RHOSTS yes The target address range or CIDR identifier PASS_FILE no File containing passwords, one per line
PASSWORD no A specific password to authenticate with Name Current Setting Required DescriptionīLANK_PASSWORDS false no Try blank passwords for all usersīRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5ĭB_ALL_CREDS false no Try each user/password couple stored in the current databaseĭB_ALL_PASS false no Add all passwords in the current database to the listĭB_ALL_USERS false no Add all users in the current database to the list Module options (auxiliary/scanner/ssh/ssh_login): msf > use auxiliary/scanner/ssh/ssh_login Next, we load up the scanner module in Metasploit and set USERPASS_FILE to point to our list of credentials to attempt. head /usr/share/metasploit-framework/data/wordlists/root_userpass.txt We will pass a file to the module containing usernames and passwords separated by a space as shown below. The ssh_login module is quite versatile in that it can not only test a set of credentials across a range of IP addresses, but it can also perform brute force login attempts.
0 kommentar(er)
