Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various bugs when using the PASSWORD_SPRAY option #19652

Open
Mathiou04 opened this issue Nov 15, 2024 · 2 comments · May be fixed by #19653
Open

Various bugs when using the PASSWORD_SPRAY option #19652

Mathiou04 opened this issue Nov 15, 2024 · 2 comments · May be fixed by #19653
Labels
bug confirmed Issues confirmed by a committer

Comments

@Mathiou04
Copy link
Contributor

When fixing issue #19525, I noticed that the code used to generate credentials in the case of password spraying was a quick adaptation from the code that generates credentials without it (it seems that this option has been added "recently").

I spent some time playing around with the option and found a few bugs.

I will describe at least one using the below template, but it will be easier to demonstrate all the issues with actual code: I will attach a first draft PR that implements the failings cases through automated tests

Steps to reproduce

How'd you do it?

  1. use scanner/ssh/ssh_login
  2. set PASSWORD_SPRAY 1
  3. set BLANK_PASSWORDS 1
  4. set USERNAME user
  5. set rhosts file:./targets.txt
  6. run

Expected behavior

I expect the module to attempt the following credentials: user:

Current behavior

Nothing is attempted

Metasploit version

6.4.36-dev

Additional Information

As written above, this is only one of various issues there are with the piece of code that generates credentials.
I will attach a PR with more explanations.
@Mathiou04 Mathiou04 added the bug label Nov 15, 2024
@Mathiou04 Mathiou04 linked a pull request Nov 15, 2024 that will close this issue
Draft
3 tasks
@Mathiou04
Copy link
Contributor Author

Here is the draft PR with several additional tests that fail: #19653

@github-actions GitHub Actions
Copy link

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@github-actions github-actions bot added the Stale Marks an issue as stale, to be closed if no action is taken label Dec 18, 2024
@adfoster-r7 adfoster-r7 added the confirmed Issues confirmed by a committer label Dec 18, 2024
@github-actions github-actions bot removed the Stale Marks an issue as stale, to be closed if no action is taken label Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug confirmed Issues confirmed by a committer
Projects
Metasploit Kanban
Status: No status
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixing multiple bugs in credential generation + refactoring Mathiou04/metasploit-framework
2 participants
@Mathiou04 @adfoster-r7