'How to' do it it's not a secret because SMF provides possibility
of checking what are names of users 'registered'.
Anyway, if You are testing for example passwords in SMF installation,
You can do this steps for Your users (I mean: You are an admin of SMF You're checking...;))
(Example presented here actually won't give You "usernames",
You will get only 'ID's of registered (available) users. I thought givint tool to
'remote get all users' won't be a good idea ;))
a) code presented below should helps You how to automate 'user grabbing':
SMF 1.1.4 CMS - user grabber
Now. For what it can be used.
If You're checking 'possible' (weak) passwords for 'all enumerated users'
You can try a little brute force for passwords (based on usernames) like this:
if user (name) grabbed in scan then try to log in as him with password like user1, user123,
resu, password... and all 'guessable' passwords.
If You're doing some pentest with 'password checking' scenarios, maybe this
should helps You a little (in automate some work) ;)
More information about other 'enumeration-bugs' from March/April
You can find also here.