SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database...
Transcript of SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database...
![Page 1: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/1.jpg)
Yvan ‘iggy’ GENUER
SAP : ALL YOUR $$ ARE BELONG TO US
SAP Security overview
Securimag - 22/01/2015
![Page 2: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/2.jpg)
AGENDA
2
● /whois me ?
● /wtf is SAP (‘functionally’)
● /wtf is SAP (‘technically’)
● /SAP and Security
● /attack SAP
● /demo
● /links - sources
![Page 3: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/3.jpg)
/WHOIS ME ?
3
● Not a security expert
● But expert SAP with some security skills
● 12 years experiences in SAP
● Last 2 years in SAP Security (audit, pentest, recommendation, etc)
● Many customers, projects, blablabla
![Page 4: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/4.jpg)
WTF IS SAP ?
4
![Page 5: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/5.jpg)
/WTF IS SAP ?
5
● Leader, expensive, complex
● More than 200,000 companies
run SAP in 120 countries
● SAP Customers :
- Transport -> 1 billion flight
passengers per year
- Produce -> 65% of all TV’s
- Produce -> 77.000 cars per day
- And…
● ERP
● 72% of the world-wide beers
are produced by companies
running SAP !
Source : Virtual Forge GmbH
![Page 6: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/6.jpg)
/WTF IS SAP ?
6
![Page 7: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/7.jpg)
WTF IS SAP (TECHNICALLY)
7
![Page 8: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/8.jpg)
/WTF IS SAP (TECHNICALY ?)
8
● Example for standard SAP ABAP Netweaver 7.40 ERP 6.0
● Vocabulary...
- ABAP : Advanced Business Application Programming
- FM : Function Module (in ABAP)
- Report : Program ABAP
- SID : System IDentifiant
- Client (‘mandant’) : Organizational unit in SAP. Use to separate business
objects
- Transaction : ‘alias’ to launch reports directly
- Tables : ~80.000 (~100.000 indexes)
- Programs : ~35.000
- Params : ~1.500
- Db size (just after installation) : ~80 GB
![Page 9: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/9.jpg)
/WTF IS SAP (TECHNICALY ?)
9
● Supported Database
● Supported OS ● Supported OS
![Page 10: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/10.jpg)
/WTF IS SAP (TECHNICALY ?)
10
● SAP Classical Architecture
![Page 11: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/11.jpg)
SAP AND SECURITY
11
![Page 12: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/12.jpg)
/SAP AND SECURITY
12
● SAP Security Notes
3000+ since 2009
![Page 13: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/13.jpg)
/SAP AND SECURITY
13
● Complexity
- Security don’t like complexity... SAP could be very complex, with many
interfaces on different platforms. Vulnerabilities at all level, from network to
application.
● Risky
- SAP store critical information, and run critical business flow. Patch or
changing something could be very risky. ‘You take the risk ?’
● Customization
- Companies can customize their SAP systems. More SAP is customized
more secure it is a nightmare.
![Page 14: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/14.jpg)
/SAP AND SECURITY
14
● Root = is not the goal
- Flag is : Access sensitive business data or critical flow
● Training
- Dangerous for business
- Create a test lab is a lot of investisment
- SAP is not taught in school
- Framework (msf, bizploit)
- SAP offer Security training course... For ‘only’ $5.000 (5 days).
![Page 15: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/15.jpg)
ATTACK SAP
15
![Page 16: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/16.jpg)
/ATTACK SAP
16
● Target ?
![Page 17: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/17.jpg)
/ATTACK SAP
17
● Myth : “SAP isn’t connected to internet”
● Google, shodan... sapscan.com !
![Page 18: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/18.jpg)
/ATTACK SAP
18
● Issues ranking - from EAS-SEC Procject (Open security project)
Critical issue Access Severity Simplicity
1. Patch management flaws Anonymous High Easy
2. Default passwords Anonymous High Easy
3. Unnecessary functionnality Anonymous High Easy
4. Open remote management interface Anoymouse High Medium
5. Insecure settings Anonymous Medium Medium
6. Unencrypted connections Anonymous Medium Medium
7. Access control and SOD conflicts User High Medium
8. Insecure trusted connections User High Easy
9. Security events logging Administrator High Medium
![Page 19: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/19.jpg)
/ATTACK SAP
19
● Issues ranking - from EAS-SEC Procject (Open security project)
Critical issue Access Severity Simplicity
1. Patch management flaws Anonymous High Easy
2. Default passwords Anonymous High Easy
3. Unnecessary functionnality Anonymous High Easy
4. Open remote management interface Anoymouse High Medium
5. Insecure settings Anonymous Medium Medium
6. Unencrypted connections Anonymous Medium Medium
7. Access control and SOD conflicts User High Medium
8. Insecure trusted connections User High Easy
9. Security events logging Administrator High Medium
![Page 20: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/20.jpg)
/ATTACK SAP - PATCH MANAGEMENT FLAWS
20
● SAP Security Notes (patch)
● SAP components updates
● SAP kernel update
● Change process flow could be very long in big companies
- Zero day is useless
- Using last 6 months public bugs is enough
![Page 21: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/21.jpg)
/ATTACK SAP - PATCH MANAGEMENT FLAWS
21
![Page 22: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/22.jpg)
/ATTACK SAP - PATCH MANAGEMENT FLAWS
22
![Page 23: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/23.jpg)
/ATTACK SAP - PATCH MANAGEMENT FLAWS
23
![Page 24: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/24.jpg)
/ATTACK SAP – DEFAULT PASSWORD
24
● One of the biggest mistake in SAP System...
How ?
HOW it’s possible !!??
![Page 25: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/25.jpg)
/ATTACK SAP – DEFAULT PASSWORD
25
● Not one, or two but at least 5 defaults users was created in all SAP
System after a fresh installation.
USER Password Client
SAP* 06071992, PASS 000, 001, 066, <all new clients>
DDIC 19920706, SAP4ALL, change 000, 001, <all new clients>
EARLYWATCH SUPPORT 066
SAPCPIC admin 000, 001
TMSADM Null, PASSWORD, $1Pawd2& 000, 001, 066, <all new clients>
![Page 26: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/26.jpg)
/ATTACK SAP – DEFAULT PASSWORD
26
● Above example, SAP System with 3 customs clients
- 27 defaults users (!)
- Most of these defaults credentials had high privileges
- Some of them could be reinitialize from different SAP System
- Only one is enough to compromise the SAP System
000 001 066 100 200 600
SAP* no no no no no no
DDIC no no no no no no
EARLYWATCH no no no no
SAPCPIC no no no no no
TMSADM no no YES no no no
![Page 27: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/27.jpg)
/ATTACK SAP – SAP GATEWAY
27
● The SAP Gateway is a technical component of SAP System. It
manages RFC communications between SAP and the rest of world
(other SAP system or external program).
![Page 28: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/28.jpg)
/ATTACK SAP – SAP GATEWAY
28
SAP Netweaver ABAP Database
SAP
Gateway
SAP Gui
SAP Server
External appli
Work
Processes
Operating System
(1) RFC call ABAP Function modules
(1) (1)
![Page 29: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/29.jpg)
/ATTACK SAP – SAP GATEWAY
29
SAP Netweaver ABAP Database
SAP
Gateway
SAP Gui
SAP Server
External appli
Work
Processes
Operating System
(1) RFC call ABAP Function modules
(2) RFC call to start OS commands (list file, transport, interface, etc)
(2)
(2)
![Page 30: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/30.jpg)
/ATTACK SAP – SAP GATEWAY
30
SAP Netweaver ABAP Database
SAP
Gateway
SAP Gui
SAP Server
External appli
Work
Processes
Operating System
/bin/sh
Insert into usr02…
(1) RFC call ABAP Function modules
(3) Wait ? OS command ? -> I can do anything…
(2) RFC call to start OS commands (list file, transport, interface, etc)
(3)
(3)
(3)
(3)
![Page 31: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/31.jpg)
/ATTACK SAP – SAP GATEWAY
31
● The SAP Gateway security is controlled by 2 files :
- reginfo file (gw/reg_info parameter) = who can coming ?
- sec_info file (gw/sec_info parameter) = who can execute OS command ?
![Page 32: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/32.jpg)
/ATTACK SAP - UNENCRYPTED CONNECTIONS
32
● Could be encrypted with SAP SNC layer (Secure Network
Connection)… but disable by default.
● Wireshark plugins : SAP dissection !
Proprietary protocols
SNC (Secure Network Communication)
NI (Network Interface) Protocol
RFC DIAG Router Msg Enq
Standard protocols
SSL
HTTP
SOAP
![Page 33: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/33.jpg)
/ATTACK SAP - UNENCRYPTED CONNECTIONS
33
XOR encryption
with static key
![Page 34: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/34.jpg)
/ATTACK SAP - INSECURE TRUSTED CONNECTIONS
34
● RFC connections that store user credential
● Trusted system with low security level
DEV INT PRD
trusted trusted
Trusted ? Trusted ?
Trusted ???
![Page 35: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/35.jpg)
DEMOS
35
![Page 36: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/36.jpg)
/DEMOS
36
attacker
SAP Production
Appear protected
No easy vuln, creds, etc
Don’t ’trust’ everyone
![Page 37: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/37.jpg)
/DEMOS
37
attacker
SAP Production SAP Development
(1) Default password
(2) Not up to date
(3) Full control
(1)
(2)
(3)
![Page 38: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/38.jpg)
/DEMOS
38
attacker
SAP Production SAP Development
(1) ‘configure’ development (1) Default password
(2) Not up to date
(3) Full control
(1)
![Page 39: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/39.jpg)
/DEMOS
39
attacker
SAP Production SAP Development
(1) ‘configure’ development
(2) Production ‘trust’ development
(1) Default password
(2) Not up to date
(3) Full control
(1) (2)
![Page 40: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/40.jpg)
/DEMOS
40
attacker
SAP Production SAP Development
(1) ‘configure’ development
(2) Production ‘trust’ development
(1) Default password
(2) Not up to date
(3) Full control
(1) (2)
![Page 41: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/41.jpg)
/DEMOS
41
attacker
SAP Production SAP Development
(1) ‘configure’ development
(2) Production ‘trust’ development
(2) (3) Bad SAP Gateway ACL
(1) Default password
(2) Not up to date
(3) Full control
(1) (2)
(3)
![Page 42: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/42.jpg)
/DEMOS
42
attacker
SAP Production SAP Development
(1) ‘configure’ development
(2) Production ‘trust’ development
(2) (3) Bad SAP Gateway ACL
(4) Full control
(1) Default password
(2) Not up to date
(3) Full control
(1) (2)
(3)
(4)
![Page 43: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/43.jpg)
SOURCES LINKS
43
![Page 44: SAP : ALL YOUR $$ ARE BELONG TO US · /ATTACK SAP – SAP GATEWAY 29 SAP Netweaver ABAP Database SAP Gateway SAP Gui SAP Server External appli Work Processes Operating System (1)](https://reader036.fdocuments.net/reader036/viewer/2022062403/5fdd124103824c5e4832dd17/html5/thumbnails/44.jpg)
QUESTIONS ?
44
THANKS YOU