Attacking the Giants: Exploiting SAP Internals - Cybsec

More documents

Recommendations

Info

Attacking the Giants: Exploiting SAP Internals Advanced Attacks © 2007 A Wiser (and Stealth) Evil Twin: MITM Attacks • Proof of Concept. •Attack: 1. Connect to licit Registered Server, ID=REG1 (blocking connections). 2. Register External Server with ID=REG1. 3. Receive RFC call. 4. Log / Modify Parameters values. 5. Use established connection with licit Registered Server to forward the (possible modified) RFC call. 6. Get results and send them to the original client. 7. Disconnect from the licit Registered Server. 8. Back to Step 1. 38
Attacking the Giants: Exploiting SAP Internals Advanced Attacks © 2007 A Wiser (and Stealth) Evil Twin: MITM Attacks RESPONSE ID=REG1 RCF Call SAP R/3 SAP GW ID=REG1 RCF Modified Call Modified RESPONSE - So Here This we time, we have go every the again, same RFC blocking scenario, call received valid legitimate connections is Logged/Modified, client to and the and innocent forwarded External External RFC to the Server, original RCF the Server SAP external R/3 Server server. and the SAP Gateway - Now, the same malicious client/server connects with the SAP R/3 Gateway, and register itself with the same ID as the original external server. External RFC Malicius Server 39
Page 1 and 2: Attacking the Giants: Exploiting SA
Page 37: Attacking the Giants: Exploiting SA
Page 45: Attacking the Giants: Exploiting SA

Attacking the Giants: Exploiting SAP Internals - Cybsec

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?