Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

smb-enum users #12359

Open
calgaryy opened this issue Sep 25, 2019 · 2 comments

Comments

@calgaryy
Copy link

@calgaryy calgaryy commented Sep 25, 2019

Steps to reproduce

How'd you do it?

  1. ... run a scan
  2. ... look at creds db
    When scanning hosts on a network with this module, the "creds" db isn't populated.

Expected behavior

When users are discovered, should be added to the creds db

Current behavior

When users are discovered, are not added to the creds db

Framework Version: 5.0.41-dev

N.B. Figured this didn't really need all the system info

@fishsticksflafor

This comment has been minimized.

Copy link

@fishsticksflafor fishsticksflafor commented Sep 25, 2019

@space-r7 space-r7 added the module label Oct 1, 2019
@h00die h00die added creds enhancement easy and removed module labels Nov 27, 2019
@h00die

This comment has been minimized.

Copy link
Contributor

@h00die h00die commented Nov 27, 2019

It sure doesn't.
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_enumusers.rb#L311
This could be a pretty quick addition for someone looking for an easy one. Basically you could copy something like this: https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_login.rb#L185

However, it can also be argued that these usernames aren't creds, theyre usernames, and until they turn into more you wouldn't want them cluttering up the DB.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.