diff --git a/modules/auxiliary/scanner/smb/smb_login.rb b/modules/auxiliary/scanner/smb/smb_login.rb index 25e2e4be3a..8435d1b086 100644 --- a/modules/auxiliary/scanner/smb/smb_login.rb +++ b/modules/auxiliary/scanner/smb/smb_login.rb @@ -147,14 +147,19 @@ class Metasploit3 < Msf::Auxiliary if(simple.client.auth_user) print_good("#{rhost} - SUCCESSFUL LOGIN (#{smb_peer_os}) '#{user}' : '#{pass}'") - report_auth_info( + report_hash = { :host => rhost, :proto => 'smb', :user => user, - :pass => pass, :target_host => rhost, :target_port => datastore['RPORT'] - ) + } + if pass =~ /[0-9a-fA-F]{32}:[0-9a-fA-F]{32}/ + report_hash.merge!({:hash => pass}) + else + report_hash.merge!({:pass => pass}) + end + report_auth_info(report_hash) else # Samba has two interesting behaviors: # 1) Invalid users receive a guest login diff --git a/modules/exploits/windows/smb/psexec.rb b/modules/exploits/windows/smb/psexec.rb index 0f798065b4..216a11f7e1 100644 --- a/modules/exploits/windows/smb/psexec.rb +++ b/modules/exploits/windows/smb/psexec.rb @@ -81,6 +81,11 @@ class Metasploit3 < Msf::Exploit::Remote OptString.new('SMBUser', [ true, 'The username to authenticate as', "Administrator"]), OptString.new('SMBPass', [ false, 'The password for the specified username', ""]) ], self.class) + + register_advanced_options( + [ + OptBool.new('DB_REPORT_AUTH', [true, "Report an auth_note upon a successful connection", true]) + ], self.class) end @@ -105,14 +110,16 @@ class Metasploit3 < Msf::Exploit::Remote return end - report_auth_info( - :host => datastore['RHOST'], - :proto => 'SMB', - :user => datastore['SMBUser'], - :pass => datastore['SMBPass'], - :target_host => datastore['RHOST'], - :target_port => datastore['RPORT'] - ) + if datastore['DB_REPORT_AUTH'] + report_auth_info( + :host => datastore['RHOST'], + :proto => 'SMB', + :user => datastore['SMBUser'], + :pass => datastore['SMBPass'], + :target_host => datastore['RHOST'], + :target_port => datastore['RPORT'] + ) + end # Upload the shellcode to a file print_status("Uploading payload...")