Penetration Testing mailing list archives
Re: SAP Pen-Test
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Tue, 02 Nov 2004 11:39:34 +0100
Le ven 29/10/2004 à 10:42, Sven Tambler a écrit :
I want to test a SAP Enterprise Portal. Do you know a tool for pen-testing a SAP portal?
AFAIK, there's no tool dedicated to testing the security of SAP
components. But if "SAP Enterprise Portal" is the same thing that the
"SAP Internet Transaction Server", the presentation of FX at the last
CCC conference will give you some hints (and exploits !) for several
buffer-overflows and format strings bugs.
http://www.phenoelit.de/whatSAP/
You could too try the default passwords of SAP (try Google) or gain
access to the SAP-RFC ports and brute-force ID without account locking,
or fetch some information (version, patchlevel, ... of SAP R/3, the OS
and the DB) with a hacked 'sapinfo.c'. Once you've a SAP account, you
could use transaction SM69 to execute commands on the server.
Regards,
--
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
Current thread:
- SAP Pen-Test Sven Tambler (Nov 01)
- RE: SAP Pen-Test Rob Shein (Nov 03)
- RE: SAP Pen-Test Marc Heuse (Nov 05)
- Re: SAP Pen-Test Nicolas Gregoire (Nov 03)
- Re: SAP Pen-Test Martin Eiszner (Nov 05)
- <Possible follow-ups>
- RE: SAP Pen-Test Todd Towles (Nov 03)
- RE: SAP Pen-Test Nicolas Gregoire (Nov 05)
- RE: SAP Pen-Test Rob Shein (Nov 03)