Attacking the Giants: Exploiting SAP Internals - Cybsec

More documents

Recommendations

Info

Attacking the Giants: Exploiting SAP Internals Advanced Attacks © 2007 Evil Twin • Registration of External Servers can be done remotely. • ACL for registration process is implemented through the reg_info file. •By default, registration for everyone is allowed. (Registration Party!) • External Servers can register several times with the same Program ID. • ANY External Server can register with that ID! •Attack: 1. Connect to licit Registered Server, ID=REG1 (blocking connections). 2. Register External Server with ID=REG1. 3. Drink some beer while watching calls arriving to our Evil Twin Server... 36
Attacking the Giants: Exploiting SAP Internals Advanced Attacks © 2007 Evil Twin illustrated… RESPONSE ID=REG1 RCF Call SAP GW ID=REG1 SAP R/3 - Legimate An Now, external the External same RFC malicious RFC Server client/server registers connects at appears SAP R/3 with in Gateway. the -scene... SAP Innocent R/3 Gateway, (don’t lamb connection be registering afraid, establishment... it’s itself controlled) with the same ID as the -original Client The attacker performs external connects RFC server call with and the Server original answers RFC server, politely. -preventing All future him connections from serving to the requests REG1 from server other will clients. be attended by the evil one. External RFC Malicius Server 37
Page 1 and 2: Attacking the Giants: Exploiting SA
Page 35: Attacking the Giants: Exploiting SA
Page 45: Attacking the Giants: Exploiting SA

Attacking the Giants: Exploiting SAP Internals - Cybsec

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?