Just tried out the Metasploit username and password checker: SMB Login Check Scanner against my Virtual Hacking Lab.
I confess that I’m unsure as to the practical applications of this feature, as the known login password and username are inputted.
Here’s the results against the Windows portion of the Virtual Hacking Lab:
msf > use auxiliary/scanner/smb/smb_login
msf auxiliary(smb_login) > set RHOSTS 192.168.1.79
RHOSTS => 192.168.1.79
msf auxiliary(smb_login) > set SMBUser Lab1
SMBUser => Lab1
msf auxiliary(smb_login) > set SMBPass password
SMBPass => password
msf auxiliary(smb_login) > run[*] 192.168.1.79:445 SMB – Starting SMB login bruteforce
[-] 192.168.1.79:445 SMB – [1/3] – FAILED LOGIN (Windows 5.1) Lab1 : [STATUS_LOGON_FAILURE]
[-] 192.168.1.79:445 SMB – [2/3] – FAILED LOGIN (Windows 5.1) Lab1 : Lab1 [STATUS_LOGON_FAILURE]
[-] 192.168.1.79:445 SMB – [3/3] – FAILED LOGIN (Windows 5.1) Lab1 : password [STATUS_LOGON_FAILURE]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
As you can see this failed, as did every attempt and derivation. So I switched focus to the Ubuntu portion of the hacking lab, to see if I’d have a better outcome:
msf auxiliary(smb_login) > set RHOSTS 192.168.1.80
RHOSTS => 192.168.1.80
msf auxiliary(smb_login) > set SMBUser ubuntulab
SMBUser => ubuntulab
msf auxiliary(smb_login) > set SMBPass whatever
SMBPass => whatever
msf auxiliary(smb_login) > run[*] 192.168.1.80:445 SMB – Starting SMB login bruteforce
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
And that’s all it gave me.
So, all in all, a disappointing failure.