From 94e4dc2938453451ab4d3118913746cc65a3998b Mon Sep 17 00:00:00 2001
From: David Maloney <DMaloney@rapid7.com>
Date: Thu, 18 May 2017 11:26:03 -0500
Subject: [PATCH] fix for smb_login errors

do not try the TreeConnect if the SESSION_SETUP
has already failed.
---
 Gemfile.lock                                  |  2 +-
 lib/metasploit/framework/login_scanner/smb.rb | 26 ++++++++++---------
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index d985b82e0c..bcb63179a0 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -343,7 +343,7 @@ GEM
       rspec-mocks (~> 3.6.0)
       rspec-support (~> 3.6.0)
     rspec-support (3.6.0)
-    ruby_smb (0.0.12)
+    ruby_smb (0.0.14)
       bindata
       rubyntlm
       windows_error
diff --git a/lib/metasploit/framework/login_scanner/smb.rb b/lib/metasploit/framework/login_scanner/smb.rb
index 68ba6b8c15..35df51392c 100644
--- a/lib/metasploit/framework/login_scanner/smb.rb
+++ b/lib/metasploit/framework/login_scanner/smb.rb
@@ -100,19 +100,21 @@ module Metasploit
             client      = RubySMB::Client.new(self.dispatcher, username: username, password: password, domain: realm)
             status_code = client.login
 
-            # Windows SMB will return an error code during Session
-            # Setup, but nix Samba requires a Tree Connect. Try admin$
-            # first, since that will tell us if this user has local
-            # admin access. Fall back to IPC$ which should be accessible
-            # to any user with valid creds.
-            begin
-              tree = client.tree_connect("\\\\#{host}\\admin$")
-              # Check to make sure we can write a file to this dir
-              if tree.permissions.add_file == 1
-                access_level = AccessLevels::ADMINISTRATOR
+            if status_code == WindowsError::NTStatus::STATUS_SUCCESS
+              # Windows SMB will return an error code during Session
+              # Setup, but nix Samba requires a Tree Connect. Try admin$
+              # first, since that will tell us if this user has local
+              # admin access. Fall back to IPC$ which should be accessible
+              # to any user with valid creds.
+              begin
+                tree = client.tree_connect("\\\\#{host}\\admin$")
+                # Check to make sure we can write a file to this dir
+                if tree.permissions.add_file == 1
+                  access_level = AccessLevels::ADMINISTRATOR
+                end
+              rescue Exception => e
+                client.tree_connect("\\\\#{host}\\IPC$")
               end
-            rescue Exception => e
-              client.tree_connect("\\\\#{host}\\IPC$")
             end
 
             case status_code.name