Penetration Testing mailing list archives
Re: Saprouter audit
From: Jan van Rensburg <jan.van.rensburg () epiuse com>
Date: Wed, 13 Sep 2006 09:21:54 +0200
Hi Prashant,Saprouter is closed source software for a closed spec protocol. Therefor pentesting will take some manual labour. Depending on how much time you want to put into this, you could do some reverse engineering and try the usual suspects - buffer overflows etc.
This might be a useful starting point: http://www.ccc.de/congress/2004/fahrplan/event/26.de.htmlQuote from the site: "Most hackers perceive SAP R/3 installations as enormous data graves with limited hack value because of its immense size and doubtful design. However, there are usually lots of company relevant data. As it is good and common practise, the more valuable the data, the less it is protected."
Considering how crucial SAP can be to businesses who own it, the security community would probably do their clients a huge service by really getting to grips with SAP.
Regards, Jan On 12 Sep 2006, at 8:06 AM, prashant.gawade () paladion net wrote:
Hi allDuring penetration testing I found port 3299 is open on the serve.Research shows me that this port is open on saprouter.To give more information about saprouterIt provides additional level of security to sap servers.We can set rules like normal cisco router on saprouter.It act like proxy for people connecting to the sap servers.I am looking for information like Penetration testing on sap router Things we can test on port 3299 Prashant Gawade Information Security Consultant Paladion Networks Navi Mumbai India---------------------------------------------------------------------- --This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php---------------------------------------------------------------------- --
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Saprouter audit prashant . gawade (Sep 12)
- RE: Saprouter audit Ali-Reza Anghaie (Sep 13)
- Re: Saprouter audit Jan van Rensburg (Sep 13)