made requested changes

nmonkee · nmonkee · commit 91b81bee4a0d · 2012-11-14T23:19:09.000Z
diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb
@@ -6,13 +6,13 @@
 ##
 
 ##
-# This module is based on, inspired by, or is a port of a plugin available in 
-# the Onapsis Bizploit Opensource ERP Penetration Testing framework - 
+# This module is based on, inspired by, or is a port of a plugin available in
+# the Onapsis Bizploit Opensource ERP Penetration Testing framework -
 # http://www.onapsis.com/research-free-solutions.php.
-# Mariano Nuñez (the author of the Bizploit framework) helped me in my efforts
+# Mariano Nunez (the author of the Bizploit framework) helped me in my efforts
 # in producing the Metasploit modules and was happy to share his knowledge and
-# experience - a very cool guy. I'd also like to thank Chris John Riley, 
-# Ian de Villiers and Joris van de Vis who have Beta tested the modules and 
+# experience - a very cool guy. I'd also like to thank Chris John Riley,
+# Ian de Villiers and Joris van de Vis who have Beta tested the modules and
 # provided excellent feedback. Some people just seem to enjoy hacking SAP :)
 ##
 
@@ -27,28 +27,28 @@ class Metasploit4 < Msf::Auxiliary
 	def initialize
 		super(
 			'Name' => 'SAP RFC RFC_READ_TABLE',
-			'Version' => '$Revision: $0.1',
 			'Description' => %q{
-				This module makes use of the RFC_READ_TABLE Remote Function Call (via SOAP) to read data from tables.
+				This module makes use of the RFC_READ_TABLE Remote Function Call (via SOAP) to read
+				data from tables.
 				},
-			'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com' ]],
+			'References' => [[ 'URL', 'http://labs.mwrinfosecurity.com/tools/2012/04/27/sap-metasploit-modules/' ]],
 			'Author' => [ 'Agnivesh Sathasivam', 'nmonkee' ],
 			'License' => BSD_LICENSE
 			)
-	
+
 	register_options(
 		[
 			OptString.new('CLIENT', [true, 'Client', nil]),
 			OptString.new('USERNAME', [true, 'Username', nil]),
 			OptString.new('PASSWORD', [true, 'Password', nil]),
 			OptString.new('TABLE', [true, 'Table to read', nil]),
-			OptString.new('FIELDS', [true, 'Fields to read', '*']),
+			OptString.new('FIELDS', [true, 'Fields to read', '*'])
 		], self.class)
 	end
-	
+
 	def run_host(ip)
 		columns = []
-		columns.push ('*') if datastore['FIELDS'].nil?
+		columns << '*' if datastore['FIELDS'].nil?
 		if datastore['FIELDS']
 			columns.push (datastore['FIELDS']) if datastore['FIELDS'] =~ /^\w?/
 			columns = datastore['FIELDS'].split(',') if datastore['FIELDS'] =~ /\w*,\w*/
@@ -59,7 +59,7 @@ def run_host(ip)
 		end
 		exec(ip,fields)
 	end
-	
+
 	def exec(ip,fields)
 		data = '<?xml version="1.0" encoding="utf-8" ?>'
 		data << '<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">'
@@ -88,27 +88,27 @@ def exec(ip,fields)
 					'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
 					'Cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
 					'Authorization' => 'Basic ' + user_pass,
-					'Content-Type' => 'text/xml; charset=UTF-8',
+					'Content-Type' => 'text/xml; charset=UTF-8'
 					}
 				}, 45)
-			if (res and res.code != 500 and res.code != 200)
+			if res and res.code ! 500 and res.code != 200
 				# to do - implement error handlers for each status code, 404, 301, etc.
 				if res.body =~ /<h1>Logon failed<\/h1>/
 					print_error("[SAP] #{ip}:#{rport} - login failed!")
 				else
 					print_error("[SAP] #{ip}:#{rport} - something went wrong!")
 				end
 				return
-			elsif res.body =~ /Exception/
+			elsif res and res.body =~ /Exception/
 				response = res.body
 				error = response.scan(%r{<faultstring>(.*?)</faultstring>})
 				success = false
 				return
 			else
-				response = res.body
+				response = res.body if res
 				success = true
 			end
-			if success == true
+			if success
 				output = response.scan(%r{<WA>([^<]+)</WA>}).flatten
 				print_status("[SAP] #{ip}:#{rport} - got response")
 				saptbl = Msf::Ui::Console::Table.new(
@@ -117,21 +117,21 @@ def exec(ip,fields)
 						'Prefix' => "\n",
 						'Postfix' => "\n",
 						'Indent' => 1,
-						'Columns' => ["Returned Data"],
+						'Columns' => ["Returned Data"]
 						)
-				for i in 0..output.length-1
+				0.upto(output.length-1) do |i|
 					saptbl << [output[i]]
 				end
 				print(saptbl.to_s)
 			end
-			if success == false
-				for i in 0..error.length-1
+			if !success
+				0.upto(error.length-1) do |i|
 					print_error("[SAP] #{ip}:#{rport} - error #{error[i]}")
 				end
 			end
-			rescue ::Rex::ConnectionError
-				print_error("[SAP] #{ip}:#{rport} - Unable to connect")
-				return
-			end
+		rescue ::Rex::ConnectionError
+			print_error("[SAP] #{ip}:#{rport} - Unable to connect")
+			return false
 		end
-	end  
+	end
+end
