Prevent calling match when there is no WWW-auth header

jhart-r7 · jhart-r7 · commit ba5035c7ef69 · 2014-10-28T17:13:57.000-07:00
diff --git a/modules/auxiliary/scanner/http/owa_login.rb b/modules/auxiliary/scanner/http/owa_login.rb
@@ -302,7 +302,7 @@ def get_ad_domain
         next
       end
 
-      if res and res.code == 401 and res['WWW-Authenticate'].match(/^NTLM/i)
+      if res && res.code == 401 && res.headers.has_key?('WWW-Authenticate') && res.headers['WWW-Authenticate'].match(/^NTLM/i)
         hash = res['WWW-Authenticate'].split('NTLM ')[1]
         domain = Rex::Proto::NTLM::Message.parse(Rex::Text.decode_base64(hash))[:target_name].value().gsub(/\0/,'')
         print_good("Found target domain: " + domain)
