Finish up the ESC8 check after more research

Author: zeroSteiner

modules/auxiliary/server/relay/esc8.rb

@@ -66,10 +66,20 @@ def check_host(target_ip)
     disconnect
 
     return Exploit::CheckCode::Unknown if res.nil?
-    return Exploit::CheckCode::Safe unless res.code == 401
-    return Exploit::CheckCode::Safe unless res.headers['WWW-Authenticate'].include?('NTLM') && res.body.present?
+    unless res.code == 401
+      return Exploit::CheckCode::Safe('The target does not require authentication.')
+    end
+
+    unless res.headers['WWW-Authenticate'].include?('NTLM') && res.body.present?
+      return Exploit::CheckCode::Safe('The target does not support NTLM.')
+    end
 
-    Exploit::CheckCode::Detected('Server replied that authentication is required and NTLM is supported.')
+    if datastore['SSL']
+      # if the target is over SSL, downgrade to "Detected" because Extended Protection for Authentication may or may not be enabled
+      Exploit::CheckCode::Detected('Server replied that authentication is required and NTLM is supported. Target is over SSL, Extended Protection for Authentication (EPA) may or may not be enabled.')
+    else
+      Exploit::CheckCode::Appears('Server replied that authentication is required and NTLM is supported.')
+    end
   end
 
   def validate