add default username to my/mssql login

[h00die]

Fixes #12891
Adds default username field (as per module info) to mysql and mssql login fields.

Verification

• Start msfconsole
• use auxiliary/scanner/mssql/mssql_login
• Verify username is 'sa' by defeault
• use auxiliary/scanner/mysql/mysql_login
• Verify username is 'root' by defeault

@digininja can you test this out?

[digininja]

Closer, but not quite:

msf5 auxiliary(scanner/mssql/mssql_login) > show options

Module options (auxiliary/scanner/mssql/mssql_login):

   Name                 Current Setting  Required  Description
   ----                 ---------------  --------  -----------
   BLANK_PASSWORDS      false            no        Try blank passwords for all users
   BRUTEFORCE_SPEED     5                yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS         false            no        Try each user/password couple stored in the current database
   DB_ALL_PASS          false            no        Add all passwords in the current database to the list
   DB_ALL_USERS         false            no        Add all users in the current database to the list
   PASSWORD                              no        A specific password to authenticate with
   PASS_FILE                             no        File containing passwords, one per line
   RHOSTS                                yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT                1433             yes       The target port (TCP)
   STOP_ON_SUCCESS      false            yes       Stop guessing when a credential works for a host
   TDSENCRYPTION        false            yes       Use TLS/SSL for TDS data "Force Encryption"
   THREADS              1                yes       The number of concurrent threads (max one per host)
   USERNAME             sa               no        A specific username to authenticate as
   USERPASS_FILE                         no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS         false            no        Try the username as the password for all users
   USER_FILE                             no        File containing usernames, one per line
   USE_WINDOWS_AUTHENT  false            yes       Use windows authentification (requires DOMAIN option set)
   VERBOSE              true             yes       Whether to print output for all attempts

msf5 auxiliary(scanner/mssql/mssql_login) > set RHOSTS 1.2.3.4.
RHOSTS => 1.2.3.4
msf5 auxiliary(scanner/mssql/mssql_login) > run

[*] 1.2.3.4:1433    - 1.2.3.4:1433 - MSSQL - Starting authentication scanner.
[*] 1.2.3.4:1433    - Error: 1.2.3.4: Metasploit::Framework::LoginScanner::Invalid Cred details can't be blank, Cred details can't be blank (Metasploit::Framework::LoginScanner::MSSQL)
[*] 1.2.3.4:1433    - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

The problem is that it doesn't like a blank password as a default if BLANK_PASSWORDS is set to false which it is by default. I realised that what I did last time was to set USER_AS_PASS to true which would have given it a password to test.

So I guess either BLANK_PASSWORDS needs setting true by default, or you need to populate the PASSWORD field with something and then change the description.

[h00die]

@digininja 2nd time's the charm! Tested against mysql, worked fine.
Also, setting default options is prob WAY more preferred than overwriting imports.

[bcoles]

Release Notes

Set default username sa for auxiliary/scanner/mssql/mssql_login
Set default username root for auxiliary/scanner/mysql/mysql_login

Enable BLANK_PASSWORDS option by default for both modules,
as the default users make use of a default blank password.