made requested changes

2012-11-14 23:25:25 +00:00 · 2012-11-14 23:25:25 +00:00 · a252dbc5d7
parent 3be7ad06c4
commit a252dbc5d7
1 changed files with 21 additions and 23 deletions
--- a/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb
+++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb
@ -1,15 +1,15 @@
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
-# web site for more information on licensing and terms of use.
+# Framework web site for more information on licensing and terms of use.
-#   http://metasploit.com/
+# http://metasploit.com/framework/
 ##
 ##
 # This module is based on, inspired by, or is a port of a plugin available in
 # the Onapsis Bizploit Opensource ERP Penetration Testing framework -
 # http://www.onapsis.com/research-free-solutions.php.
-# Mariano Nuñez (the author of the Bizploit framework) helped me in my efforts
+# Mariano Nunez (the author of the Bizploit framework) helped me in my efforts
 # in producing the Metasploit modules and was happy to share his knowledge and
 # experience - a very cool guy. I'd also like to thank Chris John Riley,
 # Ian de Villiers and Joris van de Vis who have Beta tested the modules and
@ -27,12 +27,11 @@ class Metasploit4 < Msf::Auxiliary
 	def initialize
 		super(
 			'Name' => 'SAP SOAP RFC_PING',
 			'Version' => '$Revision$',
 			'Description' => %q{
 				Calls the RFC_PING RFC module via SOAP to test the availability of the function.
 				The function simply tests connectivity to remote RFC destinations.
 				},
-			'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com' ]],
+			'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com/tools/2012/04/27/sap-metasploit-modules/' ]],
 			'Author' => [ 'Agnivesh Sathasivam','nmonkee' ],
 			'License' => BSD_LICENSE
 			)
@ -41,7 +40,7 @@ class Metasploit4 < Msf::Auxiliary
 			[
 				OptString.new('CLIENT', [true, 'Client', nil]),
 				OptString.new('USERNAME', [true, 'Username ', 'SAP*']),
-				OptString.new('PASSWORD', [true, 'Password ', '06071992']),
+				OptString.new('PASSWORD', [true, 'Password ', '06071992'])
 			], self.class)
 		register_autofilter_ports([ 8000 ])
 	end
@ -68,18 +67,17 @@ class Metasploit4 < Msf::Auxiliary
 						'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
 						'Cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + client,
 						'Authorization'  => 'Basic ' + user_pass,
-						'Content-Type'   => 'text/xml; charset=UTF-8',
+						'Content-Type'   => 'text/xml; charset=UTF-8'
 					}
 				}, 45)
-			if (res and res.code != 500 and res.code != 200)
+			if res and res.code != 500 and res.code != 200
-				# to do - implement error handlers for each status code, 404, 301, etc.
+				if res and res.body =~ /<h1>Logon failed<\/h1>/
 				if res.body =~ /<h1>Logon failed<\/h1>/
 					print_error("[SAP] #{ip}:#{rport} - login failed!")
 				else
 					print_error("[SAP] #{ip}:#{rport} - something went wrong!")
 				end
 				return
-			elsif res.body =~ /Response/
+			elsif res and res.body =~ /Response/
 				print_status("[SAP] #{ip}:#{rport} - RFC service is alive")
 			else
 				print_status("[SAP] #{ip}:#{rport} - RFC service is not alive")