From 38a3b8203e58e5b0609ae2b44cbc7dfdd436329b Mon Sep 17 00:00:00 2001
From: Tod Beardsley <Tod_Beardsley@rapid7.com>
Date: Thu, 18 Feb 2010 18:11:18 +0000
Subject: [PATCH] Properly checking for credential duplication.

git-svn-id: file:///home/svn/framework3/trunk@8551 4d416f70-5f16-0410-b530-b9f4589650da
---
 modules/auxiliary/scanner/mysql/mysql_login.rb | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/modules/auxiliary/scanner/mysql/mysql_login.rb b/modules/auxiliary/scanner/mysql/mysql_login.rb
index 6bbf7ea43a..bba7727c83 100644
--- a/modules/auxiliary/scanner/mysql/mysql_login.rb
+++ b/modules/auxiliary/scanner/mysql/mysql_login.rb
@@ -39,12 +39,15 @@ class Metasploit3 < Msf::Auxiliary
 
 	def run_host(ip)
 		each_user_pass { |user, pass|
-			do_login(user, pass, datastore['VERBOSE'])
+			this_cred = [user,ip,rport].join(":")
+			next if self.credentials_tried[this_cred] == pass || self.credentials_good[this_cred]
+			self.credentials_tried[this_cred] = pass
+			do_login(user, pass, this_cred, datastore['VERBOSE'])
 		}
 	end
 
 
-	def do_login(user='root', pass='', verbose=false)
+	def do_login(user='root', pass='', this_cred = '', verbose=false)
 
 		print_status("Trying username:'#{user}' with password:'#{pass}' against #{rhost}:#{rport}") if verbose
 		begin
@@ -58,7 +61,7 @@ class Metasploit3 < Msf::Auxiliary
 				:targ_host => rhost,
 				:targ_port => rport
 			)
-			return :next_user
+			self.credentials_good[this_cred] = pass
 		rescue ::RbMysql::AccessDeniedError
 			print_status("#{rhost}:#{rport} failed to login as '#{user}' with password '#{pass}'") if verbose
 			return :fail