Security Basics mailing list archives
SAP information sniffing - need help
From: rivestp () metro ca
Date: 29 Apr 2008 18:09:08 -0000
Hello, This question is from a previous post i got that sent me to this interesting web page: http://www.cybsec.com/upload/bh-eu-07-nunez-di-croce-WP_paper.pdf. Basicly if you look at page 6 of the document, it shows a sniffing result and tells us about the username/password of SAP. I have tried to reproduce this with Wireshark, filtering the traffic from my SAP server (using the ip as filter). I cant find the username, client_id or anything related to authentification. I would then think we are using SNC, but in fact we are not (i check the proprieties of the client). Anyone who can give me links or a way to identify the username/client_id or password (that i will XOR) would greatly help me get SNC activated here (and also get rid of telnet & ftp :)) Appreciated Philippe Rivest, Certified Ethical Hacker
Current thread:
- SAP information sniffing - need help rivestp (Apr 29)