Fix username/password generation in case both PASSWORD_SPRAY and USER_AS_PASS are enabled #19550
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…e PASSWORD_SPRAY and USER_AS_PASS are both enabled Added minimal code to fix the issue, extracting the code to generate username:username credentials in the PASSWORD_SPRAY case
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixing bug #19525
I think this is the minimal code for fixing this bug.
But looking at the
each_filteredmethod, I think I found a few more bugs along the way.I didn't want to go into this to make this review easier but I think it would be worth spending a bit more time on this method to:
each_unfiltered_password_first, introduced for thePASSWORD_SPRAYoption, is a quick adaptation of theeach_unfiltered_username_first, maybe with a few mistakes)This is my first PR for the metasploit project and I've looked at the basecode for the first time today, so sorry in advance if I missed something in the process 😓