In the last posts we have already presented a variety of approaches for SAP security assessment. Today we will address a more complex path an attacker might follow. In order to understand what is going on we must first dive deeper in some SAP concepts and components.
In previous posts we performed security assessments on the Management Console.
For the upcoming assessments we will need a tool to connect with the underlying databases. SQL*Plus is an Oracle utility with a basic command-line interface which allows us to connect with Oracle databases and execute queries in a simple fashion.
The SAP Management Console (SAP MC) is the centralized system management component. It allows you to monitor and control each SAP instance, display log and trace files, profiles and other parameters. You can also monitor system alerts and deep information about memory usage and processes in the system (e.g. Java VM® garbage collection and heap memory).
In the previous post we discovered the SAP Services listening on each one of the open ports. Now we can execute Bizploit plug-ins to assess the security of these SAP services.
Let’s have a look at the Discovery and Vulnassess plug-ins available in Bizploit.