Some error handling on ntlm relayer

Instead of a cryptic exception, let the user know if the HTTP target
isn't actually asking for WWW-Authenticate.

There are likely many more opportunities to catch errors, but this is
the most obvious.
unstable
Tod Beardsley 2012-08-21 16:13:00 -05:00
parent 635710402b
commit 8d187b272d
1 changed files with 8 additions and 1 deletions

View File

@ -143,7 +143,14 @@ class Metasploit3 < Msf::Auxiliary
case protocol
when 'HTTP'
resp, ser_sock = http_relay_toserver(hash)
t2hash = resp.headers["WWW-Authenticate"].split(" ")[1]
if resp.headers["WWW-Authenticate"]
t2hash = resp.headers["WWW-Authenticate"].split(" ")[1]
else
print_error "#{rhost} is not requesting authentication."
cli_sock.close
ser_sock.close
return false
end
when 'SMB'
t2hash, ser_sock = smb_relay_toservert1(hash)
end