New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SAP Web GUI Brute Force #1041
SAP Web GUI Brute Force #1041
Conversation
OptString.new('URI',[true, 'URI', "/"]), | ||
OptString.new('CLIENT', [false, 'Client can be single (066), comma seperated list (000,001,066) or range (000-999)', '000,001,066']), | ||
OptBool.new('DEFAULT_CRED',[false, 'Check using the default password and username',true]), | ||
OptString.new('USERPASS_FILE',[false, '',nil]), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this trailing comma breaks on 1.8.7.
msftidy warnings should be fixed: $ tools/msftidy.rb modules/auxiliary/scanner/sap/sap_web_gui_brute_login.rb sap_web_gui_brute_login.rb:9 - [WARNING] Spaces at EOL sap_web_gui_brute_login.rb:10 - [WARNING] Spaces at EOL sap_web_gui_brute_login.rb:12 - [ERROR] Unicode detected: "# Mariano Nu\xC3\xB1ez (the author of the Bizploit framework) helped me in my efforts\n" sap_web_gui_brute_login.rb:14 - [WARNING] Spaces at EOL sap_web_gui_brute_login.rb:15 - [WARNING] Spaces at EOL sap_web_gui_brute_login.rb:27 - [WARNING] Spaces at EOL sap_web_gui_brute_login.rb:40 - [WARNING] Bad indent: "\t\t OptString.new('URI',[true, 'URI', \"/\"]),\n" sap_web_gui_brute_login.rb:41 - [WARNING] Bad indent: "\t\t OptString.new('CLIENT', [false, 'Client can be single (066), comma seperated list (000,001,066) or range (000-999)', '000,001,066']),\n" sap_web_gui_brute_login.rb:42 - [WARNING] Bad indent: " OptBool.new('DEFAULT_CRED',[false, 'Check using the default password and username',true]),\n" sap_web_gui_brute_login.rb:43 - [WARNING] Bad indent: " OptString.new('USERPASS_FILE',[false, '',nil]),\n" sap_web_gui_brute_login.rb:47 - [WARNING] Spaces at EOL sap_web_gui_brute_login.rb:65 - [WARNING] Spaces at EOL sap_web_gui_brute_login.rb:71 - [WARNING] Bad indent: " 'Header' => \"[SAP] Credentials\",\n" sap_web_gui_brute_login.rb:72 - [WARNING] Bad indent: " 'Prefix' => \"\\n\",\n" sap_web_gui_brute_login.rb:73 - [WARNING] Bad indent: " 'Postfix' => \"\\n\",\n" sap_web_gui_brute_login.rb:74 - [WARNING] Bad indent: " 'Indent' => 1,\n" sap_web_gui_brute_login.rb:75 - [WARNING] Bad indent: " 'Columns' => [\"host\",\"port\",\"client\",\"user\",\"pass\"])\n" sap_web_gui_brute_login.rb:94 - [WARNING] Spaces at EOL sap_web_gui_brute_login.rb:98 - [WARNING] Bad indent: "\t\t cookie = \"Active=true; sap-usercontext=sap-language=EN&sap-client=\#{cli}\"\n" sap_web_gui_brute_login.rb:120 - [WARNING] Spaces at EOL |
'License' => BSD_LICENSE | ||
) | ||
register_options([ | ||
OptString.new('URI',[true, 'URI', "/"]), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TARGETURI and its api should be used
Merged after last cleanup. In this cleanup I've merged the sap_soap_rfc_brute_login approach to get user/pass combinations: msf auxiliary(sap_web_gui_brute_login) > run [*] Brute forcing clients 000,001,066 [-] [SAP] 192.168.1.160:8000 - SAP* locked in client 000 [-] [SAP] 192.168.1.160:8000 - SAP* locked in client 001 [-] [SAP] 192.168.1.160:8000 - SAP* locked in client 000 [-] [SAP] 192.168.1.160:8000 - SAP* locked in client 001 [-] [SAP] 192.168.1.160:8000 - DDIC locked in client 000 [-] [SAP] 192.168.1.160:8000 - DDIC locked in client 001 [-] [SAP] 192.168.1.160:8000 - DDIC locked in client 000 [-] [SAP] 192.168.1.160:8000 - DDIC locked in client 001 [SAP] Credentials ================= host port client user pass ---- ---- ------ ---- ---- 192.168.1.160 8000 000 SAPCPIC ADMIN 192.168.1.160 8000 001 SAPCPIC ADMIN 192.168.1.160 8000 066 EARLYWATCH SUPPORT 192.168.1.160 8000 000 TMSADM PASSWORD [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(sap_web_gui_brute_login) > btw I need to unlock my SAP* account :-) |
UPDATE usr02 SET uflag = 0 WHERE bname = 'DDIC' AND mandt = '000' Etc. to unlock |
a yes hah :) USR02 transaction has been my friend while testing brute force logins :) thanks! |
Module to brute force SAP web GUI.