >, #<Metasploit::Framework::Credential "asdf:asdf" >, #<Metasploit::Framework::Credential "asdf:jkl" >, #<Metasploit::Framework::Credential "jkl:asdf" >, #<Metasploit::Framework::Credential "jkl:jkl" >)
0.00121 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:142
Metasploit::Framework::CredentialCollection#each when given a pass_file and user_file is expected to yield successive args(#<Metasploit::Framework::Credential "asdf:asdf" >, #<Metasploit::Framework::Credential "asdf:jkl" >, #<Metasploit::Framework::Credential "jkl:asdf" >, #<Metasploit::Framework::Credential "jkl:jkl" >)
0.00121 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:113
Metasploit::Framework::CredentialCollection#each when given a pass_file and username is expected to yield successive args(#<Metasploit::Framework::Credential "user:asdf" >, #<Metasploit::Framework::Credential "user:jkl" >)
0.00116 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:67
Metasploit::Framework::CredentialCollection#each when :blank_passwords is true is expected to yield successive args(#<Metasploit::Framework::Credential "user:pass" >, #<Metasploit::Framework::Credential "user:" >)
0.00115 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:176
Metasploit::Framework::CredentialCollection#each when given a user_file and password is expected to yield successive args(#<Metasploit::Framework::Credential "asdf:pass" >, #<Metasploit::Framework::Credential "jkl:pass" >)
0.00104 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:49
Metasploit::Framework::CredentialCollection#each when :user_as_pass is true is expected to yield successive args(#<Metasploit::Framework::Credential "user:pass" >, #<Metasploit::Framework::Credential "user:user" >)
0.00101 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:156
Metasploit::Framework::CredentialCollection#empty? when :username is set and :password is not set and :nil_passwords is true is expected to eq false
0.00094 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:211
Finished in 0.02814 seconds (files took 3.13 seconds to load)
19 examples, 0 failures
Randomized with seed 29966
Coverage report generated for RSpec to /home/noam/src/metasploit-framework/coverage. 2150 / 11805 LOC (18.21%) covered.
On branch fix_password_spray
I see the same outcome:
Overriding user environment variable 'OPENSSL_CONF' to enable legacy functions.
Run options:
include {:focus=>true}
exclude {:acceptance=>true}
All examples were filtered out; ignoring {:focus=>true}
Randomized with seed 47938
Metasploit::Framework::CredentialCollection ...................
Top 10 slowest examples (0.02078 seconds, 59.7% of total time):
Metasploit::Framework::CredentialCollection#empty? when :username is not set and :password is not set is expected to eq true
0.00513 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:229
Metasploit::Framework::CredentialCollection#each when given a username, user_file and pass_file is expected to yield successive args(#<Metasploit::Framework::Credential "my_username:asdf" >, #<Metasploit::Framework::Credential "my_username:jkl" >, #<Metasploit::Framework::Credential "asdf:asdf" >, #<Metasploit::Framework::Credential "asdf:jkl" >, #<Metasploit::Framework::Credential "jkl:asdf" >, #<Metasploit::Framework::Credential "jkl:jkl" >)
0.0035 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:142
Metasploit::Framework::CredentialCollection#prepend_cred is expected to yield successive args(#<Metasploit::Framework::Credential "foo:bar" >, #<Metasploit::Framework::Credential "user:pass" >)
0.00249 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:258
Metasploit::Framework::CredentialCollection#each when :user_as_pass is true is expected to yield successive args(#<Metasploit::Framework::Credential "user:pass" >, #<Metasploit::Framework::Credential "user:user" >)
0.00194 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:156
Metasploit::Framework::CredentialCollection#empty? when :username is set and :password is not set is expected to eq true
0.00148 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:205
Metasploit::Framework::CredentialCollection#empty? when :username is not set and :password is not set and :additional_publics is not empty is expected to eq true
0.00132 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:249
Metasploit::Framework::CredentialCollection#empty? when :username is set and :password is set is expected to eq false
0.00132 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:198
Metasploit::Framework::CredentialCollection#each when given a pass_file and user_file is expected to yield successive args(#<Metasploit::Framework::Credential "asdf:asdf" >, #<Metasploit::Framework::Credential "asdf:jkl" >, #<Metasploit::Framework::Credential "jkl:asdf" >, #<Metasploit::Framework::Credential "jkl:jkl" >)
0.00125 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:113
Metasploit::Framework::CredentialCollection#each when :nil_passwords is true is expected to yield successive args(#<Metasploit::Framework::Credential "user" >, #<Metasploit::Framework::Credential "user:pass" >)
0.00121 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:166
Metasploit::Framework::CredentialCollection#each when given a user_file and password is expected to yield successive args(#<Metasploit::Framework::Credential "asdf:pass" >, #<Metasploit::Framework::Credential "jkl:pass" >)
0.00115 seconds ./spec/lib/metasploit/framework/credential_collection_spec.rb:49
Finished in 0.03484 seconds (files took 3.6 seconds to load)
19 examples, 0 failures
Randomized with seed 47938
Coverage report generated for RSpec to /home/noam/src/metasploit-framework/coverage. 2152 / 11864 LOC (18.14%) covered.
Should I add a test for the password_spray
part to verify it works as expected?
That sounds good to me - thanks! 💯
I added a spec
, but for some reason I get an error which I don't quite understand the root cause
It seems to be related to the inability to open the user_file
, I don't see why it works when password_spray
is false (the file is openable)
Randomized with seed 1002
Metasploit::Framework::CredentialCollection F
1) Metasploit::Framework::CredentialCollection#each when given a pass_file and user_file and password spray is expected to yield successive args(#<Metasploit::Framework::Credential "user1:password1" >, #<Metasploit::Framework::Credential "user2:password1" >, #<Metasploit::Framework::Credential "user3:password1" >, #<Metasploit::Framework::Credential "user1:password2" >, #<Metasploit::Framework::Credential "user2:password2" >, #<Metasploit::Framework::Credential "user3:password2" >)
Failure/Error: user_fd = File.open(user_file, 'r:binary')
#<File (class)> asked to yield |[#<StringIO:0x000056262f2d9730>]| but no block was passed
# ./vendor/bundle/ruby/3.0.0/gems/rspec-support-3.13.0/lib/rspec/support.rb:110:in `block in <module:Support>'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-support-3.13.0/lib/rspec/support.rb:119:in `notify_failure'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/error_generator.rb:348:in `notify'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/error_generator.rb:332:in `__raise'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/error_generator.rb:143:in `raise_missing_block_error'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/message_expectation.rb:704:in `call'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/message_expectation.rb:761:in `block in call'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/message_expectation.rb:760:in `map'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/message_expectation.rb:760:in `call'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/message_expectation.rb:621:in `invoke_incrementing_actual_calls_by'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/message_expectation.rb:474:in `invoke'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/proxy.rb:209:in `message_received'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/proxy.rb:361:in `message_received'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/method_double.rb:98:in `proxy_method_invoked'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/verifying_proxy.rb:161:in `proxy_method_invoked'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-mocks-3.13.0/lib/rspec/mocks/method_double.rb:74:in `block (2 levels) in define_proxy_method'
# ./lib/metasploit/framework/credential_collection.rb:248:in `each_unfiltered_password_first'
# ./lib/metasploit/framework/credential_collection.rb:92:in `each_filtered'
# ./spec/lib/metasploit/framework/credential_collection_spec.rb:144:in `block (5 levels) in <top (required)>'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-expectations-3.13.0/lib/rspec/matchers/built_in/yield.rb:35:in `probe'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-expectations-3.13.0/lib/rspec/matchers/built_in/yield.rb:16:in `probe'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-expectations-3.13.0/lib/rspec/matchers/built_in/yield.rb:308:in `matches?'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-expectations-3.13.0/lib/rspec/expectations/handler.rb:51:in `block in handle_matcher'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-expectations-3.13.0/lib/rspec/expectations/handler.rb:27:in `with_matcher'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-expectations-3.13.0/lib/rspec/expectations/handler.rb:48:in `handle_matcher'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-expectations-3.13.0/lib/rspec/expectations/expectation_target.rb:65:in `to'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-expectations-3.13.0/lib/rspec/expectations/expectation_target.rb:139:in `to'
# ./spec/lib/metasploit/framework/credential_collection_spec.rb:144:in `block (4 levels) in <top (required)>'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example.rb:263:in `instance_exec'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example.rb:263:in `block in run'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example.rb:511:in `block in with_around_and_singleton_context_hooks'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example.rb:468:in `block in with_around_example_hooks'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/hooks.rb:486:in `block in run'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/hooks.rb:626:in `block in run_around_example_hooks_for'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example.rb:352:in `call'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-rails-6.0.3/lib/rspec/rails/adapters.rb:75:in `block (2 levels) in <module:MinitestLifecycleAdapter>'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example.rb:457:in `instance_exec'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example.rb:457:in `instance_exec'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/hooks.rb:390:in `execute_with'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/hooks.rb:628:in `block (2 levels) in run_around_example_hooks_for'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example.rb:352:in `call'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/hooks.rb:629:in `run_around_example_hooks_for'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/hooks.rb:486:in `run'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example.rb:468:in `with_around_example_hooks'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example.rb:511:in `with_around_and_singleton_context_hooks'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example.rb:259:in `run'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example_group.rb:646:in `block in run_examples'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example_group.rb:642:in `map'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example_group.rb:642:in `run_examples'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example_group.rb:607:in `run'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example_group.rb:608:in `block in run'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example_group.rb:608:in `map'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example_group.rb:608:in `run'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example_group.rb:608:in `block in run'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example_group.rb:608:in `map'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/example_group.rb:608:in `run'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/runner.rb:121:in `block (3 levels) in run_specs'
# ./vendor/bundle/ruby/3.0.0/gems/rspec-core-3.13.0/lib/rspec/core/runner.rb:121:in `map'
I have committed the changes as well as the rspec, I think we are ok with integration
Tested against SMB, with the change I suggested above added locally.
password_spray=true
msf6 auxiliary(scanner/smb/smb_login) > rerun rhost=xxx.xxx.xxx.xxx user_file=username.txt pass_file=password.txt CreateSession=true verbose=true use_windows_authent=true tdsencryption=false password_spray=true[*] Reloading module...
[*] New in Metasploit 6.4 - The CreateSession option within this module can open an interactive session
[*] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Starting SMB login bruteforce
[+] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Success: '.\foo:password' Administrator
[*] SMB session 1 opened (xxx.xxx.xxx.xxx:60830 -> xxx.xxx.xxx.xxx:445) at 2024-04-19 12:58:45 +0100
[-] xxx.xxx.xxx.xxx:445 - 192.168.175.221:445 - Failed: '.\Administrator:password',
[+] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Success: '.\foobar:password' Administrator
[*] SMB session 2 opened (xxx.xxx.xxx.xxx:60833 -> xxx.xxx.xxx.xxx:445) at 2024-04-19 12:58:46 +0100
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:password',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\Administrator:password1',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:password1',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\Administrator:password2',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:password2',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\Administrator:password3',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:password3',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\Administrator:Password1',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:Password1',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\Administrator:pass',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:pass',
[*] xxx.xxx.xxx.xxx:445 - Scanned 1 of 1 hosts (100% complete)
[*] xxx.xxx.xxx.xxx:445 - Bruteforce completed, 2 credentials were successful.
[*] xxx.xxx.xxx.xxx:445 - 2 SMB sessions were opened successfully.
[*] Auxiliary module execution completed
password_spray=false
msf6 auxiliary(scanner/smb/smb_login) > rerun rhost=xxx.xxx.xxx.xxx user_file=username.txt pass_file=password.txt CreateSession=true verbose=true use_windows_authent=true tdsencryption=false password_spray=false
[*] Reloading module...
[*] New in Metasploit 6.4 - The CreateSession option within this module can open an interactive session
[*] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Starting SMB login bruteforce
[+] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Success: '.\foo:password' Administrator
[*] SMB session 3 opened (xxx.xxx.xxx.xxx:60849 -> xxx.xxx.xxx.xxx:445) at 2024-04-19 12:59:00 +0100
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\Administrator:password',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\Administrator:password1',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\Administrator:password2',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\Administrator:password3',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\Administrator:Password1',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\Administrator:pass',
[+] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Success: '.\foobar:password' Administrator
[*] SMB session 4 opened (xxx.xxx.xxx.xxx:60856 -> xxx.xxx.xxx.xxx:445) at 2024-04-19 12:59:01 +0100
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:password',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:password1',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:password2',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:password3',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:Password1',
[-] xxx.xxx.xxx.xxx:445 - xxx.xxx.xxx.xxx:445 - Failed: '.\boo:pass',
[*] xxx.xxx.xxx.xxx:445 - Scanned 1 of 1 hosts (100% complete)
[*] xxx.xxx.xxx.xxx:445 - Bruteforce completed, 2 credentials were successful.
[*] xxx.xxx.xxx.xxx:445 - 2 SMB sessions were opened successfully.
[*] Auxiliary module execution completed
@cgranleese-r7 I added your suggestions - thank you for the review
Fixes an issue were the password_spray
module option was being ignored.
Fixes #18994 which will fix the PASSWORD_SPRAY (unhandling) issue whenever the code is still using
each
for credentials rather than newer functionsI am unable to test it for all modules that use this - I did test it for LDAP