Land #7672, support LOCKED_OUT and DISABLED login status
commit
f74fd9e5dd
|
@ -199,6 +199,7 @@ module Metasploit
|
||||||
total_error_count = 0
|
total_error_count = 0
|
||||||
|
|
||||||
successful_users = Set.new
|
successful_users = Set.new
|
||||||
|
ignored_users = Set.new
|
||||||
first_attempt = true
|
first_attempt = true
|
||||||
|
|
||||||
each_credential do |credential|
|
each_credential do |credential|
|
||||||
|
@ -213,6 +214,14 @@ module Metasploit
|
||||||
next
|
next
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Users that went into the lock-out list
|
||||||
|
if ignored_users.include?(credential.public)
|
||||||
|
if credential.parent.respond_to?(:skipped)
|
||||||
|
credential.parent.skipped = true
|
||||||
|
end
|
||||||
|
next
|
||||||
|
end
|
||||||
|
|
||||||
if first_attempt
|
if first_attempt
|
||||||
first_attempt = false
|
first_attempt = false
|
||||||
else
|
else
|
||||||
|
@ -228,6 +237,10 @@ module Metasploit
|
||||||
consecutive_error_count = 0
|
consecutive_error_count = 0
|
||||||
successful_users << credential.public
|
successful_users << credential.public
|
||||||
break if stop_on_success
|
break if stop_on_success
|
||||||
|
elsif result.status == Metasploit::Model::Login::Status::LOCKED_OUT
|
||||||
|
ignored_users << credential.public
|
||||||
|
elsif result.status == Metasploit::Model::Login::Status::DISABLED
|
||||||
|
ignored_users << credential.public
|
||||||
else
|
else
|
||||||
if result.status == Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
|
if result.status == Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
|
||||||
consecutive_error_count += 1
|
consecutive_error_count += 1
|
||||||
|
|
|
@ -55,7 +55,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
Opt::Proxies,
|
Opt::Proxies,
|
||||||
OptBool.new('ABORT_ON_LOCKOUT', [ true, "Abort the run when an account lockout is detected", true ]),
|
OptBool.new('ABORT_ON_LOCKOUT', [ true, "Abort the run when an account lockout is detected", false ]),
|
||||||
OptBool.new('PRESERVE_DOMAINS', [ false, "Respect a username that contains a domain name.", true ]),
|
OptBool.new('PRESERVE_DOMAINS', [ false, "Respect a username that contains a domain name.", true ]),
|
||||||
OptBool.new('RECORD_GUEST', [ false, "Record guest-privileged random logins to the database", false ]),
|
OptBool.new('RECORD_GUEST', [ false, "Record guest-privileged random logins to the database", false ]),
|
||||||
OptBool.new('DETECT_ANY_AUTH', [false, 'Enable detection of systems accepting any authentication', true])
|
OptBool.new('DETECT_ANY_AUTH', [false, 'Enable detection of systems accepting any authentication', true])
|
||||||
|
@ -123,8 +123,13 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
@scanner.scan! do |result|
|
@scanner.scan! do |result|
|
||||||
case result.status
|
case result.status
|
||||||
when Metasploit::Model::Login::Status::LOCKED_OUT
|
when Metasploit::Model::Login::Status::LOCKED_OUT
|
||||||
print_error("Account lockout detected on '#{result.credential}'")
|
if datastore['ABORT_ON_LOCKOUT']
|
||||||
return if datastore['ABORT_ON_LOCKOUT']
|
print_error("Account lockout detected on '#{result.credential.public}', aborting.")
|
||||||
|
return
|
||||||
|
else
|
||||||
|
print_error("Account lockout detected on '#{result.credential.public}', skipping this user.")
|
||||||
|
end
|
||||||
|
|
||||||
when Metasploit::Model::Login::Status::DENIED_ACCESS
|
when Metasploit::Model::Login::Status::DENIED_ACCESS
|
||||||
print_brute :level => :status, :ip => ip, :msg => "Correct credentials, but unable to login: '#{result.credential}', #{result.proof}"
|
print_brute :level => :status, :ip => ip, :msg => "Correct credentials, but unable to login: '#{result.credential}', #{result.proof}"
|
||||||
report_creds(ip, rport, result)
|
report_creds(ip, rport, result)
|
||||||
|
|
Loading…
Reference in New Issue