Password Cracking : Credential Management : Supported Credential File Formats

Supported Credential File Formats

For imported credential files, you can add spaces and any other special characters to passwords by specifying them as \x20 or any other hex value -- \x09 for tab, \x90 for a password with a NOP. If you have a password that contains the string \x20, you can use \x5cx20 to protect the password.
The following table describes the credential file formats that Metasploit Pro supports:
A PWDump file can contain SMB hashes and space delimited user name and password pairs. Each item must be on a separate line. The bruteforce attack attempts the SMB hash credentials against services that accept SMB hashes as plain text.
When you use a PWDump file, you must define the SMB domains to target services that accept Windows authentication.
When you use a PWDump file, use the imported only bruteforce depth to test only this list of credentials.
Example: administrator:501:de8130a284642c74523fa0f66c35ef02:421a1c7abc7b160c20ed78a2e06e09c8:::
A user name and password file is a text file that contains a user name and password on each line. You must use a space to separate the user name and password.
User names and passwords can contain non-ASCII in \xXX notation. For example, you can denote spaces within a user name or password as \x20.
When you use a user name and password file, use the imported only bruteforce depth to test only this list of credentials.
A passwords only file is a text file that contains only passwords. There can be only one password for each line in the file.
Metasploit Pro assigns the passwords to known user names. Passwords can contain non-ASCII in \xXX notation. For example, you can enter testuser d\xeadb\xeef.
When you use a plain password file, do not use the imported only bruteforce depth. You must choose a different bruteforce depth so that Metasploit Pro can assign a user names to each password.
Use the plain password format if you have a list of passwords and you want Metasploit Pro to specify user names to test against.
A user names only file is a text file that contains only user names. There can be one user name for each line in the file.
Metasploit Pro assigns the user names to common passwords. User names can contain non-ASCII in \xXX notation. For example, you can enter testuser d\xeadb\xeef.
When you use a user names only file, do not use the imported only bruteforce depth. You must choose a different bruteforce depth so that Metasploit Pro can assign a password to each user name.