Giter Club home page Giter Club logo

sap_recon's People

Contributors

chipik avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

neomatrixcode iamtutu cradlr-sudo haifauniversity balramrexwal sec99 mattburch kgorin8 manasmbellani vishal9066 rassec taiji-xo hunter0x8 threatpage reanimat0r tundeogunkoya 5l1v3r1 shantanu561993 m4rm0k freefv killvxk askyeye sry309 jin89 0xajstrike jknigh13 set619 briansandro materaj2 krouser sugarp0pe semimitoz mrawb itsns satyasys arzikamubarak c002 orochi4268 rotund-jere ramyfrahman ttuanhung jackrichardzon sageof6iixpaths harris2015 quinzhi 0xagentsteal jtperez01 smhtahsin33 kaka77 pyking jobj1 3453-315h okaayfine dimopouloselias zigmud darkoneiroi t3nz3nsow laudarch likcn nicolas93 enosonm1505 naitsirhc41

sap_recon's Issues

Issue with a patched system

  1. The script told me on a fresh patched system (LM CTC 7.50 SPS 16 PL 02) that's vulnerable.
$ python3 test.py -H t4stsystemhost -c -v
Check1 - Vulnerable! [CVE-2020-6287] (RECON) - http://t4stsystemhost:50000/CTCWebService/CTCWebServiceBean

-> works not as designed

  1. The script told me on a old system (LM CTC 7.50 SPS 16 PL 00) that's vulnerable.
$ python3 test.py -H t4stsystemhost -c -v
Check1 - Vulnerable! [CVE-2020-6287] (RECON) - http://t4stsystemhost:50000/CTCWebService/CTCWebServiceBean

-> works as designed

  1. The script say that everthing is fine if tclmctcculstartup_app was stopped
$ python3 test.py -H t4stsystemhost  -c -v
Check1 - OK
Check2 - OK
Check3 - OK

-> works as designed

User creation not working 

python3 test.py -H testing -u

Check1 - Vulnerable! [CVE-2020-6287] (RECON) - http://testing:50000/CTCWebService/CTCWebServiceBean
Going to create new user. sapRpoc5990:Secure!PwD7467
Traceback (most recent call last):
  File "test.py", line 167, in <module>
    exploit_createUser(result["url"].replace("?wsdl", ""))
  File "test.py", line 113, in exploit_createUser
    payload = generate_CreateUser_paylod()
  File "test.py", line 106, in generate_CreateUser_paylod
    return base64.b64encode(p).encode(encoding='UTF-8')
  File "/usr/lib/python3.6/base64.py", line 58, in b64encode
    encoded = binascii.b2a_base64(s, newline=False)
TypeError: a bytes-like object is required, not 'str'

I changed line 106 with return base64.b64encode(p.encode('utf-8')).decode('utf-8') seems to solve this issue.

possible bug

first thanks for the script.

I am running this on python 3.9 on Catalina and I get the following error
ps the PII has been redacted.

SAP_RECON-master python3 RECON.py -H [redactedIP] -c -p [redactedIP]:[Port]
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 412, in send
conn = self.get_connection(request.url, proxies)
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 309, in get_connection
proxy_manager = self.proxy_manager_for(proxy)
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 193, in proxy_manager_for
manager = self.proxy_manager[proxy] = proxy_from_url(
File "/usr/local/lib/python3.9/site-packages/urllib3/poolmanager.py", line 536, in proxy_from_url
return ProxyManager(proxy_url=url, **kw)
File "/usr/local/lib/python3.9/site-packages/urllib3/poolmanager.py", line 480, in init
raise ProxySchemeUnknown(proxy.scheme)
urllib3.exceptions.ProxySchemeUnknown: Not supported proxy scheme None

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/Users/userID/Downloads/SAP_RECON-master/RECON.py", line 218, in
detect_vuln(base_url)
File "/Users/userID/Downloads/SAP_RECON-master/RECON.py", line 30, in detect_vuln
ans = requests.head(base_url + checks['path'], headers=headers, proxies=proxies, timeout=timeout, allow_redirects=False, verify=False)
File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 104, in head
return request('head', url, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 414, in send
raise InvalidURL(e, request=request)
requests.exceptions.InvalidURL: Not supported proxy scheme None

Only one Check used

Only first check is performed (with -c option), because of
return {"status":False, "url":""}
in else clause, that exits the loop
Is it intended to work like that?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.