dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes more style and API usage issues 

git-svn-id: file:///home/svn/framework3/trunk@11863 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
David Rude 2011-03-02 18:46:00 +00:00
parent 3b5c467c47
commit 2a90817b80
8 changed files with 137 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb
View File

@ -40,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
OptString.new('LFILE', [true, 'Set path to save output to file', 'abapsyslog']),
], self.class)
register_autofilter_ports([ 50013 ])
deregister_options('RHOST')
deregister_options('RHOST', 'LFILE')
end
def rport
@ -60,7 +60,7 @@ class Metasploit3 < Msf::Auxiliary
def extractabap(rhost)
verbose = datastore['VERBOSE']
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
print_status("#{rhost}:#{rhost} [SAP] Connecting to SAP Management Console SOAP Interface")
success = false
soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
@ -99,33 +99,26 @@ class Metasploit3 < Msf::Auxiliary
elsif res.code == 500
case res.body
when /<faultstring>(.*)<\/faultstring>/i
faultcode = "#{$1}"
faultcode = $1.strip
fault = true
end
end
rescue ::Rex::ConnectionError
print_error("[SAP] Unable to attempt authentication")
return :abort
print_error("#{rhost}:#{rhost} [SAP] Unable to connect")
return
end
if success
print_status("[SAP] ABAP syslog downloading to: #{datastore['LFILE']}")
outputfile = datastore['LFILE'] + "_" + datastore['RHOST']
print_status("Writing local file " + outputfile + " in XML format")
File.open(outputfile,'ab') do |f|
f << res.body
end
print_good("Saved file " + outputfile)
print_status("#{rhost}:#{rport} [SAP] ABAP syslog downloading")
print_status("#{rhost}:#{rport} [SAP] Storing looted SAP ABAP syslog XML file")
store_loot("sap.abap.syslog", "text/xml", rhost, res.body, "sap_abap_syslog.xml", "SAP ABAP syslog")
elsif fault
print_error("[SAP] Errorcode: #{faultcode}")
print_error("#{rhost}:#{rport} [SAP] Errorcode: #{faultcode}")
return
else
print_error("[SAP] failed to access ABAPSyslog")
print_error("#{rhost}:#{rport} [SAP] failed to access ABAPSyslog")
return
end
end

19
modules/auxiliary/scanner/sap/sap_mgmt_con_brute.rb → modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb
View File

@ -59,7 +59,7 @@ class Metasploit3 < Msf::Auxiliary
print_status("SAPSID set to '#{datastore['SAP_SID']}' - Using provided wordlist without modification")
else
print_status("SAPSID set to '#{datastore['SAP_SID']}' - Setting default SAP wordlist")
datastore['USER_FILE'] = '/opt/metasploit3/msf3/data/wordlists/sap_common.txt'
datastore['USER_FILE'] = Msf::Config.data_directory + '/wordlists/sap_common.txt'
end
end
@ -70,7 +70,7 @@ class Metasploit3 < Msf::Auxiliary
end
def enum_user(user, pass)
if datastore['USER_FILE'] == '/opt/metasploit3/msf3/data/wordlists/sap_common.txt' and datastore['SAP_SID']
if datastore['USER_FILE'] == Msf::Config.data_directory + '/wordlists/sap_common.txt' and datastore['SAP_SID']
user = user.gsub("<SAPSID>", datastore["SAP_SID"].downcase)
pass = pass.gsub("<SAPSID>", datastore["SAP_SID"])
end
@ -132,31 +132,32 @@ class Metasploit3 < Msf::Auxiliary
end
rescue ::Rex::ConnectionError
print_error("[SAP #{rhost}] Unable to attempt authentication")
print_error("#{rhost}:#{rport} [SAP #{rhost}] Unable to connect")
return
end
if success
print_good("[SAP Management Console] Successful login '#{user}' password: '#{pass}'")
print_good("#{rhost}:#{rport} [SAP Management Console] Successful login '#{user}' password: '#{pass}'")
if permission
vprint_good("[SAP Management Console] Login '#{user}' authorized to perform OSExecute calls")
vprint_good("#{rhost}:#{rport} [SAP Management Console] Login '#{user}' authorized to perform OSExecute calls")
else
vprint_error("[SAP Management Console] Login '#{user}' NOT authorized to perform OSExecute calls")
vprint_error("#{rhost}:#{rport} [SAP Management Console] Login '#{user}' NOT authorized to perform OSExecute calls")
end
report_auth_info(
:host => rhost,
:proto => 'tcp',
:sname => 'sap-managementconsole',
:proto => 'tcp',
:port => rport,
:user => user,
:pass => pass,
:target_host => rhost,
:target_port => rport
)
return :next_user
return
else
vprint_error("[SAP Management Console] failed to login as '#{user}' password: '#{pass}'")
vprint_error("#{rhost}:#{rport} [SAP Management Console] failed to login as '#{user}' password: '#{pass}'")
return
end
end

41
modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb
View File

@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
def extractusers(rhost)
verbose = datastore['VERBOSE']
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
print_status("#{rhost}:#{rhost} [SAP] Connecting to SAP Management Console SOAP Interface")
success = false
soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
@ -100,16 +100,12 @@ class Metasploit3 < Msf::Auxiliary
env = []
if res.code == 200
case res.body
when nil
# Nothing
when /<User>([^<]+)<\/User>/i
body = []
body = res.body
users = body.scan(/<User>([^<]+)<\/User>/i)
users = users.uniq
success = true
end
body = []
body = res.body unless res.body.nil?
users = body.scan(/<User>([^<]+)<\/User>/i)
users = users.uniq
success = true
else res.code == 500
case res.body
when /<faultstring>(.*)<\/faultstring>/i
@ -119,27 +115,26 @@ class Metasploit3 < Msf::Auxiliary
end
rescue ::Rex::ConnectionError
print_error("[SAP] Unable to attempt authentication")
print_error("#{rhost}:#{rport} [SAP] Unable to attempt authentication on #{rhost}:#{rport}")
return
end
if success
print_good("[SAP] Users Extracted: #{users.length} entries extracted from #{rhost}:#{rport}")
users.each do |output|
print_good("#{output}")
report_note(
:host => '#{rhost}',
:proto => 'SOAP',
:port => '#{rport}',
:type => 'SAP',
:data => "#{output}")
print_good("#{rhost}#{rport} [SAP] Users Extracted: #{users.length} entries extracted from #{rhost}:#{rport}")
report_note(
:host => rhost,
:proto => 'tcp',
:port => rport,
:type => 'sap.users',
:data => {:proto => "soap", :users => users},
:update => :unique_data )
end
return
elsif fault
print_error("[SAP] Errorcode: #{faultcode}")
print_error("#{rhost}:#{rport} [SAP] Errorcode: #{faultcode}")
return
else
print_error("[SAP] failed to access ABAPSyslog")
print_error("#{rhost}#{rport} [SAP] failed to access ABAPSyslog on #{rhost}:#{rport}")
return
end
end

35
modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb
View File

@ -40,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
OptString.new('LFILE', [false, 'Set path to save output to file', '']),
], self.class)
register_autofilter_ports([ 50013 ])
deregister_options('RHOST')
deregister_options('RHOST', 'LFILE')
end
def rport
@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
def getEnvironment(rhost)
verbose = datastore['VERBOSE']
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
print_status("#{rhost}:#{rhost} [SAP] Connecting to SAP Management Console SOAP Interface ")
success = false
soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
@ -112,37 +112,32 @@ class Metasploit3 < Msf::Auxiliary
else res.code == 500
case res.body
when /<faultstring>(.*)<\/faultstring>/i
faultcode = "#{$1}"
faultcode = $1.strip
fault = true
end
end
rescue ::Rex::ConnectionError
print_error("[SAP #{rhost}] Unable to attempt authentication")
print_error("#{rhost}:#{rhost} [SAP] Unable to connect")
return
end
if success
print_good("[SAP] Environment Extracted: #{env.length} entries extracted")
if datastore['LFILE'] != ''
outputfile = datastore['LFILE'] + "_" + datastore['RHOST']
print_good("Writing local file " + outputfile + " in XML format.")
File.open(outputfile,'ab') do |f|
f << res.body
end
else
env.each do |output|
print_status("#{output}")
end
return
end
print_good("#{rhost}:#{rport} [SAP] Environment Extracted: #{env.length} entries extracted")
report_note(
:host => rhost,
:proto => 'tcp',
:port => rport,
:type => 'sap.env',
:data => {:proto => "soap", :env => env},
:update => :unique_data )
)
elsif fault
print_error("[SAP] Errorcode: #{faultcode}")
print_error("#{rhost}:#{rhost} [SAP] Errorcode: #{faultcode}")
return
else
print_error("[SAP] failed to request environment")
print_error("#{rhost}:#{rhost} [SAP] failed to request environment")
return
end
end

29
modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles.rb
View File

@ -65,7 +65,7 @@ class Metasploit3 < Msf::Auxiliary
def gettfiles(rhost)
verbose = datastore['VERBOSE']
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
print_status("#{rhost}:#{rhost} [SAP] Connecting to SAP Management Console SOAP Interface")
success = false
soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
@ -122,43 +122,32 @@ class Metasploit3 < Msf::Auxiliary
when nil
# Nothing
when /<name>([^<]+)<\/name>/i
name = "#{$1}"
name = $1.strip
success = true
end
else res.code == 500
case res.body
when /<faultstring>(.*)<\/faultstring>/i
faultcode = "#{$1}"
faultcode = $1.strip
fault = true
end
end
rescue ::Rex::ConnectionError
print_error("[SAP] Unable to attempt authentication")
print_error("#{rhost}:#{rhost} [SAP] Unable to connect")
return
end
if success
print_good("[SAP] #{datastore['FILETYPE']}: #{datastore['RFILE']} downloaded from #{rhost}:#{rport}")
if datastore['LFILE'] != ''
outputfile = datastore['LFILE'] + "_" + datastore['RHOST']
print_status("Writing local file " + outputfile + " in XML format")
File.open(outputfile,'ab') do |f|
f << res.body
end
else
env.each do |output|
print_status("#{output}")
end
return
end
print_good("#{rhost}:#{rhost} [SAP] #{datastore['FILETYPE'].downcase}:#{datastore['RFILE'].downcase} looted")
store_loot("sap.#{datastore['FILETYPE'].downcase}file", "text/xml", rhost, res.body, "sap_#{datastore['RFILE'].downcase}.xml",
"SAP Get Logfile")
elsif fault
print_error("[SAP] Errorcode: #{faultcode}")
print_error("#{rhost}:#{rhost} [SAP] Errorcode: #{faultcode}")
return
else
print_error("[SAP] failed to request environment")
print_error("#{rhost}:#{rhost} [SAP] failed to request environment")
return
end
end

93
modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb
View File

@ -62,7 +62,7 @@ class Metasploit3 < Msf::Auxiliary
def enum_instance(rhost)
verbose = datastore['VERBOSE']
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
print_status("#{rhost}:#{rhost} [SAP] Connecting to SAP Management Console SOAP Interface")
success = false
soapenv='http://schemas.xmlsoap.org/soap/envelope/'
xsi='http://www.w3.org/2001/XMLSchema-instance'
@ -98,114 +98,121 @@ class Metasploit3 < Msf::Auxiliary
if res.code == 200
body = res.body
if body.match(/<property>CentralServices<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
centralservices = "#{$1}"
centralservices = $1.strip
success = true
end
if body.match(/<property>SAPSYSTEM<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
sapsystem = "#{$1}"
sapsystem = $1.strip
success = true
end
if body.match(/<property>SAPSYSTEMNAME<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
sapsystemname = "#{$1}"
sapsystemname = $1.strip
success = true
end
if body.match(/<property>SAPLOCALHOST<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
saplocalhost = "#{$1}"
saplocalhost = $1.strip
success = true
end
if body.match(/<property>INSTANCE_NAME<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
instancename = "#{$1}"
instancename = $1.strip
success = true
end
if body.match(/<property>ICM<\/property><propertytype>NodeURL<\/propertytype><value>([^<]+)<\/value>/)
icmurl = "#{$1}"
icmurl = $1.strip
success = true
end
if body.match(/<property>ABAP DB Connection<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
dbstring = "#{$1}"
dbstring = $1.strip
success = true
end
if body.match(/<property>protectedweb Webmethods<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
protectedweb = "#{$1}"
protectedweb = $1.strip
success = true
end
elsif res.code == 500
case res.body
when /<faultstring>(.*)<\/faultstring>/i
faultcode = "#{$1}"
faultcode = $1.strip
fault = true
end
end
rescue ::Rex::ConnectionError
print_error("[SAP] Unable to attempt authentication")
return :abort
print_error("#{rhost}:#{rhost} [SAP] Unable to connect")
return
end
if success
print_good("[SAP] Instance Properties Extracted from #{rhost}:#{rport}")
print_good("#{rhost}:#{rhost} [SAP] Instance Properties Extracted")
if centralservices
print_good("Central Services: #{centralservices}")
print_good("#{rhost}:#{rhost} [SAP] Central Services: #{centralservices}")
end
if sapsystem
print_good("SAP System Number: #{sapsystem}")
print_good("#{rhost}:#{rhost} [SAP] SAP System Number: #{sapsystem}")
report_note(:host => '#{rhost}',
:proto => 'SOAP',
:proto => 'tcp',
:port => '#{rport}',
:type => 'SAP',
:data => "SAP System Number: #{sapsystem}")
:type => 'sap.sapsystem',
:data => {:proto => "soap", :sapsystem => sapsystem})
end
if sapsystemname
print_good("SAP System Name: #{sapsystemname}")
print_good("#{rhost}:#{rhost} [SAP] SAP System Name: #{sapsystemname}")
report_note(:host => '#{rhost}',
:proto => 'SOAP',
:proto => 'tcp',
:port => '#{rport}',
:type => 'SAP',
:data => "SAP System Name: #{sapsystemname}")
:type => 'sap.systemname',
:data => {:proto => "soap", :sapsystemname => sapsystemname})
end
if saplocalhost
print_good("SAP Localhost: #{saplocalhost}")
print_good("#{rhost}:#{rhost} [SAP] SAP Localhost: #{saplocalhost}")
report_note(:host => '#{rhost}',
:proto => 'SOAP',
:port => '#{rport}',
:type => 'SAP',
:data => "SAP Localhost: #{saplocalhost}")
:proto => 'tcp',
:port => '#{rport}',
:type => 'sap.localhost',
:data => {:proto => "soap", :saplocalhost => saplocalhost})
end
if instancename
print_good("Instance Name: #{instancename}")
print_good("#{rhost}:#{rhost} [SAP] Instance Name: #{instancename}")
report_note(:host => '#{rhost}',
:proto => 'SOAP',
:port => '#{rport}',
:type => 'SAP',
:data => "SAP Instance Name: #{instancename}")
:proto => 'tcp',
:port => '#{rport}',
:type => 'sap.instancename',
:data => {:proto => "soap", :instancename => instancename})
end
if icmurl
print_good("ICM URL: #{icmurl}")
print_good("#{rhost}:#{rhost} [SAP] ICM URL: #{icmurl}")
report_note(:host => '#{rhost}',
:proto => 'SOAP',
:proto => 'tcp',
:port => '#{rport}',
:type => 'SAP',
:data => "SAP ICM URL: #{icmurl}")
:type => 'sap.icm.url',
:data => {:proto => "soap", :icmurl => icmurl})
end
if dbstring
print_good("DATABASE: #{dbstring}")
print_good("#{rhost}:#{rhost} [SAP] DATABASE: #{dbstring}")
report_note(:host => '#{rhost}',
:proto => 'SOAP',
:proto => 'tcp',
:port => '#{rport}',
:type => 'SAP',
:data => "SAP dbstring: #{dbstring}")
:type => 'sap.dbstring',
:data => {:proto => "soap", :dbstring => dbstring},
:update => :unique_data )
end
if protectedweb
print_good("protectedweb Webmethods: #{protectedweb}")
print_good("#{rhost}:#{rhost} [SAP] protectedweb Webmethods: #{protectedweb}")
report_note(:host => '#{rhost}',
:proto => 'tcp',
:port => '#{rport}',
:type => 'sap.protected.web.methods',
:data => {:proto => "soap", :protectedweb => protectedweb},
:update => :unique_data )
end
return
elsif fault
print_error("[SAP] Errorcode: #{faultcode}")
print_error("#{rhost}:#{rhost} [SAP] Errorcode: #{faultcode}")
return
else
print_error("[SAP] failed to identify instance properties")
print_error("#{rhost}:#{rhost} [SAP] failed to identify instance properties")
return
end
end

38
modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles.rb
View File

@ -110,48 +110,46 @@ class Metasploit3 < Msf::Auxiliary
when /<file>(.*)<\/file>/i
body = []
body = res.body
env =body.scan(/<filename>(.*?)<\/filename><size>(.*?)<\/size><modtime>(.*?)<\/modtime>/i)
env = body.scan(/<filename>(.*?)<\/filename><size>(.*?)<\/size><modtime>(.*?)<\/modtime>/i)
success = true
end
elsif res.code == 500
case res.body
when /<faultstring>(.*)<\/faultstring>/i
faultcode = "#{$1}"
faultcode = $1.strip
fault = true
end
end
rescue ::Rex::ConnectionError
print_error("[SAP] Unable to attempt authentication")
print_error("#{rhost}:#{rport} [SAP] Unable to attempt authentication")
return
end
if success
print_good("[SAP] #{datastore['FILETYPE']}: #{env.length} entries extracted from #{rhost}:#{rport}")
print_good("#{rhost}:#{rport} [SAP] #{datastore['FILETYPE'].downcase}: #{env.length} entries extracted")
saptbl = Msf::Ui::Console::Table.new(
Msf::Ui::Console::Table::Style::Default,
'Header' => 'SAP Logfiles',
'Prefix' => "\n",
'Postfix' => "\n",
'Columns' => [ 'Filename', 'Size', 'Date/Time' ]
)
env.each do |output|
#print_status("Filename: #{output[0]}\tSize: #{output[1]}\tDate: #{output[2]}")
saptbl << [ output[0], output[1], output[2] ]
end
print(saptbl.to_s)
saptbl = Rex::Ui::Text::Table.new(
'Header' => "SAP Log Files",
'Indent' => 1,
'Columns' =>
[
"Filename",
"Size",
"Timestamp"
])
store_loot("sap.#{datastore['FILETYPE'].downcase}file", "text/xml", rhost, saptbl.to_s, "sap_#{datastore['RFILE'].downcase}.xml",
"SAP #{datastore['FILETYPE'].downcase}:#{datastore['RFILE'].downcase}")
return
elsif fault
print_error("[SAP] Errorcode: #{faultcode}")
print_error("#{rhost}:#{rport} [SAP] Errorcode: #{faultcode}")
return
else
print_error("[SAP] failed to request environment")
print_error("#{rhost}:#{rport} [SAP] failed to request environment")
return
end
end

27
modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb
View File

@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
def getStartProfile(rhost)
verbose = datastore['VERBOSE']
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
print_status("#{rhost}: #{rport} [SAP] Connecting to SAP Management Console SOAP Interface")
success = false
soapenv ='http://schemas.xmlsoap.org/soap/envelope/'
xsi ='http://www.w3.org/2001/XMLSchema-instance'
@ -103,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary
when nil
# Nothing
when /<name>([^<]+)<\/name>/i
name = "#{$1}"
name = $1.strip
success = true
end
@ -120,33 +120,20 @@ class Metasploit3 < Msf::Auxiliary
elsif res.code == 500
case res.body
when /<faultstring>(.*)<\/faultstring>/i
faultcode = "#{$1}"
faultcode = $1.strip
fault = true
end
end
rescue ::Rex::ConnectionError
print_error("[SAP] Unable to attempt authentication")
return :abort
print_error("#{rhost}:#{rport} [SAP] Unable to connect")
return
end
if success
print_good("[SAP] Startup Profile Extracted: #{name} from #{rhost}:#{rport}")
if datastore['LFILE'] != ''
outputfile = datastore['LFILE'] + "_" + datastore['RHOST']
print_good("Writing local file " + outputfile + " in XML format")
File.open(outputfile,'ab') do |f|
f << res.body
end
else
env.each do |output|
print_status("#{output}")
end
return
end
print_good("#{rhost}:#{rport} [SAP] Startup Profile Extracted: #{name}")
store_loot("sap.profile", "text/xml", rhost, res.body, "sap_profile.xml", "SAP Profile XML")
elsif fault
print_error("[SAP] Errorcode: #{faultcode}")
return