Add DETECT_ANY_AUTH to make bogus login optional

wvu · wvu · commit cd858a149fc4 · 2016-08-23T23:05:47.000-05:00
diff --git a/modules/auxiliary/scanner/smb/smb_login.rb b/modules/auxiliary/scanner/smb/smb_login.rb
@@ -56,7 +56,8 @@ def initialize
       [
         Opt::Proxies,
         OptBool.new('PRESERVE_DOMAINS', [ false, "Respect a username that contains a domain name.", true ]),
-        OptBool.new('RECORD_GUEST', [ false, "Record guest-privileged random logins to the database", false ])
+        OptBool.new('RECORD_GUEST', [ false, "Record guest-privileged random logins to the database", false ]),
+        OptBool.new('DETECT_ANY_AUTH', [false, 'Enable detection of systems accepting any authentication', true])
       ], self.class)
 
   end
@@ -87,13 +88,17 @@ def run_host(ip)
       send_spn: datastore['NTLM::SendSPN'],
     )
 
-    bogus_result = @scanner.attempt_bogus_login(domain)
-    if bogus_result.success?
-      if bogus_result.access_level == Metasploit::Framework::LoginScanner::SMB::AccessLevels::GUEST
-        print_status("This system allows guest sessions with any credentials")
+    if datastore['DETECT_ANY_AUTH']
+      bogus_result = @scanner.attempt_bogus_login(domain)
+      if bogus_result.success?
+        if bogus_result.access_level == Metasploit::Framework::LoginScanner::SMB::AccessLevels::GUEST
+          print_status("This system allows guest sessions with any credentials")
+        else
+          print_error("This system accepts authentication with any credentials, brute force is ineffective.")
+          return
+        end
       else
-        print_error("This system accepts authentication with any credentials, brute force is ineffective.")
-        return
+        vprint_status('This system does not accept authentication with any credentials, proceeding with brute force')
       end
     end
 
