- Mastering Metasploit
- Nipun Jaswal
- 183字
- 2021-06-25 21:35:58
Rephrasing the equation
If you are scratching your head after working on the module listed previously, let's understand the module in a step-by-step fashion:
- We've created a CredentialCollection object that takes any user as input and yields credentials, which means that if we provide USERNAME as the root and PASSWORD as the root, it will yield those as a single credential. However, if we use USER_FILE and PASS_FILE as dictionaries, then it will take each username and password from the dictionary file and will generate credentials for each combination of username and password from the files, respectively.
- We've created a scanner object for SSH, which will eliminate any manual command usage and will simply check all the combinations we supplied one after the other.
- We've run our scanner using the .scan method, which will initialize the authentication of brute force on the target.
- The .scan method will scan all credentials one after the other and, based on the result, will either store it into the database and display the same with print_good, else it will show it using print_status without saving it.