Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Optionally store enumerated SMB usernames in DB #12929
This responds to issue #12359, where it was noted that enumerated usernames from this module were not being stored in the database. Since they are not a credential pair of user:pass, I have made it an optional feature with 'DB_ALL_USERS', which is consistent with other scanning modules.
Default functionality (unchanged):
Now, I would expect that I should be able to use these enumerated usernames in
So disclaimer, I'm a very new contributor to Metasploit and a Ruby newbie in general. Poking around at the source of the LoginScanner and AuthBrute modules kinda make me think that its more likely I'm putting the data in the database wrong, but I'm not quite sure what I'm missing - feedback or suggestions of 'go and look at this bit' are welcome. I did note that if I make the module insert a fixed string like so:
meterpreter was pretty happy with that:
Thoughts? If you know what I might be getting wrong please point me in the right direction and I'll try and fix it up in this PR - but asking for feedback is better than not doing so. This is only my second PR, constructive feedback and suggestions welcome. Thanks!
Currently, the user names are not getting added to the
I submitted a PR to fix that particular issue. Hopefully, once those changes are in master, you can update your branch and test against the changes. If you don't get the error, then I'll go ahead and land. Thanks for taking this issue on!
Rebased against upstream/master, looks like it works to me:
Unfortunately the smb_login module won't try each database credential object with the provided SMBPass, but that's probably out of scope for this PR/issue? It makes sense that it does not, that is how DB_ALL_CREDS works.
The commit history got a little messed up, so I went ahead and force-pushed to your branch.
I think that's expected. I've been testing with
Testing the new option: