-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unexpected PASSWORD_SPRAY and USER_AS_PASS Interaction #19525
Labels
Comments
I managed to reproduce the issue on my side, and created a PR that seem to fix it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce
Expected behavior
If
username.txt
contains:And
passwords.txt
contains:I expect the module to attempt the following credentials:
admin:admin
root:root
admin:password
root:password
Current behavior
Instead, makes the following attempts:
password:password
admin:password
root:password
Metasploit version
6.4.20-dev
Additional Information
I believe the bug is related to the relatively recently implemented "PASSWORD_SPRAY" option.
The text was updated successfully, but these errors were encountered: