SAP Post-Exploitation - One script to 0wn 'em All

The topic here is this: Post-exploitation for SAP systens - not at application level, but at OS level..

Imagine a red-teamer gained acess to aadm user ID. Having SSH or RDP access. Whats next?
Well, theres a lot he/sehe can do. adm has the rights to go query DB directly. adm can access userkeystore. adm typically has the rights to read PSE files and keytabs. adm typically can access /sapmnt/trans of other SID within the landscape. adm can aslo access profiles, DEFAULT.PFL, etc, and insert a command line backdoor that will restart each time the application starts.

Watch this space. Am developing that script. :)



Popular posts from this blog

Python: thread.error: can't start new thread

Windows 2003 W2k3 Getting Current MTU Size