Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix undefined port (RPORT option ) in SAP brute module #12479

Merged
merged 4 commits into from Nov 18, 2019

Conversation

@trolldbois
Copy link
Contributor

trolldbois commented Oct 22, 2019

Define local variable port, to reflect the value of RPORT,
otherwise, L172 fails, as port (RPORT) is not defined

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use scanner/sap/sap_mgmt_con_brute_login
  • set RHOSTS
  • set PASSWORD a_password
  • ... find credentials that work

previous error

[-] Auxiliary failed: NameError undefined local variable or method `port' for #<Msf::Modules::Auxiliary__Scanner__Sap__Sap_mgmt_con_brute_login::MetasploitModule:0x000055dad69f4f78>
Did you mean?  rport
[-] Call stack:
[-]   /usr/share/metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb:170:in `enum_user'
[-]   /usr/share/metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb:58:in `block in run_host'
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/auth_brute.rb:211:in `block in each_user_pass'
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/auth_brute.rb:179:in `each'
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/auth_brute.rb:179:in `each_user_pass'
[-]   /usr/share/metasploit-framework/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb:57:in `run_host'
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:111:in `block (2 levels) in run'
[-]   /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:106:in `block in spawn'

trolldbois added 2 commits Oct 22, 2019
otherwise, L172 fails, as port (RPORT) is not defined
Remove space on empty line
@h00die

This comment has been minimized.

Copy link
Contributor

h00die commented Oct 22, 2019

I believe this bug is from just 1 line of code calling port instead of rport. However instead of fixing the one call, you added another line of code just to alias the variable. Wouldn't it not be easier to just change port to datastore['RPORT']? I may be missing other things, just asking.

Assign RPORT directly in report_cred, do not use temp `port` var
@trolldbois

This comment has been minimized.

Copy link
Contributor Author

trolldbois commented Oct 23, 2019

Correct, that would be easier.

as per suggested fix

Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com>
@bcoles
bcoles approved these changes Nov 8, 2019
@busterb busterb self-assigned this Nov 18, 2019
@busterb

This comment has been minimized.

Copy link
Member

busterb commented Nov 18, 2019

2 approved, let's land it!

bcook-r7 pushed a commit that referenced this pull request Nov 18, 2019
@bcook-r7 bcook-r7 merged commit 818a5ab into rapid7:master Nov 18, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@busterb

This comment has been minimized.

Copy link
Member

busterb commented Nov 18, 2019

Release Notes

This fixes an error when running the sap_mgmt_con_brute_login aux module.

msjenkins-r7 added a commit that referenced this pull request Nov 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.