SAP Backdoors {placeholder Post]

This is a placeholder for future post, on backdooring SAP servers:

1. SAP profile SETENV_xx parameter
- if get local access, or SAP level access can cat or echo a line into profile parameter file
- concatenated command for SETENV_+xx param

2. Using ABAP program + SM37
- ABAP program to fetch comamnd from a remote server (HTTP-GET ABAP Function Module)
- schedule job every 2 minits interval
- for that job, set spool recipient to remote attacker email so output can be sent over
- Pre-req: SCOT configuration, Auth for SM36, SE38

to be continued..

//alak

Comments

  1. Really appreciate this wonderful as we have seen here. This is a great source to enhance knowledge for us. Thankful to you for sharing an article like this. SAP PDF training handbooks ebooks

    ReplyDelete
  2. The content you've posted here is fantastic because it provides some excellent information that will be quite beneficial to me. Thank you for sharing take SAP ebook pdf. Keep up the good work.

    ReplyDelete

Post a Comment

Popular posts from this blog

Fiori Apps Keep Calling Internal Hostname / Internal FQDN