Large pass_file hangs login modules

nstarke · nstarke · commit eb98ea2d3191 · 2014-04-28T21:45:14.000Z
SeeRM rapid7#8704 When running a *_login module that contains a large PASS_FILE the module appears to hang while it is creating the combinations over such a large dataset. The solution proposed in the Redmine task requested that the user be alerted with some sort of progress feedback if the process takes an excessive amount of time. I have added a message that logs to the console that contains the number of pairs left to be constructed before the module will continue. The verbiage is fairly arbitrary and should probably be updated to something that might be more descriptive. Likewise, the sleep interval may need to be adjusted.
diff --git a/lib/msf/core/auxiliary/auth_brute.rb b/lib/msf/core/auxiliary/auth_brute.rb
@@ -330,6 +330,23 @@ def combine_users_and_passwords(user_array,pass_array)
     end
 
     creds = [ [], [], [], [] ] # userpass, pass, user, rest
+    remaining_pairs = combined_array.length # counter for our occasional output
+    status = Thread.new do
+      loop do
+        # Ruby's sleep function is not terribly accurate.
+        # Since all we are trying to do is let the user know
+        # that the process is still working and giving them
+        # an estimate as to how many pairs are left,
+        # precision may not be of the utmost necessity
+        sleep 100
+        # Let the user know the combined pair list is still building
+        # and tell them how many pairs are left to process.
+        print_brute(
+          :level => :vstatus,
+          :msg => "Pair list is still building with #{remaining_pairs} pairs left to process"
+        )
+      end
+    end
     # Move datastore['USERNAME'] and datastore['PASSWORD'] to the front of the list.
     # Note that we cannot tell the user intention if USERNAME or PASSWORD is blank --
     # maybe (and it's often) they wanted a blank. One more credential won't kill
@@ -344,7 +361,9 @@ def combine_users_and_passwords(user_array,pass_array)
       else
         creds[3] << pair
       end
+      remaining_pairs -= 1
     end
+    status.kill
     return creds[0] + creds[1] + creds[2] + creds[3]
   end
 
