fixed bug in authentication encryption function as reported by Sergey

http://seclists.org/nmap-dev/2010/q4/83

changed the way the library reports "Must change password at next logon"
fixed bug in ms-sql-hasdbaccess that would occur if no rows were returned
[Patrik]

nselib/mssql.lua

@@ -619,7 +619,7 @@ LoginPacket =
 			local c = bit.bxor( string.byte( password:sub( i, i ) ), xormask )
 			local m1= bit.band( bit.rshift( c, 4 ), 0x0F0F )
 			local m2= bit.band( bit.lshift( c, 4 ), 0xF0F0 )
-			result = result .. bin.pack("s", bit.bor( m1, m2 ) )
+			result = result .. bin.pack("S", bit.bor( m1, m2 ) )
 		end
 		return result
 	end,
@@ -831,7 +831,7 @@ Helper =
 			-- Let's check for user must change password, it appears as if this is
 			-- reported as ERROR 18488		
 			if ( token.type == TokenType.ErrorMessage and token.errno == 18488 ) then
-				return true, "Must change password at next logon"
+				return false, "Must change password at next logon"
 			elseif ( token.type == TokenType.LoginAcknowledgement ) then
 				return true, "Login Success"
 			end

scripts/ms-sql-brute.nse

@@ -54,7 +54,7 @@ action = function( host, port )
 			status, result = helper:Login( username, password, "tempdb", host.ip )			
 			helper:Disconnect()
 			
-			if status then				
+			if ( status ) or ( "Must change password at next logon" == result ) then				
 				-- Add credentials for other mysql scripts to use
 				table.insert( valid_accounts, string.format("%s:%s => %s", username, password:len()>0 and password or "<empty>", result ) )
 				-- don't add accounts that need to change passwords to the registry

scripts/ms-sql-hasdbaccess.nse

@@ -127,7 +127,7 @@ action = function( host, port )
 		
 		helper:Disconnect()
 
-		if ( status ) then
+		if ( status and rs) then
 			result = mssql.Util.FormatOutputTable( rs, true )
 			result.name = username
 			if ( RS_LIMIT > 0 ) then