Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SAP Pen-Test

from [Nicolas Gregoire] Network Security [Permanent Link]
Subject: RE: SAP Pen-Test
Date: Thu, 04 Nov 2004 08:17:39 +0100 


Hydra (parallized login hacker) from THC uses some SAP R/3 stuff.
Anyone ever use test it?


I think that the code used in Hydra is derivated from mine, so I can
speak about it : Yes, it works fine !

In order to use Hydra against SAP servers, you will first need
'saprfc.h' and 'librfc.a' from the SAP SDK (freely available at [1]) to
compile hydra with SAP R/3 support (check the 'configure' file).

Once you've a working SAP-enabled hydra, you can use it to search for
valid login/passwd combos *without* account locking [2]. But a decent
way to do it is to begin with administrative/default accounts as listed
in [3].

However, there's a small bug in hydra : a check for the client ID (aka
"mandant" in SAP language) being between 0 and 99 is done, should be
0-999. Probably a confusion with the sysnr (TCP port = 3200+sysnr).


[1] : http://www50.sap.com/linux/eval/index.asp
[2] : http://securitytracker.com/alerts/2003/Mar/1006223.html
[3] : http://www.hoelzner.de/security/sap_default_passwords.php

Regards,
-- 
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: SAP Pen-Test, Marc Heuse
Next by Date:  RE: Vigilante security Scanner, Ralph H. Chapman
Previous by Thread:  RE: SAP Pen-Test, Todd Towles
Next by Thread:  Re: The business/marketing of pen-testing., kingpang
Indexes:  [Date] [Thread] [Top] [All Lists]