Remove the TDSENCRYPTION Guard Clause

[zeroSteiner]

Now that #18745 is closed, this guard clause is no longer required. TDSENCRYPTION is compatible with sessions now, so we should allow users to configure it.

I should have included this change in #20677 but I didn't run into it because I was focused on the issue that'd occur when TDSENCRYPTION was false but the server required it.

Verification

List the steps needed to make sure this thing works

• Start msfconsole
• use auxiliary/scanner/mssql/mssql_login
• Target a server that is configured with SSL, set TDSENCRYPTION and CreateSession to true
• See that the options are compatible now and the session works just fine

[cgranleese-r7]

Tested and everything works as expected 👍

msf auxiliary(scanner/mssql/mssql_login) > options

Module options (auxiliary/scanner/mssql/mssql_login):

   Name                  Current Setting      Required  Description
   ----                  ---------------      --------  -----------
   ANONYMOUS_LOGIN       false                yes       Attempt to login with a blank username and password
   BLANK_PASSWORDS       true                 no        Try blank passwords for all users
   BRUTEFORCE_SPEED      5                    yes       How fast to bruteforce, from 0 to 5
   CreateSession         true                 no        Create a new session for every successful login
   DB_ALL_CREDS          false                no        Try each user/password couple stored in the current database
   DB_ALL_PASS           false                no        Add all passwords in the current database to the list
   DB_ALL_USERS          false                no        Add all users in the current database to the list
   DB_SKIP_EXISTING      none                 no        Skip existing credentials stored in the current database (Accepted: none, user, user&realm)
   PASSWORD              YourStrong!Passw0rd  no        A specific password to authenticate with
   PASS_FILE                                  no        File containing passwords, one per line
   Proxies                                    no        A proxy chain of format type:host:port[,type:host:port][...]. Supported proxies: socks5h, http, sapni, socks4, socks5
   RHOSTS                localhost            yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT                 1433                 yes       The target port (TCP)
   STOP_ON_SUCCESS       false                yes       Stop guessing when a credential works for a host
   ShowSuccessfulLogins  true                 no        Outputs a table of successful logins
   TDSENCRYPTION         true                 yes       Use TLS/SSL for TDS data "Force Encryption"
   THREADS               1                    yes       The number of concurrent threads (max one per host)
   USERNAME              sa                   no        A specific username to authenticate as
   USERPASS_FILE                              no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS          false                no        Try the username as the password for all users
   USER_FILE                                  no        File containing usernames, one per line
   VERBOSE               true                 yes       Whether to print output for all attempts


View the full module info with the info, or info -d command.

msf auxiliary(scanner/mssql/mssql_login) > run
[*] 127.0.0.1:1433        - MSSQL - Starting authentication scanner.
[+] 127.0.0.1:1433        - Login Successful: sa:YourStrong!Passw0rd
[*] MSSQL session 3 opened (127.0.0.1:61574 -> 127.0.0.1:1433) at 2025-12-11 10:45:46 +0000
[*] Scanned 1 of 2 hosts (50% complete)
[*] [::1]:1433            - MSSQL - Starting authentication scanner.
[+] [::1]:1433            - Login Successful: sa:YourStrong!Passw0rd
[*] MSSQL session 4 opened (::1:61578 -> ::1:1433) at 2025-12-11 10:45:46 +0000
[*] Scanned 2 of 2 hosts (100% complete)
[*] Scan completed, 2 credentials were successful.

Successful logins
=================

    Host       Public  Private
    ----       ------  -------
    127.0.0.1  sa      YourStrong!Passw0rd
    ::1        sa      YourStrong!Passw0rd


[*] 2 sessions were opened successfully.
[*] Bruteforce completed, 2 credentials were successful.
[*] 2 MSSQL sessions were opened successfully.
[*] Auxiliary module execution completed
msf auxiliary(scanner/mssql/mssql_login) > sessions -i -1
[*] Starting interaction with 4...

mssql @ [::1]:1433 (master) > query help
Usage: query

Run a single SQL query on the target.

OPTIONS:

    -h, --help      Help menu.
    -i, --interact  Enter an interactive prompt for running multiple SQL queries

Examples:

    query select @@version;
    query select user_name();
    query select name from master.dbo.sysdatabases;

mssql @ [::1]:1433 (master) > query select @@version;
Response
========

    #  NULL
    -  ----
    0  Microsoft SQL Server 2022 (RTM-CU18) (KB5050771) - 16.0.4185.3 (X64)
	Feb 28 2025 18:24:49
	Copyright (C) 2022 Microsoft Corporation
	Developer Edition (64-bit) on Linux (Ubuntu
       22.04.5 LTS) <X64>

mssql @ [::1]:1433 (master) >