Land rapid7#3137, un-default USER_AS_PASS and...

Tod Beardsley · Tod Beardsley · commit 8082884e07ee · 2014-03-24T16:45:05.000-05:00
...BLANK_PASSWORDS. This is likely to affect nobody's normal work flow,
since best practice is to be explicit about your options in your RC
files.
diff --git a/lib/msf/core/auxiliary/auth_brute.rb b/lib/msf/core/auxiliary/auth_brute.rb
@@ -20,8 +20,8 @@ def initialize(info = {})
       OptPath.new('USERPASS_FILE',  [ false, "File containing users and passwords separated by space, one pair per line" ]),
       OptInt.new('BRUTEFORCE_SPEED', [ true, "How fast to bruteforce, from 0 to 5", 5]),
       OptBool.new('VERBOSE', [ true, "Whether to print output for all attempts", true]),
-      OptBool.new('BLANK_PASSWORDS', [ false, "Try blank passwords for all users", true]),
-      OptBool.new('USER_AS_PASS', [ false, "Try the username as the password for all users", true]),
+      OptBool.new('BLANK_PASSWORDS', [ false, "Try blank passwords for all users", false]),
+      OptBool.new('USER_AS_PASS', [ false, "Try the username as the password for all users", false]),
       OptBool.new('DB_ALL_CREDS', [false,"Try each user/password couple stored in the current database",false]),
       OptBool.new('DB_ALL_USERS', [false,"Add all users in the current database to the list",false]),
       OptBool.new('DB_ALL_PASS', [false,"Add all passwords in the current database to the list",false]),
