SAP Backdoors {placeholder Post]

This is a placeholder for future post, on backdooring SAP servers:

1. SAP profile SETENV_xx parameter
- if get local access, or SAP level access can cat or echo a line into profile parameter file
- concatenated command for SETENV_+xx param

2. Using ABAP program + SM37
- ABAP program to fetch comamnd from a remote server (HTTP-GET ABAP Function Module)
- schedule job every 2 minits interval
- for that job, set spool recipient to remote attacker email so output can be sent over
- Pre-req: SCOT configuration, Auth for SM36, SE38

to be continued..

//alak

Comments

  1. Really appreciate this wonderful as we have seen here. This is a great source to enhance knowledge for us. Thankful to you for sharing an article like this. SAP PDF training handbooks ebooks

    ReplyDelete

Post a Comment

Popular posts from this blog

SAP Fiori Launchpad Activation via Task List (STC01)

Oracle Trigger to Log Logon Denied ORA-1017 Error into Alert Log