Finish up the ESC8 check after more research

zeroSteiner · zeroSteiner · commit 6097a6839a6e · 2024-11-12T11:58:57.000-05:00
diff --git a/modules/auxiliary/server/relay/esc8.rb b/modules/auxiliary/server/relay/esc8.rb
@@ -66,10 +66,20 @@ def check_host(target_ip)
     disconnect
 
     return Exploit::CheckCode::Unknown if res.nil?
-    return Exploit::CheckCode::Safe unless res.code == 401
-    return Exploit::CheckCode::Safe unless res.headers['WWW-Authenticate'].include?('NTLM') && res.body.present?
+    unless res.code == 401
+      return Exploit::CheckCode::Safe('The target does not require authentication.')
+    end
+
+    unless res.headers['WWW-Authenticate'].include?('NTLM') && res.body.present?
+      return Exploit::CheckCode::Safe('The target does not support NTLM.')
+    end
 
-    Exploit::CheckCode::Detected('Server replied that authentication is required and NTLM is supported.')
+    if datastore['SSL']
+      # if the target is over SSL, downgrade to "Detected" because Extended Protection for Authentication may or may not be enabled
+      Exploit::CheckCode::Detected('Server replied that authentication is required and NTLM is supported.')
+    else
+      Exploit::CheckCode::Appears('Server replied that authentication is required and NTLM is supported.')
+    end
   end
 
   def validate
