New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Calls the RFC_PING RFC module via SOAP #1031
Conversation
…e function. The function simply tests connectivity to remote RFC destinations.
[ | ||
OptString.new('CLIENT', [true, 'Client', nil]), | ||
OptString.new('USERNAME', [true, 'Username ', 'SAP*']), | ||
OptString.new('PASSWORD', [true, 'Password ', '06071992']), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yo dawg, I heard you like trailing commas
msftidy warnings should be fixed $ tools/msftidy.rb modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb sap_soap_rfc_ping.rb:9 - [WARNING] Spaces at EOL sap_soap_rfc_ping.rb:10 - [WARNING] Spaces at EOL sap_soap_rfc_ping.rb:12 - [ERROR] Unicode detected: "# Mariano Nu\xC3\xB1ez (the author of the Bizploit framework) helped me in my efforts\n" sap_soap_rfc_ping.rb:14 - [WARNING] Spaces at EOL sap_soap_rfc_ping.rb:15 - [WARNING] Spaces at EOL sap_soap_rfc_ping.rb:26 - [WARNING] Spaces at EOL sap_soap_rfc_ping.rb:31 - [WARNING] Spaces at EOL sap_soap_rfc_ping.rb:39 - [WARNING] Spaces at EOL sap_soap_rfc_ping.rb:50 - [WARNING] Spaces at EOL |
}, | ||
'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com' ]], | ||
'Author' => [ 'Agnivesh Sathasivam','nmonkee' ], | ||
'License' => BSD_LICENSE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can MSF_LICENSE be used?
While testing, when I use the default value "" for FIELDS I get FIELD NOT FOUND error. Is it normal? If that's normal maybe "" shouldn't be the default value for "FIELDS". <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring>FIELD_NOT_VALID</faultstring><detail><rfc:RFC_READ_TABLE.Exception xmlns:rfc="urn:sap-com:document:sap:rfc:functions"><Name>FIELD_NOT_VALID</Name></rfc:RFC_READ_TABLE.Exception></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope> When I use a valid field the module works as expected: msf auxiliary(sap_soap_rfc_read_table) > show options Module options (auxiliary/scanner/sap/sap_soap_rfc_read_table): Name Current Setting Required Description ---- --------------- -------- ----------- CLIENT 001? yes Client FIELDS MANDT yes Fields to read PASSWORD admin1234 yes Password Proxies no Use a proxy chain RHOSTS 192.168.1.160 yes The target address range or CIDR identifier RPORT 8000 yes The target port TABLE USR02 yes Table to read THREADS 1 yes The number of concurrent threads USERNAME SAP* yes Username VHOST no HTTP server virtual host msf auxiliary(sap_soap_rfc_read_table) > run [*] [SAP] 192.168.1.160:8000 - sending SOAP RFC_READ_TABLE request [*] [SAP] 192.168.1.160:8000 - got response [SAP] RFC_READ_TABLE ==================== Returned Data ------------- 001 001 001 001 [*] Scanned 1 of 1 hosts (100% complete) |
Unfortunately I get differing results from different tables. Also some tables return too much data when setting star. Try * on USR02. Then MANDT, BNAME, BCODE, PASSCODE from USR02. So its a PITA. The function is actually deprecated. The text below is taken from SAP Note 382318: The scope of function module RFC_READ_TABLE is very restricted. E.g., due to the fixed maximum row size only smaller tables can be accessed. There are several data types that cannot be handled, and also there are doubts regarding the Unicode compatibility of the function module. However, all this is quite immaterial, because the function is not meant to be publicly used anyway. It was only created to be used as a sample in various training courses, and is clearly flagged as “not released for customer”. On 16 Nov 2012, at 19:20, Juan Vazquez notifications@github.com wrote:
email: dave@northern-monkee.co.uk |
Merged after final cleanup. Test: rumsf auxiliary(sap_soap_rfc_ping) > run [*] [SAP] 192.168.1.160:8000 - sending SOAP RFC_PING request [+] [SAP] 192.168.1.160:8000 - RFC service is alive [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed |
Calls the RFC_PING RFC module via SOAP to test the availability of the function. The function simply tests connectivity to remote RFC destinations.