From 8d187b272d8e394436a57690f21a130ca77f09c1 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <todb@metasploit.com>
Date: Tue, 21 Aug 2012 16:13:00 -0500
Subject: [PATCH] Some error handling on ntlm relayer

Instead of a cryptic exception, let the user know if the HTTP target
isn't actually asking for WWW-Authenticate.

There are likely many more opportunities to catch errors, but this is
the most obvious.
---
 modules/auxiliary/server/http_ntlmrelay.rb | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/auxiliary/server/http_ntlmrelay.rb b/modules/auxiliary/server/http_ntlmrelay.rb
index 33a2f119b3..05f26ef511 100644
--- a/modules/auxiliary/server/http_ntlmrelay.rb
+++ b/modules/auxiliary/server/http_ntlmrelay.rb
@@ -143,7 +143,14 @@ class Metasploit3 < Msf::Auxiliary
 			case protocol
 				when 'HTTP'
 					resp, ser_sock = http_relay_toserver(hash)
-					t2hash = resp.headers["WWW-Authenticate"].split(" ")[1]
+					if resp.headers["WWW-Authenticate"]
+						t2hash = resp.headers["WWW-Authenticate"].split(" ")[1]
+					else
+						print_error "#{rhost} is not requesting authentication."
+						cli_sock.close
+						ser_sock.close
+						return false
+					end
 				when 'SMB'
 					t2hash, ser_sock = smb_relay_toservert1(hash)
 			end