Replace class var @@agents with a class instance var in auxiliary and exploit modules.
This commit is contained in:
Vladimir Ivanov
@@ -11,6 +11,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Metasploit::Framework::SapSolutionManager::Client
|
||||
|
||||
@agents = Array.new # Array of connected agents
|
||||
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
@@ -58,7 +60,15 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
OptString.new('AGENT', [true, 'Agent server name for exploitation', 'agent_server_name']),
|
||||
]
|
||||
)
|
||||
@@agents = Array.new # Array of connected agents
|
||||
self.class.agents = Array.new
|
||||
end
|
||||
|
||||
class << self
|
||||
attr_reader :agents
|
||||
end
|
||||
|
||||
class << self
|
||||
attr_writer :agents
|
||||
end
|
||||
|
||||
def setup_variables
|
||||
@@ -119,11 +129,11 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
|
||||
# Check current agent in agents list
|
||||
def check_agent(agent_name)
|
||||
if @@agents.empty?
|
||||
if self.class.agents.empty?
|
||||
begin
|
||||
print_status("Getting a list of agents connected to the Solution Manager: #{@host}")
|
||||
@@agents = make_agents_array(@path)
|
||||
vprint_good("Connected agents list: \n#{pretty_agents_table(@@agents)}")
|
||||
self.class.agents = make_agents_array(@path)
|
||||
vprint_good("Connected agents list: \n#{pretty_agents_table(self.class.agents)}")
|
||||
rescue RuntimeError => e
|
||||
print_error("Failed to make the list of connected agents on the SAP Solution Manager page at #{@solman_uri}")
|
||||
vprint_error("Error #{e.class}: #{e}")
|
||||
@@ -132,10 +142,10 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
end
|
||||
|
||||
if agent_name.nil?
|
||||
fail_with(Failure::NoTarget, "Please set agent: `set AGENT #{@@agents[0]['serverName']}`")
|
||||
fail_with(Failure::NoTarget, "Please set agent: `set AGENT #{self.class.agents[0]['serverName']}`")
|
||||
end
|
||||
|
||||
@@agents.each do |agent|
|
||||
self.class.agents.each do |agent|
|
||||
if agent_name == agent[:serverName]
|
||||
return true
|
||||
end
|
||||
@@ -160,7 +170,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
|
||||
# Get agent OS by agent server name
|
||||
def get_agent_os(agent_name)
|
||||
@@agents.each do |agent|
|
||||
self.class.agents.each do |agent|
|
||||
if agent_name == agent[:serverName]
|
||||
return agent[:osName]
|
||||
end
|
||||
@@ -171,14 +181,14 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
def check
|
||||
setup_variables
|
||||
begin
|
||||
@@agents = make_agents_array(@path)
|
||||
self.class.agents = make_agents_array(@path)
|
||||
rescue RuntimeError
|
||||
return Exploit::CheckCode::Safe
|
||||
end
|
||||
if @@agents.empty?
|
||||
if self.class.agents.empty?
|
||||
print_status("Solution Manager server: #{@host}:#{@port} is vulnerable but no agents connected!")
|
||||
else
|
||||
print_good("Connected agents list: \n#{pretty_agents_table(@@agents)}")
|
||||
print_good("Connected agents list: \n#{pretty_agents_table(self.class.agents)}")
|
||||
end
|
||||
report_service_and_vuln
|
||||
Exploit::CheckCode::Vulnerable
|
||||
@@ -187,7 +197,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
def exploit
|
||||
setup_variables
|
||||
unless check_agent(@agent_name)
|
||||
fail_with(Failure::BadConfig, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(@@agents)}")
|
||||
fail_with(Failure::BadConfig, "Not found agent: #{@agent_name} in connected agents: \n#{pretty_agents_table(self.class.agents)}")
|
||||
end
|
||||
report_service_and_vuln
|
||||
agent_os = get_agent_os(@agent_name) || 'Unknown OS'
|
||||
|
||||
Reference in New Issue
Block a user