thc-hydra icon indicating copy to clipboard operation
thc-hydra copied to clipboard

Published 20 hours ago verified publisher icon vanhauser-thc

fix smb password expired vs account expired confusion

Open tothi opened this issue 1 year ago • 4 comments

  • If SMB password is MUST_CHANGE or EXPIRED, it is still valid, it is possible to change it remotely, so it should be returned as valid.
  • If the account is EXPIRED, it is no longer usable, even if the password is ok. It should be returned as invalid.

Testing is in this thread: https://twitter.com/an0n_r0/status/1731109539204710416

Originally Hydra returned valid if the account was expired but invalid if the password was expired. It is wrong, it should be exactly the opposite: valid if password was expired, but invalid if account was expired.

tothi avatar Dec 05 '23 00:12 tothi

looks good just one minor nit

vanhauser-thc avatar Dec 05 '23 08:12 vanhauser-thc

@tothi can you please fix the "Error" string to "Information" so I can merge this? thanks you

vanhauser-thc avatar Jan 10 '24 12:01 vanhauser-thc

Carynw_ Instagram password

PoesJakals avatar Feb 25 '24 19:02 PoesJakals

added some logging fix. sorry for the super long delay, totally forgot it :)

tothi avatar Feb 29 '24 01:02 tothi