SAP SOAP RFC RFC_READ_TABLE #1033

Merged
merged 2 commits into from Nov 16, 2012

Conversation

Projects
None yet
3 participants
@nmonkee
Contributor

nmonkee commented Nov 7, 2012

This module makes use of the RFC_READ_TABLE Remote Function Call (via SOAP) to read data from tables.

+ OptString.new('USERNAME', [true, 'Username', nil]),
+ OptString.new('PASSWORD', [true, 'Password', nil]),
+ OptString.new('TABLE', [true, 'Table to read', nil]),
+ OptString.new('FIELDS', [true, 'Fields to read', '*']),

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 9, 2012

Contributor

trailing comma

@brandonprry

brandonprry Nov 9, 2012

Contributor

trailing comma

+
+ def run_host(ip)
+ columns = []
+ columns.push ('*') if datastore['FIELDS'].nil?

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 9, 2012

Contributor

columns << '*' if datastore['FIELDS'].nil?

@brandonprry

brandonprry Nov 9, 2012

Contributor

columns << '*' if datastore['FIELDS'].nil?

+ 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
+ 'Cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
+ 'Authorization' => 'Basic ' + user_pass,
+ 'Content-Type' => 'text/xml; charset=UTF-8',

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 9, 2012

Contributor

trailing comma

@brandonprry

brandonprry Nov 9, 2012

Contributor

trailing comma

+ 'Content-Type' => 'text/xml; charset=UTF-8',
+ }
+ }, 45)
+ if (res and res.code != 500 and res.code != 200)

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 9, 2012

Contributor

if res and res.code ! 500 and res.code != 200

@brandonprry

brandonprry Nov 9, 2012

Contributor

if res and res.code ! 500 and res.code != 200

+ response = res.body
+ success = true
+ end
+ if success == true

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 9, 2012

Contributor

if success

@brandonprry

brandonprry Nov 9, 2012

Contributor

if success

+ 'Prefix' => "\n",
+ 'Postfix' => "\n",
+ 'Indent' => 1,
+ 'Columns' => ["Returned Data"],

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 9, 2012

Contributor

trailing comma

@brandonprry

brandonprry Nov 9, 2012

Contributor

trailing comma

+ end
+ print(saptbl.to_s)
+ end
+ if success == false

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 9, 2012

Contributor

if !success

Or if not success

@brandonprry

brandonprry Nov 9, 2012

Contributor

if !success

Or if not success

+ print(saptbl.to_s)
+ end
+ if success == false
+ for i in 0..error.length-1

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 9, 2012

Contributor

0.upto(error.length-1) do |i|

@brandonprry

brandonprry Nov 9, 2012

Contributor

0.upto(error.length-1) do |i|

+ 'Indent' => 1,
+ 'Columns' => ["Returned Data"],
+ )
+ for i in 0..output.length-1

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 9, 2012

Contributor

0.upto(output.length-1) do |i|

@brandonprry

brandonprry Nov 9, 2012

Contributor

0.upto(output.length-1) do |i|

+ 'Name' => 'SAP RFC RFC_READ_TABLE',
+ 'Version' => '$Revision: $0.1',
+ 'Description' => %q{
+ This module makes use of the RFC_READ_TABLE Remote Function Call (via SOAP) to read data from tables.

This comment has been minimized.

Show comment Hide comment
@jvazquez-r7

jvazquez-r7 Nov 14, 2012

Contributor

A little bigger description would be useful.

@jvazquez-r7

jvazquez-r7 Nov 14, 2012

Contributor

A little bigger description would be useful.

+
+ def initialize
+ super(
+ 'Name' => 'SAP RFC RFC_READ_TABLE',

This comment has been minimized.

Show comment Hide comment
@jvazquez-r7

jvazquez-r7 Nov 14, 2012

Contributor

A little more descriptive name would be useful.

@jvazquez-r7

jvazquez-r7 Nov 14, 2012

Contributor

A little more descriptive name would be useful.

+ def initialize
+ super(
+ 'Name' => 'SAP RFC RFC_READ_TABLE',
+ 'Version' => '$Revision: $0.1',

This comment has been minimized.

Show comment Hide comment
@jvazquez-r7

jvazquez-r7 Nov 14, 2012

Contributor

Version field isn't needed anymore

@jvazquez-r7

jvazquez-r7 Nov 14, 2012

Contributor

Version field isn't needed anymore

+ },
+ 'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com' ]],
+ 'Author' => [ 'Agnivesh Sathasivam', 'nmonkee' ],
+ 'License' => BSD_LICENSE

This comment has been minimized.

Show comment Hide comment
@jvazquez-r7

jvazquez-r7 Nov 14, 2012

Contributor

Can MSF_LICENSE be used?

@jvazquez-r7

jvazquez-r7 Nov 14, 2012

Contributor

Can MSF_LICENSE be used?

@jvazquez-r7

This comment has been minimized.

Show comment Hide comment
@jvazquez-r7

jvazquez-r7 Nov 14, 2012

Contributor

msftidy warnings should be fixed

$ tools/msftidy.rb modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb 
sap_soap_rfc_read_table.rb:9 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:10 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:12 - [ERROR] Unicode detected: "# Mariano Nu\xC3\xB1ez (the author of the Bizploit framework) helped me in my efforts\n"
sap_soap_rfc_read_table.rb:14 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:15 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:38 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:48 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:62 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:137 - [WARNING] Spaces at EOL
Contributor

jvazquez-r7 commented Nov 14, 2012

msftidy warnings should be fixed

$ tools/msftidy.rb modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb 
sap_soap_rfc_read_table.rb:9 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:10 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:12 - [ERROR] Unicode detected: "# Mariano Nu\xC3\xB1ez (the author of the Bizploit framework) helped me in my efforts\n"
sap_soap_rfc_read_table.rb:14 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:15 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:38 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:48 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:62 - [WARNING] Spaces at EOL
sap_soap_rfc_read_table.rb:137 - [WARNING] Spaces at EOL
+ print_error("[SAP] #{ip}:#{rport} - something went wrong!")
+ end
+ return
+ elsif res.body =~ /Exception/

This comment has been minimized.

Show comment Hide comment
@jvazquez-r7

jvazquez-r7 Nov 14, 2012

Contributor

res should be checked against nil I think

@jvazquez-r7

jvazquez-r7 Nov 14, 2012

Contributor

res should be checked against nil I think

@jvazquez-r7 jvazquez-r7 merged commit 91b81be into rapid7:master Nov 16, 2012

1 check passed

default The Travis build passed
Details
@jvazquez-r7

This comment has been minimized.

Show comment Hide comment
@jvazquez-r7

jvazquez-r7 Nov 16, 2012

Contributor

Merged after final cleanup and test:

runmsf  auxiliary(sap_soap_rfc_read_table) > run
[*] [SAP] 192.168.1.160:8000 - sending SOAP RFC_READ_TABLE request
[*] [SAP] 192.168.1.160:8000 - got response
[SAP] RFC_READ_TABLE
====================
   Returned Data
   -------------
   001|BCUSER
   001|DDIC
   001|SAP*
   001|SAPCPIC
[+] [SAP] 192.168.1.160:8000 - Data stored in /Users/juan/.msf4/loot/20121117000642_sap_192.168.1.160_sap.tables.data_260361.txt
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Contributor

jvazquez-r7 commented Nov 16, 2012

Merged after final cleanup and test:

runmsf  auxiliary(sap_soap_rfc_read_table) > run
[*] [SAP] 192.168.1.160:8000 - sending SOAP RFC_READ_TABLE request
[*] [SAP] 192.168.1.160:8000 - got response
[SAP] RFC_READ_TABLE
====================
   Returned Data
   -------------
   001|BCUSER
   001|DDIC
   001|SAP*
   001|SAPCPIC
[+] [SAP] 192.168.1.160:8000 - Data stored in /Users/juan/.msf4/loot/20121117000642_sap_192.168.1.160_sap.tables.data_260361.txt
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

jlee-r7 pushed a commit that referenced this pull request Aug 29, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment