Fix #7671, support LOCKED_OUT and DISABLED login status

This allows login scanner modules to skip a user if it is locked out, or disabled. Fix #7671
2016-12-07 16:49:16 -06:00 · 2016-12-07 16:49:16 -06:00 · 0110b97fa2
parent ba9ce3fcfb
commit 0110b97fa2
2 changed files with 20 additions and 2 deletions
--- a/lib/metasploit/framework/login_scanner/base.rb
+++ b/lib/metasploit/framework/login_scanner/base.rb
@ -199,6 +199,7 @@ module Metasploit
            total_error_count = 0

            successful_users = Set.new
+            ignored_users = Set.new
            first_attempt = true

            each_credential do |credential|
@ -213,6 +214,14 @@ module Metasploit
                next
              end

+              # Users that went into the lock-out list
+              if ignored_users.include?(credential.public)
+                if credential.parent.respond_to?(:skipped)
+                  credential.parent.skipped = true
+                end
+                next
+              end
+
              if first_attempt
                first_attempt = false
              else
@ -228,6 +237,10 @@ module Metasploit
                consecutive_error_count = 0
                successful_users << credential.public
                break if stop_on_success
+              elsif result.status == Metasploit::Model::Login::Status::LOCKED_OUT
+                ignored_users << credential.public
+              elsif result.status == Metasploit::Model::Login::Status::DISABLED
+                ignored_users << credential.public
              else
                if result.status == Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
                  consecutive_error_count += 1
--- a/modules/auxiliary/scanner/smb/smb_login.rb
+++ b/modules/auxiliary/scanner/smb/smb_login.rb
@ -123,8 +123,13 @@ class MetasploitModule < Msf::Auxiliary
    @scanner.scan! do |result|
      case result.status
      when Metasploit::Model::Login::Status::LOCKED_OUT
-        print_error("Account lockout detected on '#{result.credential}'")
-        return if datastore['ABORT_ON_LOCKOUT']
+        if datastore['ABORT_ON_LOCKOUT']
+          print_error("Account lockout detected on '#{result.credential.public}', aborting.")
+          return
+        else
+          print_error("Account lockout detected on '#{result.credential.public}', skipping this user.")
+        end
+
      when Metasploit::Model::Login::Status::DENIED_ACCESS
        print_brute :level => :status, :ip => ip, :msg => "Correct credentials, but unable to login: '#{result.credential}', #{result.proof}"
        report_creds(ip, rport, result)