Praetorian503 Posted February 13, 2013 Report Posted February 13, 2013 Description: Nowadays, SAP Netweaver has become the most extensive platform for building enterprise applications and run critical business processess. In recent years it has become a hot topic in information security, at the time that headlines about hacks against SAP systems increases everyday. Although, while fixes and countermeasures are released monthly by SAP at an incredibly rate, the available security knowledge is limited and some components are still not well covered.SAP Diag is the application-level protocol used for communications between SAP GUI and SAP Netweaver Application Servers and it's a core part of any ABAP-based SAP Netwever installation. Therefore, if an attacker is able to compromise this component, this would result in a total takeover of a SAP system. In recent years, the Diag protocol has received some attention from the security community and several tools were released focused on decompression and sniffing. Nevertheless, protocol specification is not public and internal components and inner-workings remains unkown; the protocol was not understood and there is no publicly available tool for active exploitation of real attack vectors.This talk is about taking SAP penetration testing out of the shadows and sheedding some light into SAP Diag, by introducing a novel way to uncover vulnerabilities in SAP sofware through a set of tools that allows analysis and manipulation of the SAP Diag protocol. In addition, we will show how these tools and the acquired knowledge while researching the protocol can be used for vulnerability research, fuzzing and practical exploitation of novel attack vectors involving both SAP's client and server applications: man-in-the-middle attacks, RFC calls injection, rogue SAP servers deployment, SAP GUI client-side attacks and more. As a final note, this presentation will also show how to harden your SAP installations and mitigate these threats.Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.Original Source: Source: Brucon 2012 - Uncovering Sap Vulnerabilities: Dissecting And Breaking The Diag Protocol Quote
