From 5856874ceaec25ed8e654466dc664f3c1fde8d53 Mon Sep 17 00:00:00 2001
From: David Maloney <DMaloney@rapid7.com>
Date: Wed, 12 Dec 2012 14:18:41 -0600
Subject: [PATCH] Login check fixes for exploit

---
 .../exploits/windows/winrm/winrm_script_exec.rb | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/modules/exploits/windows/winrm/winrm_script_exec.rb b/modules/exploits/windows/winrm/winrm_script_exec.rb
index 5af2b88253..ccdd7aeb95 100644
--- a/modules/exploits/windows/winrm/winrm_script_exec.rb
+++ b/modules/exploits/windows/winrm/winrm_script_exec.rb
@@ -56,7 +56,9 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		register_options(
 			[
-				OptBool.new('FORCE_VBS', [ true, 'Force the module to use the VBS CmdStager', false])
+				OptBool.new('FORCE_VBS', [ true, 'Force the module to use the VBS CmdStager', false]),
+				OptString.new('USERNAME', [ true, 'A specific username to authenticate as' ]),
+				OptString.new('PASSWORD', [ true, 'A specific password to authenticate with' ]),
 			], self.class
 		)
 
@@ -82,6 +84,10 @@ class Metasploit3 < Msf::Exploit::Remote
 		unless  check == Msf::Exploit::CheckCode::Vulnerable
 			return
 		end
+		unless valid_login?
+			print_error "Login Failure. Recheck your credentials"
+			return
+		end
 		if powershell2?
 			path = upload_script
 			return if path.nil?
@@ -243,4 +249,13 @@ class Metasploit3 < Msf::Exploit::Remote
 		return false
 	end
 
+	def valid_login?
+		data = winrm_wql_msg("Select Name,Status from Win32_Service")
+		resp,c = send_request_ntlm(data)
+		unless resp.code == 200
+			return false
+		end
+		return true
+	end
+
 end