From 66e3ac4c76e38e63837416bfcff46717b9a9d41b Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Mon, 26 Feb 2018 17:57:31 -0600
Subject: [PATCH 1/2] treat 'password must change' as a successful login

---
 lib/metasploit/framework/login_scanner/smb.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/metasploit/framework/login_scanner/smb.rb b/lib/metasploit/framework/login_scanner/smb.rb
index 35df51392c..070ac440b4 100644
--- a/lib/metasploit/framework/login_scanner/smb.rb
+++ b/lib/metasploit/framework/login_scanner/smb.rb
@@ -120,7 +120,7 @@ module Metasploit
             case status_code.name
               when *StatusCodes::CORRECT_CREDENTIAL_STATUS_CODES
                 status = Metasploit::Model::Login::Status::DENIED_ACCESS
-              when 'STATUS_SUCCESS'
+              when 'STATUS_SUCCESS', 'STATUS_PASSWORD_MUST_CHANGE'
                 status = Metasploit::Model::Login::Status::SUCCESSFUL
               when 'STATUS_ACCOUNT_LOCKED_OUT'
                 status = Metasploit::Model::Login::Status::LOCKED_OUT

From 9597e5294d1e11e8124afb593b50695f74b628b8 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Tue, 27 Feb 2018 15:21:21 -0600
Subject: [PATCH 2/2] treat MUST_CHANGE + PASSWORD_EXPIRED as valid

---
 lib/metasploit/framework/login_scanner/smb.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/metasploit/framework/login_scanner/smb.rb b/lib/metasploit/framework/login_scanner/smb.rb
index 070ac440b4..daf3e6c808 100644
--- a/lib/metasploit/framework/login_scanner/smb.rb
+++ b/lib/metasploit/framework/login_scanner/smb.rb
@@ -118,14 +118,14 @@ module Metasploit
             end
 
             case status_code.name
-              when *StatusCodes::CORRECT_CREDENTIAL_STATUS_CODES
-                status = Metasploit::Model::Login::Status::DENIED_ACCESS
-              when 'STATUS_SUCCESS', 'STATUS_PASSWORD_MUST_CHANGE'
+              when 'STATUS_SUCCESS', 'STATUS_PASSWORD_MUST_CHANGE', 'STATUS_PASSWORD_EXPIRED'
                 status = Metasploit::Model::Login::Status::SUCCESSFUL
               when 'STATUS_ACCOUNT_LOCKED_OUT'
                 status = Metasploit::Model::Login::Status::LOCKED_OUT
               when 'STATUS_LOGON_FAILURE', 'STATUS_ACCESS_DENIED'
                 status = Metasploit::Model::Login::Status::INCORRECT
+              when *StatusCodes::CORRECT_CREDENTIAL_STATUS_CODES
+                status = Metasploit::Model::Login::Status::DENIED_ACCESS
               else
                 status = Metasploit::Model::Login::Status::INCORRECT
             end