Penetration Testing mailing list archives
RE: SAP Pen-Test
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Thu, 04 Nov 2004 08:17:39 +0100
Hydra (parallized login hacker) from THC uses some SAP R/3 stuff. Anyone ever use test it?
I think that the code used in Hydra is derivated from mine, so I can speak about it : Yes, it works fine ! In order to use Hydra against SAP servers, you will first need 'saprfc.h' and 'librfc.a' from the SAP SDK (freely available at [1]) to compile hydra with SAP R/3 support (check the 'configure' file). Once you've a working SAP-enabled hydra, you can use it to search for valid login/passwd combos *without* account locking [2]. But a decent way to do it is to begin with administrative/default accounts as listed in [3]. However, there's a small bug in hydra : a check for the client ID (aka "mandant" in SAP language) being between 0 and 99 is done, should be 0-999. Probably a confusion with the sysnr (TCP port = 3200+sysnr). [1] : http://www50.sap.com/linux/eval/index.asp [2] : http://securitytracker.com/alerts/2003/Mar/1006223.html [3] : http://www.hoelzner.de/security/sap_default_passwords.php Regards, -- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
Current thread:
- SAP Pen-Test Sven Tambler (Nov 01)
- RE: SAP Pen-Test Rob Shein (Nov 03)
- RE: SAP Pen-Test Marc Heuse (Nov 05)
- Re: SAP Pen-Test Nicolas Gregoire (Nov 03)
- Re: SAP Pen-Test Martin Eiszner (Nov 05)
- <Possible follow-ups>
- RE: SAP Pen-Test Todd Towles (Nov 03)
- RE: SAP Pen-Test Nicolas Gregoire (Nov 05)
- RE: SAP Pen-Test Rob Shein (Nov 03)