Various bugs when using the PASSWORD_SPRAY option

[Mathiou04]

When fixing issue #19525, I noticed that the code used to generate credentials in the case of password spraying was a quick adaptation from the code that generates credentials without it (it seems that this option has been added "recently").

I spent some time playing around with the option and found a few bugs.

I will describe at least one using the below template, but it will be easier to demonstrate all the issues with actual code: I will attach a first draft PR that implements the failings cases through automated tests

Steps to reproduce

How'd you do it?

1. use scanner/ssh/ssh_login
2. set PASSWORD_SPRAY 1
3. set BLANK_PASSWORDS 1
4. set USERNAME user
5. set rhosts file:./targets.txt
6. run

Expected behavior

I expect the module to attempt the following credentials: user:

Current behavior

Nothing is attempted

Metasploit version

6.4.36-dev

Additional Information

As written above, this is only one of various issues there are with the piece of code that generates credentials.
I will attach a PR with more explanations.

[Mathiou04]

Here is the draft PR with several additional tests that fail: #19653

[github-actions]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.