Attacking the Giants: Exploiting SAP Internals - Cybsec
Attacking the Giants: Exploiting SAP Internals - Cybsec
Attacking the Giants: Exploiting SAP Internals - Cybsec
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Attacking</strong> <strong>the</strong> <strong>Giants</strong>: <strong>Exploiting</strong> <strong>SAP</strong> <strong>Internals</strong><br />
PenTesting with sapyto<br />
© 2007<br />
Available Plugins in Beta Version (cont.)<br />
•Attack:<br />
• RFC_START_PROGRAM Directory Trasversal.<br />
• Run commands through RFCEXEC.<br />
• Run commands through <strong>SAP</strong>XPG.<br />
• StickShell.<br />
• Evil Twin Attack.<br />
• Get remote RFCShell.<br />
• Tools:<br />
• RFC Password Obfuscator / De-obfuscator.<br />
29