If you are using Metasploit and have ever tried running the smb_login module against a Windows XP box, chances are high that you have encountered the following error message.
This will happen if you are running Windows XP in a non-domain environment. When running in non-domain environments, Windows authenticates all network logon requests to be authenticated as Guest instead of the local user account.
To fix this,
Start -> Run gpedit.msc Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
And in there, change the value of
Network access : Sharing and security model for local accounts,
Guest only - local users authenticate as Guest to Classic - local users authenticate as themselves
That’s it, and you are done.
Running the scan again, results in success.
2 thoughts on “Metasploit smb_login fails with status_logon_failure”
can someone explain what happens while we are changing it.
From the Microsoft website,
When the value of this policy setting is Guest only – local users authenticate as Guest, any user who can access your computer over the network does so with Guest user rights. This means that they will probably be unable to write to shared folders. Although this does increase security, it makes it impossible for authorized users to access shared resources on those systems. When the value is Classic – local users authenticate as themselves, local accounts must be password-protected; otherwise, anyone can use those user accounts to access shared system resources.
Hope this helps!