Merge branch 'master' of https://github.com/rapid7/metasploit-framework

modules/auxiliary/scanner/sap/sap_router_info_request.rb

@@ -2,7 +2,24 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
-#   http://metasploit.com/framework/
+# http://metasploit.com/framework/
+##
+
+##
+# This module is based on, inspired by, or is a port of a plugin available in
+# the Onapsis Bizploit Opensource ERP Penetration Testing framework -
+# http://www.onapsis.com/research-free-solutions.php.
+# Mariano Nunez (the author of the Bizploit framework) helped me in my efforts
+# in producing the Metasploit modules and was happy to share his knowledge and
+# experience - a very cool guy.
+#
+# The following guys from ERP-SCAN deserve credit for their contributions -
+# Alexandr Polyakov, Alexey Sintsov, Alexey Tyurin, Dmitry Chastukhin and
+# Dmitry Evdokimov.
+#
+# I'd also like to thank Chris John Riley, Ian de Villiers and Joris van de Vis
+# who have Beta tested the modules and provided excellent feedback. Some people
+# just seem to enjoy hacking SAP :)
 ##
 
 require 'msf/core'
@@ -18,19 +35,18 @@ class Metasploit4 < Msf::Auxiliary
 			'Name' => 'SAPRouter Admin Request',
 			'Description' => %q{
 				Display the remote connection table from a SAPRouter.
-				},
+			},
 			'References' => [
 					[ 'URL', 'http://labs.mwrinfosecurity.com/tools/2012/04/27/sap-metasploit-modules/' ],
 					[ 'URL', 'http://help.sap.com/saphelp_nw70ehp3/helpdata/en/48/6c68b01d5a350ce10000000a42189d/content.htm'],
-					[ 'URL', 'http://www.onapsis.com/research-free-solutions.php' ] # Bizsploit Opensource ERP Pentesting Framework
+					[ 'URL', 'http://www.onapsis.com/research-free-solutions.php' ], # Bizsploit Opensource ERP Pentesting Framework
+					[ 'URL', 'http://conference.hitb.org/hitbsecconf2010ams/materials/D2T2%20-%20Mariano%20Nunez%20Di%20Croce%20-%20SAProuter%20.pdf' ]
+				],
+			'Author' =>
+				[
+					'Mariano Nunez', # Disclosure about SAPRouter abuses
+					'nomnkee' # Metasploit module
 				],
-			'Author' => [
-				'nomnkee',
-				'Mariano Nunez',    # Wrote Bizploit, helped on this module, very cool guy
-				'Chris John Riley', # Testing
-				'Ian de Villiers',  # Testing
-				'Joris van de Vis'  # Testing
-			],
 			'License' => BSD_LICENSE
 			)
 		register_options(
@@ -103,25 +119,30 @@ class Metasploit4 < Msf::Auxiliary
 				case count
 				when 1
 					if packet_len > 150
-						sock.recv(150)
-						packet_len -= 150
-						source, packet_len = get_data(46,packet_len)
-						destination, packet_len = get_data(46,packet_len)
-						service, packet_len = get_data(30,packet_len)
-						sock.recv(2)
-						packet_len -= 2
-						saptbl << [source, destination, service]
-						while packet_len > 0
-							sock.recv(13)
-							packet_len -= 13
+						if sock.recv(150)  =~ /access denied/
+							print_error("#{host_port} - Access denied")
+							sock.recv(packet_len)
+							packet_len = sock.recv(4).unpack('H*')[0].to_i 16
+						else
+							packet_len -= 150
 							source, packet_len = get_data(46,packet_len)
 							destination, packet_len = get_data(46,packet_len)
 							service, packet_len = get_data(30,packet_len)
-							term = sock.recv(2)
+							sock.recv(2)
 							packet_len -= 2
 							saptbl << [source, destination, service]
+							while packet_len > 0
+								sock.recv(13)
+								packet_len -= 13
+								source, packet_len = get_data(46,packet_len)
+								destination, packet_len = get_data(46,packet_len)
+								service, packet_len = get_data(30,packet_len)
+								term = sock.recv(2)
+								packet_len -= 2
+								saptbl << [source, destination, service]
+							end
+							packet_len = sock.recv(4).unpack('H*')[0].to_i 16
 						end
-						packet_len = sock.recv(4).unpack('H*')[0].to_i 16
 					else
 						print_error("#{host_port} - No connected clients")
 						sock.recv(packet_len)