In [auxiliary/scanner/ssh/ssh_login],
When the parameter "PASS_FILE" is set to "/home/notfound/share/top10000password.txt" with a Tab key type, Metasploit is crash.
[notfound@core metasploit-framework]$ uname -a
Linux core 3.18.4-1-ARCH #1 SMP PREEMPT Tue Jan 27 20:45:02 CET 2015 x86_64 GNU/Linux
[notfound@core metasploit-framework]$ ./msfconsole
[*] Starting the Metasploit Framework console...|
_---------.
.' ####### ;."
.---,. ;@ @@`; .---,..
." @@@@@'.,'@@ @@@@@',.'@@@@ ".
'-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @;
`.@@@@@@@@@@@@ @@@@@@@@@@@@@@ .'
"--'.@@@ -.@ @ ,'- .'--"
".@' ; @ @ `. ;'
|@@@@ @@@ @ .
' @@@ @@ @@ ,
`.@@@@ @@ .
',@@ @ ; _____________
( 3 C ) /|___ / Metasploit! \
;@'. __*__,." \|--- \_____________/
'(.,...."/
=[ metasploit v4.11.0-dev [core:4.11.0.pre.dev api:1.0.0]]
+ -- --=[ 1390 exploits - 789 auxiliary - 226 post ]
+ -- --=[ 356 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > use auxiliary/scanner/ssh/ssh_login
msf auxiliary(ssh_login) > show options
Module options (auxiliary/scanner/ssh/ssh_login):
Name Current Setting Required Description
---- --------------- -------- -----------
BLANK_PASSWORDS false no Try blank passwords for all users
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5
DB_ALL_CREDS false no Try each user/password couple stored in the current database
DB_ALL_PASS false no Add all passwords in the current database to the list
DB_ALL_USERS false no Add all users in the current database to the list
PASSWORD no A specific password to authenticate with
PASS_FILE no File containing passwords, one per line
RHOSTS yes The target address range or CIDR identifier
RPORT 22 yes The target port
STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host
THREADS 1 yes The number of concurrent threads
USERNAME no A specific username to authenticate as
USERPASS_FILE no File containing users and passwords separated by space, one pair per line
USER_AS_PASS false no Try the username as the password for all users
USER_FILE no File containing usernames, one per line
VERBOSE true yes Whether to print output for all attempts
msf auxiliary(ssh_login) > set BLANK_PASSWORDS true
BLANK_PASSWORDS => true
msf auxiliary(ssh_login) > set THREADS 20
THREADS => 20
msf auxiliary(ssh_login) > set USERNAME root
USERNAME => root
msf auxiliary(ssh_login) > set PASS_FILE /home/notfound/share/top/home/notfound/.rvm/gems/ruby-1.9.3-p551/gems/rb-readline-0.5.1/lib/rbreadline.rb:8438:in `lstat': No such file or directory - /home/notfound/sectools/metasploit-framework/set PASS_FILE /home/notfound/share/top10000passwords.txt (Errno::ENOENT)
from /home/notfound/.rvm/gems/ruby-1.9.3-p551/gems/rb-readline-0.5.1/lib/rbreadline.rb:8438:in `append_to_match'
from /home/notfound/.rvm/gems/ruby-1.9.3-p551/gems/rb-readline-0.5.1/lib/rbreadline.rb:6812:in `rl_complete_internal'
from /home/notfound/.rvm/gems/ruby-1.9.3-p551/gems/rb-readline-0.5.1/lib/rbreadline.rb:6851:in `rl_complete'
from /home/notfound/.rvm/gems/ruby-1.9.3-p551/gems/rb-readline-0.5.1/lib/rbreadline.rb:4322:in `_rl_dispatch_subseq'
from /home/notfound/.rvm/gems/ruby-1.9.3-p551/gems/rb-readline-0.5.1/lib/rbreadline.rb:4311:in `_rl_dispatch'
from /home/notfound/.rvm/gems/ruby-1.9.3-p551/gems/rb-readline-0.5.1/lib/rbreadline.rb:4727:in `readline_internal_charloop'
from /home/notfound/.rvm/gems/ruby-1.9.3-p551/gems/rb-readline-0.5.1/lib/rbreadline.rb:4801:in `readline_internal'
from /home/notfound/.rvm/gems/ruby-1.9.3-p551/gems/rb-readline-0.5.1/lib/rbreadline.rb:4823:in `readline'
from /home/notfound/sectools/metasploit-framework/lib/rex/ui/text/input/readline.rb:132:in `readline_with_output'
from /home/notfound/sectools/metasploit-framework/lib/rex/ui/text/input/readline.rb:86:in `pgets'
from /home/notfound/sectools/metasploit-framework/lib/rex/ui/text/shell.rb:184:in `run'
from /home/notfound/sectools/metasploit-framework/lib/metasploit/framework/command/console.rb:38:in `start'
from /home/notfound/sectools/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
from ./msfconsole:48:in `<main>'
In [auxiliary/scanner/ssh/ssh_login],
When the parameter "PASS_FILE" is set to "/home/notfound/share/top10000password.txt" with a Tab key type, Metasploit is crash.