• Consulting
  • Information Security
  • Networking
  • Software Development
  • R&D
  • BLOG

  • Advisory
  • Malware Analysis
  • Talk
  • Tech Tips
  • Cracking SAP password – Conclusion

    16-01-2015

    Conclusions To protect a SAP system from these type of attacks we can work at various levels. On the ABAP Application, we can restrict the access to the tables that hold the hashes to only the administrator using access permissions. Direct access to the database should be too protected by strong passwords (included the one […]

    SAP Penetration Test

    Cracking SAP password – How to retrieve hashes from SAP Portal JAVA Application

    16-01-2015

    How to retrieve hashes from SAP Portal (Application JAVA) When the JAVA SAP component is not connected on the ABAP component (the UME), unluckily, most of the techniques we already discussed cannot be used. Anyway the steps taken to work with the wordlists and the john rules are still valid. That is, if you exclude […]

    SAP Penetration Test

    Cracking SAP password – Cracking PASSCODE

    16-01-2015

    From BCODE to PASSCODE Once we have found a sufficient amount of passwords, using both John the Ripper and oclHashcat, we can proceed cracking the passcode. This is the “real” password used by a user to log on the SAP system. # cat found_sap_qla_bcode.txt >> sap_qla_bcode.pot # vi sap_qla_bcode.pot :%s/^.\{-}://g :sort u :w sap_qla_bcode.wrd :q! […]

    SAP Penetration Test

    Cracking SAP password – Cracking BCODE

    16-01-2015

    Cracking BCODE We can use the weakness of the BCODE algorithm to our advantage when we create ad-hoc wordlists. There are some simple operations we can perform on our wordlists; we can use vi regular expressions to accomplish these operations. For example, let’s suppose we have a wordlist with names called names.txt, the command we […]

    SAP Penetration Test

    Cracking SAP password – The Wordlist

    16-01-2015

    The Wordlist (or, what you cannot afford to miss in a good wordlist) A good wordlist can dramatically shorten the amount of time needed to crack the hashes and, as it is clear, the amount of time spent in the cracking phase during a penetration test is a rather crucial variable. By cracking a good […]

    SAP Penetration Test

    Cracking SAP password – How to retrieve hashes from a SAP ABAP System

    16-01-2015

    How to retrieve hashes from a SAP ABAP System There are quite some different methods to interact with a database using tools that a SAP ABAP System provide, but first we need to know which tables contain the password hashes, they are: USH02 all releases USH02_ARC_TMP only as of release 6.20 (and subsequent) USR02 all […]

    SAP Penetration Test

    Cracking SAP password – ABAP Algorithms BCODE PASSCODE

    16-01-2015

    ABAP algorithms – BCODE and PASSCODE You may be wondering why start with SAP ABAP Application first. There are different reasons. Very often when you work with a SAP product that is capable of running both environments (ABAP and JAVA) you have the chance to enter the UME (User Management Engine) into the ABAP component […]

    SAP Penetration Test

    Cracking SAP password – Introduction

    16-01-2015

    Introduction In this article, we will discuss about how to efficiently crack the users passwords of a SAP system. First thing first, we will take a look on where to find the hashes on the database, that is in which tables we can find the hashes, then we’ll take a look on the transactions we […]

    SAP Penetration Test

    X-Windows Penetration Test – Accesso remoto e compromissione della sicurezza

    09-04-2014

    X-Windows Penetration Test – Accesso remoto e compromissione della sicurezza Per quanto possa sembrare anacronistico, durante i security assessment effettuati da Quantum Leap non è raro imbattersi in server X-Windows, non adeguatamente protetti, sui sistemi Unix con gestori grafici X11/XFree86/X.org attivi, anche nel 2014. Certamente parliamo di sistemi interni non esposti su Internet, ma di fatto in […]

    X-WINDOWS PENETRATION TEST

    SAP Penetration Test – Abuso delle transazioni

    27-03-2014

    SAP Penetration Test – Abuso delle transazioni Dati i rischi sempre maggiori derivanti dai Cyber-attacks e dalle frodi informatiche, da diversi anni una delle attività più frequentemente richiesta dai Clienti Quantum Leap riguarda i SAP Penetration Test. L’ecosistema SAP è costituito da un insieme di software progettati per aiutare l’azienda a governare e gestire i […]

    SAP Penetration Test