11.01.2017

As this is an very old post of mine – it’s still actuall. I am now responsible for a big SAP Landscape and this issues are now adressed somehow in very different guides. For example the DSAG Security howto. Or have a look for SAP Security essentials – also good for a contact is Virtual Forge – or aquinet.

27.02.2007

I am not interested in a base SAP hacking. if you’re interested in such a part there are much more basic stuff to look at – and finaly thats not what i’m doing. But if so: try to look for RFC weaknesses, SAP Max DB, Oracle vulnerabilties, SAP Kernel Weaknesses etc.

This topic requires at least a sap logon and a development authorisation. Basicly it’s not realy a howto rather than some ideas how to procceed – which come out of a brain of a geek, while doing his job.

Idea one:
Prerequisits: Debug authorisation (not necessary – but helps)

search for any customizing transport and modify the table entrys to gain more authorisations on a target system.

Idea two:
Prerequisits: Transport authorisation

Sap enables you to generate programms. This leaves quite much room to enter any system unconditional and without beeing detected. It is quite possible to clean up the own code after entering the target system through transport. Such a program is quite not foundable in target system and leaves every opertunity you wish. Just another idea.

small programm being generated loads a textfile from a ressource which containes new code to build. Maybe a look at some of the actual trojan architecture helps here for some more details. But at the end with much more evil oportunities.

If you had more such evil ideas – leave a comment.

Basicly this ideas are an attack from the inside – someone who gains development authorisations is due to definition „trustable“. But as such it is hard to recognize and more badly to ban and if done well, hard to follow back. Because who looks at the code a programmer had done —- i never had such an experience to get my sources controlled by s.o. ):-(