diff --git a/nselib/mssql.lua b/nselib/mssql.lua index a5e9cb76c..2d4723308 100644 --- a/nselib/mssql.lua +++ b/nselib/mssql.lua @@ -619,7 +619,7 @@ LoginPacket = local c = bit.bxor( string.byte( password:sub( i, i ) ), xormask ) local m1= bit.band( bit.rshift( c, 4 ), 0x0F0F ) local m2= bit.band( bit.lshift( c, 4 ), 0xF0F0 ) - result = result .. bin.pack("s", bit.bor( m1, m2 ) ) + result = result .. bin.pack("S", bit.bor( m1, m2 ) ) end return result end, @@ -831,7 +831,7 @@ Helper = -- Let's check for user must change password, it appears as if this is -- reported as ERROR 18488 if ( token.type == TokenType.ErrorMessage and token.errno == 18488 ) then - return true, "Must change password at next logon" + return false, "Must change password at next logon" elseif ( token.type == TokenType.LoginAcknowledgement ) then return true, "Login Success" end diff --git a/scripts/ms-sql-brute.nse b/scripts/ms-sql-brute.nse index b1607eb0b..3bce7b19a 100644 --- a/scripts/ms-sql-brute.nse +++ b/scripts/ms-sql-brute.nse @@ -54,7 +54,7 @@ action = function( host, port ) status, result = helper:Login( username, password, "tempdb", host.ip ) helper:Disconnect() - if status then + if ( status ) or ( "Must change password at next logon" == result ) then -- Add credentials for other mysql scripts to use table.insert( valid_accounts, string.format("%s:%s => %s", username, password:len()>0 and password or "", result ) ) -- don't add accounts that need to change passwords to the registry diff --git a/scripts/ms-sql-hasdbaccess.nse b/scripts/ms-sql-hasdbaccess.nse index 56fa847b5..91d754900 100644 --- a/scripts/ms-sql-hasdbaccess.nse +++ b/scripts/ms-sql-hasdbaccess.nse @@ -127,7 +127,7 @@ action = function( host, port ) helper:Disconnect() - if ( status ) then + if ( status and rs) then result = mssql.Util.FormatOutputTable( rs, true ) result.name = username if ( RS_LIMIT > 0 ) then