Skip to content

Bizsploit on Linux

Installing Bizsploit on Windows is really easy, but on Linux you have to do more than just klick install :-).
Here is my little guide how I got it working:

The Linux-Version requires the SAP RFC Librarys which you can get via the SAP Service Marketplace.
In the new Launchpad, simply search for SAP RFC SDK 7.11 or directly for RFC_13-20004597.SAR
Choose your OS and download the file.

If you don’t have an S-User you will need to find someone who does and is willing to download the file for you.
Don’t use any "alternative" Source (if you find any) as you don’t want to start pentesting form a potential compromised envoirenment.

To unpack the file, you will need sapcar, which you can download from Service Marketplace as well.
If you need a workaround, you can try using 7zip to unpack the file, but I’m not 100% sure it’s working.

So after downloading the file, copy it to your pentesting-system and extract it with sapcar:
./sapcar -xvf RFC_13-20004597.SAR


make a new directory
mkdir /usr/sap


copy the extracted files including the directory structure to the /usr/sap directory with
cp -avr rfcsdk/ /usr/sap


Now we have to export the library path, so that bizsploit can find it
export LD_LIBRARY_PATH='/usr/sap/rfcsdk/lib'


Now for some dependencies that we have to meet:

Make sure you have the gcc compiler on-board
apt-get install build-essential


Install the libstdc++5 Library
apt-get install libstdc++5


Install python-dev
apt-get install python-dev


Install python-gobject
apt-get install python-gobject



Now you can download bizploit from onapsis
https://www.onapsis.com/research/free-solutions

You will have to provide an email-address, as they will send you the download-link.
And yeah, they might call you - at least they did call me :-).

After downloading the file, unpack it unipz and cd into the extracted directory.
Here you have to compile bizploit against the RFC library.

If you copied the rfcsdk-folder to /usr/sap you can simply run
python setup.py build


If your directory-structure is different, please refer to the INSTALL-file in the bizploit folder.

Now we can install bizploit with
python setup.py install


After the installation has finished, you will have to change some file permissions, at least I had to:
chmod 770 bizsploit


You should now be able to start bizploit by calling
./bizploit


If any of the steps fail, verify that you installed all prerequisites for bizploit!