Fixed a bug in smb-brute that wouldn't detect properly if an account became locked out, and would proceed to lock out every account. It was a totally braindead mistake on my part, I don't know how I did it, but I got a condition backwards. It's fixed now, though\!

scripts/smb-brute.nse

@@ -380,6 +380,24 @@ function is_positive_result(hostinfo, result)
 	return true
 end
 
+---Determines whether or not a login was "bad". A bad login is one where an account becomes locked out. 
+--
+--@param hostinfo The hostinfo table. 
+--@param result   The result code. 
+--@return <code>true</code> if the password used for logging in was correct, <code>false</code> otherwise. Keep
+--        in mind that this doesn't imply the login was successful (only results.SUCCESS indicates that), rather
+--        that the password was valid. 
+
+function is_bad_result(hostinfo, result)
+	-- If result is LOCKED, it's always bad. 
+	if(result == results.ACCOUNT_LOCKED or result == results.ACCOUNT_LOCKED_NOW) then
+		return true
+	end
+
+	-- Otherwise, it's good
+	return false
+end
+
 ---Count the number of one bits in a binary representation of the given number. This is used for case-sensitive
 -- checks. 
 --
@@ -937,10 +955,8 @@ local function go(host)
 --io.write(string.format("%s:%s\n", username, password))
 			local result = check_login(hostinfo, username, password, get_type(hostinfo))
 
-			if(is_positive_result(hostinfo, result)) then
+			-- Check if the username was locked out
-
+			if(is_bad_result(hostinfo, result)) then
-				-- First, the special case -- a lockout occurred (bad news!)
-				if(result == results.ACCOUNT_LOCKED) then
 				-- Add it to the list of locked usernames
 				hostinfo['locked_usernames'][username] = true
 
@@ -961,6 +977,7 @@ local function go(host)
 				end
 			end
 
+			if(is_positive_result(hostinfo, result)) then
 				-- Reset the connection
 				stdnse.print_debug(2, "smb-brute: Found an account; resetting connection")
 				status, err = restart_session(hostinfo)