SAP Backdoors {placeholder Post]
This is a placeholder for future post, on backdooring SAP servers: 1. SAP profile SETENV_xx parameter - if get local access, or SAP level access can cat or echo a line into profile parameter file - concatenated command for SETENV_+xx param 2. Using ABAP program + SM37 - ABAP program to fetch comamnd from a remote server (HTTP-GET ABAP Function Module) - schedule job every 2 minits interval - for that job, set spool recipient to remote attacker email so output can be sent over - Pre-req: SCOT configuration, Auth for SM36, SE38 to be continued.. //alak
LOL teros letak blog
ReplyDeletewakakaka. mati2 tadi aku ingat kau yg buat.
ReplyDeletetuh a.. aku pon mule2 engat aku yg buat. haha.. mane dtg tah die pom name 'Adam. XD
ReplyDelete