easy_win: false positives in brute force when null session is enabled

[sowdust]

When brute forcing a share with null session enabled, the tool attempts to login and then enumerate the shares:

• in case of a valid user name and a wrong password, this results in an error (hence the possibility of enumerating users this way)
• in case of an invalid username, the shares might be provided, and the tool will mark the non-existing user and the password used as valid credentials.