infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #10375, DETECT_ANY_AUTH should be false

GSoC/Meterpreter_Web_Console
William Vu 2018-07-25 15:09:19 -05:00
parent a066db339c 1105474fb9
commit 6b10921232
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/auxiliary/scanner/smb/smb_login.rb
View File

@ -56,7 +56,8 @@ class MetasploitModule < Msf::Auxiliary
OptBool.new('ABORT_ON_LOCKOUT', [ true, "Abort the run when an account lockout is detected", false ]),
OptBool.new('PRESERVE_DOMAINS', [ false, "Respect a username that contains a domain name.", true ]),
OptBool.new('RECORD_GUEST', [ false, "Record guest-privileged random logins to the database", false ]),
OptBool.new('DETECT_ANY_AUTH', [false, 'Enable detection of systems accepting any authentication', true])
OptBool.new('DETECT_ANY_AUTH', [false, 'Enable detection of systems accepting any authentication', false]),
OptBool.new('DETECT_ANY_DOMAIN', [false, 'Enable detection of systems accepting any domain for authentication', false])
])
end
@ -202,7 +203,7 @@ class MetasploitModule < Msf::Auxiliary
username: result.credential.public,
}.merge(service_data)
if domain.present?
if datastore['DETECT_ANY_DOMAIN'] && domain.present?
if accepts_bogus_domains?(result.credential.public, result.credential.private)
print_brute(:level => :vstatus, :ip => ip, :msg => "Domain is ignored for user #{result.credential.public}")
else