Bizsploit on Linux
Here is my little guide how I got it working:
The Linux-Version requires the SAP RFC Librarys which you can get via the SAP Service Marketplace.
In the new Launchpad, simply search for SAP RFC SDK 7.11 or directly for RFC_13-20004597.SAR
Choose your OS and download the file.
If you don’t have an S-User you will need to find someone who does and is willing to download the file for you.
Don’t use any "alternative" Source (if you find any) as you don’t want to start pentesting form a potential compromised envoirenment.
To unpack the file, you will need sapcar, which you can download from Service Marketplace as well.
If you need a workaround, you can try using 7zip to unpack the file, but I’m not 100% sure it’s working.
So after downloading the file, copy it to your pentesting-system and extract it with sapcar:
./sapcar -xvf RFC_13-20004597.SAR
make a new directory
mkdir /usr/sap
copy the extracted files including the directory structure to the /usr/sap directory with
cp -avr rfcsdk/ /usr/sap
Now we have to export the library path, so that bizsploit can find it
export LD_LIBRARY_PATH='/usr/sap/rfcsdk/lib'
Now for some dependencies that we have to meet:
Make sure you have the gcc compiler on-board
apt-get install build-essential
Install the libstdc++5 Library
apt-get install libstdc++5
Install python-dev
apt-get install python-dev
Install python-gobject
apt-get install python-gobject
Now you can download bizploit from onapsis
https://www.onapsis.com/research/free-solutions
You will have to provide an email-address, as they will send you the download-link.
And yeah, they might call you - at least they did call me .
After downloading the file, unpack it unipz and cd into the extracted directory.
Here you have to compile bizploit against the RFC library.
If you copied the rfcsdk-folder to /usr/sap you can simply run
python setup.py build
If your directory-structure is different, please refer to the INSTALL-file in the bizploit folder.
Now we can install bizploit with
python setup.py install
After the installation has finished, you will have to change some file permissions, at least I had to:
chmod 770 bizsploit
You should now be able to start bizploit by calling
./bizploit
If any of the steps fail, verify that you installed all prerequisites for bizploit!