Calls the RFC_PING RFC module via SOAP

[nmonkee]

Calls the RFC_PING RFC module via SOAP to test the availability of the function. The function simply tests connectivity to remote RFC destinations.

[brandonprry]

yo dawg, I heard you like trailing commas

[jvazquez-r7]

msftidy warnings should be fixed

$ tools/msftidy.rb modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb 
sap_soap_rfc_ping.rb:9 - [WARNING] Spaces at EOL
sap_soap_rfc_ping.rb:10 - [WARNING] Spaces at EOL
sap_soap_rfc_ping.rb:12 - [ERROR] Unicode detected: "# Mariano Nu\xC3\xB1ez (the author of the Bizploit framework) helped me in my efforts\n"
sap_soap_rfc_ping.rb:14 - [WARNING] Spaces at EOL
sap_soap_rfc_ping.rb:15 - [WARNING] Spaces at EOL
sap_soap_rfc_ping.rb:26 - [WARNING] Spaces at EOL
sap_soap_rfc_ping.rb:31 - [WARNING] Spaces at EOL
sap_soap_rfc_ping.rb:39 - [WARNING] Spaces at EOL
sap_soap_rfc_ping.rb:50 - [WARNING] Spaces at EOL

[jvazquez-r7]

Can MSF_LICENSE be used?

[jvazquez-r7]

While testing, when I use the default value "" for FIELDS I get FIELD NOT FOUND error. Is it normal? If that's normal maybe "" shouldn't be the default value for "FIELDS".

<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring>FIELD_NOT_VALID</faultstring><detail><rfc:RFC_READ_TABLE.Exception xmlns:rfc="urn:sap-com:document:sap:rfc:functions"><Name>FIELD_NOT_VALID</Name></rfc:RFC_READ_TABLE.Exception></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>

When I use a valid field the module works as expected:

msf  auxiliary(sap_soap_rfc_read_table) > show options
Module options (auxiliary/scanner/sap/sap_soap_rfc_read_table):
   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   CLIENT    001?             yes       Client
   FIELDS    MANDT            yes       Fields to read
   PASSWORD  admin1234        yes       Password
   Proxies                    no        Use a proxy chain
   RHOSTS    192.168.1.160    yes       The target address range or CIDR identifier
   RPORT     8000             yes       The target port
   TABLE     USR02            yes       Table to read
   THREADS   1                yes       The number of concurrent threads
   USERNAME  SAP*             yes       Username
   VHOST                      no        HTTP server virtual host
msf  auxiliary(sap_soap_rfc_read_table) > run
[*] [SAP] 192.168.1.160:8000 - sending SOAP RFC_READ_TABLE request
[*] [SAP] 192.168.1.160:8000 - got response
[SAP] RFC_READ_TABLE
====================
   Returned Data
   -------------
   001
   001
   001
   001
[*] Scanned 1 of 1 hosts (100% complete)

[nmonkee]

Unfortunately I get differing results from different tables.

Also some tables return too much data when setting star.

Try * on USR02.

Then MANDT, BNAME, BCODE, PASSCODE from USR02.

So its a PITA. The function is actually deprecated.

The text below is taken from SAP Note 382318:

The scope of function module RFC_READ_TABLE is very restricted. E.g., due to the fixed maximum row size only smaller tables can be accessed. There are several data types that cannot be handled, and also there are doubts regarding the Unicode compatibility of the function module. However, all this is quite immaterial, because the function is not meant to be publicly used anyway. It was only created to be used as a sample in various training courses, and is clearly flagged as “not released for customer”.
Solution – Do not use function module RFC_READ_TABLE in the first place!

On 16 Nov 2012, at 19:20, Juan Vazquez notifications@github.com wrote:

While testing, when I use the default value "" for FIELDS I get FIELD NOT FOUND error. Is it normal? If that's normal maybe "" shouldn't be the default value for "FIELDS".

SOAP-ENV:ClientFIELD_NOT_VALIDFIELD_NOT_VALID
When I use a valid field the module works as expected:

msf auxiliary(sap_soap_rfc_read_table) > show options

Module options (auxiliary/scanner/sap/sap_soap_rfc_read_table):

Name Current Setting Required Description

---

CLIENT 001? yes Client
FIELDS MANDT yes Fields to read
PASSWORD admin1234 yes Password
Proxies no Use a proxy chain
RHOSTS 192.168.1.160 yes The target address range or CIDR identifier
RPORT 8000 yes The target port
TABLE USR02 yes Table to read
THREADS 1 yes The number of concurrent threads
USERNAME SAP* yes Username
VHOST no HTTP server virtual host

msf auxiliary(sap_soap_rfc_read_table) > run

[] [SAP] 192.168.1.160:8000 - sending SOAP RFC_READ_TABLE request
[] [SAP] 192.168.1.160:8000 - got response

[SAP] RFC_READ_TABLE

Returned Data

---

001
001
001
001

[*] Scanned 1 of 1 hosts (100% complete)

—
Reply to this email directly or view it on GitHub.

email: dave@northern-monkee.co.uk
skype: n-monkee
ichat: nmonkee.mac.com
web: www.northern-monkee.co.uk
bus: www.linkedin.com/in/nmonkee
twitter: www.twitter.com/nmonkee

[jvazquez-r7]

Merged after final cleanup. Test:

rumsf  auxiliary(sap_soap_rfc_ping) > run
[*] [SAP] 192.168.1.160:8000 - sending SOAP RFC_PING request
[+] [SAP] 192.168.1.160:8000 - RFC service is alive
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed