Land rapid7#7238, Add DETECT_ANY_AUTH to smb_login

wchen-r7 · wchen-r7 · commit 52b81f32b1bc · 2016-08-25T11:52:14.000-05:00
diff --git a/documentation/modules/auxiliary/scanner/smb/smb_login.md b/documentation/modules/auxiliary/scanner/smb/smb_login.md
@@ -115,3 +115,12 @@ set SMBPass [password]
 
 Note: If an account has been successfully brute-forced, that account will not be tried again.
 
+Additionally, if you wish to disable automatic detection of all-access systems, you can change the following option:
+
+**The DETECT_ANY_AUTH option**
+
+This option enables detection of systems accepting any authentication. A bogus login will be attempted.
+
+```
+set DETECT_ANY_AUTH false
+```
diff --git a/modules/auxiliary/scanner/smb/smb_login.rb b/modules/auxiliary/scanner/smb/smb_login.rb
@@ -56,7 +56,8 @@ def initialize
       [
         Opt::Proxies,
         OptBool.new('PRESERVE_DOMAINS', [ false, "Respect a username that contains a domain name.", true ]),
-        OptBool.new('RECORD_GUEST', [ false, "Record guest-privileged random logins to the database", false ])
+        OptBool.new('RECORD_GUEST', [ false, "Record guest-privileged random logins to the database", false ]),
+        OptBool.new('DETECT_ANY_AUTH', [false, 'Enable detection of systems accepting any authentication', true])
       ], self.class)
 
   end
@@ -87,13 +88,17 @@ def run_host(ip)
       send_spn: datastore['NTLM::SendSPN'],
     )
 
-    bogus_result = @scanner.attempt_bogus_login(domain)
-    if bogus_result.success?
-      if bogus_result.access_level == Metasploit::Framework::LoginScanner::SMB::AccessLevels::GUEST
-        print_status("This system allows guest sessions with any credentials")
+    if datastore['DETECT_ANY_AUTH']
+      bogus_result = @scanner.attempt_bogus_login(domain)
+      if bogus_result.success?
+        if bogus_result.access_level == Metasploit::Framework::LoginScanner::SMB::AccessLevels::GUEST
+          print_status("This system allows guest sessions with any credentials")
+        else
+          print_error("This system accepts authentication with any credentials, brute force is ineffective.")
+          return
+        end
       else
-        print_error("This system accepts authentication with any credentials, brute force is ineffective.")
-        return
+        vprint_status('This system does not accept authentication with any credentials, proceeding with brute force')
       end
     end
 
