itsec.siers.ch
http://itsec.siers.ch/
a blog about stuff - mainly security & SAPdehttp://itsec.siers.ch/templates/default/img/s9y_banner_small.pngRSS: itsec.siers.ch - a blog about stuff - mainly security & SAP
http://itsec.siers.ch/
10021QuickTipp: € and SAP password sometimes don't mix
http://itsec.siers.ch/index.php?/archives/15-QuickTipp-and-SAP-password-sometimes-dont-mix.html
Just a quick update after a long time of silence on this blog:<br />
The usage of the Euro symbol "€" in passwords might lead to problems in SAP.<br />
<br />
A User of the type system had a complex password with the "€" symbol as one of the special characters.<br />
It was impossible to login via RFC with this user and password.<br />
For testing-purposes, a simple password was set and it did work.<br />
<br />
To find out where the problem might be, I left out two special characters and this time it worked.<br />
To get to the botttom of the problem, only left out "€" and testes again - it worked.<br />
<br />
<strong>Long story short:</strong><br />
If you habe trouble with a complex password in SAP, check if the "€" is part of the password.<br />
This might be your problem. <br />
<br />
(tested on Basis release 7.50)<br />
itsec.siers.chnospam@example.com (Kai Siers)
SAP, 2020-02-20T16:30:00Zhttp://itsec.siers.ch/wfwcomment.php?cid=150http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=15Taking Screenshots with EyeWitness
http://itsec.siers.ch/index.php?/archives/12-Taking-Screenshots-with-EyeWitness.html
This is a quasi-update to my old blogpost <a href="http://itsec.siers.ch/index.php?/archives/6-Fun-with-Fiori.html" title="Fun with Fiori">Fun with Fiori </a><br />
<br />
I recently discovered a tool call <a href="https://www.christophertruncer.com/eyewitness-2-0-release-and-user-guide/" title="EyeWitness">EyeWitness</a> by Christopher Truncer.<br />
Most of you will already know it, but for those who don't, let me give you a short introduction:<br />
<br />
EyeWitness lets you take screenshots from web pages, RDP Login Screens and VNC Servers that don't use passwords.<br />
The tool can use lists of URLs that you create yourself and that you generated with other tools like nmap or nessus.<br />
After the scan EyeWitness will generate a report that contains information about the page/service and a screenshot.<br />
All in all it's way better and faster then the method I used in my Fiori blogpost.<br />
<br />
<strong>Installation</strong><br />
<br />
To install EyeWitness on Kali, you have to clone the repo with the command <br />
<blockquote>git clone https://github.com/ChrisTruncer/EyeWitness.git</blockquote><br />
then cd into the EyeWitness directory and run the setup script<br />
<blockquote>cd EyeWitness<br />
./setup/setup.sh</blockquote><br />
<br />
Now you should be able to start EyeWitness with the command <em>./EyeWitness.py </em><br />
<br />
In my case I had to install phantomjs manually, as it was not found by EyeWitness after the setup.<br />
When I tried to take screenshots with the option --headless I got the error <em>"Error: You are missing your phantomjs binary!"</em><br />
<br />
To get EyeWitness to run properly, I downloaded phantomjs manually<br />
<blockquote>wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-i686.tar.bz2</blockquote><br />
and unpacked it<br />
<blockquote>tar -xvf phantomjs-2.1.1-linux-i686.tar.bz2</blockquote><br />
then I copied the binary to the EyeWitness binary directory<br />
<blockquote>cp phantomjs-2.1.1-linux-x86_64/bin/phantomjs /EyeWitness/bin</blockquote><br />
<br />
After that, change into the EyeWitness directory and run it.<br />
<blockquote>./EyeWitness.py -f url.txt --headless</blockquote><br />
-f specifies the file with urls that you are using<br />
--headless lets you run EyeWitness without a desktop-environment.<br />
<br />
<blockquote>################################################################################<br />
# EyeWitness #<br />
################################################################################<br />
<br />
Starting Web Requests (3 Hosts)<br />
Attempting to screenshot https://SECRETURL.ch<br />
Attempting to screenshot https://what.SECRETURL.ch<br />
Attempting to screenshot https://mega.SECRFETURL.ch<br />
Finished in 6.76950407028 seconds<br />
<br />
[*] Done! Report written in the /EyeWitness/03092017_112728 folder!<br />
Would you like to open the report now? [Y/n] n</blockquote><br />
<br />
In the directory you will find the html-Report as report.html, as well as the necessary files for the report:<br />
<blockquote>ew.db <br />
jquery-1.11.3.min.js <br />
screens style.css<br />
ghostdriver.log <br />
report.html <br />
source</blockquote><br />
<br />
Now that you have the report, you can open it in a browser.<br />
<br />
<br />
<strong>A little side note:</strong><br />
I'm running kali as a docker container, so I was looking for a way to export the report from the container to my docker-server.<br />
This can be done by exporting it with the following docker-command from the docker-server:<br />
<blockquote>docker cp CONTAINER-ID:/PATH/FILE /TARGETDIRECTORY</blockquote><br />
in my case it was<br />
<blockquote>docker cp kaliremote:/EyeWitness/03092017_112728 /transfer</blockquote><br />
itsec.siers.chnospam@example.com (Kai Siers)2017-03-09T20:30:00Zhttp://itsec.siers.ch/wfwcomment.php?cid=120http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=12SAPs afraid of no Ghost! Or is it?
http://itsec.siers.ch/index.php?/archives/10-SAPs-afraid-of-no-Ghost!-Or-is-it.html
<strong>Summary</strong><br />
<em>While using <a href="https://www.mozilla.org/en-US/firefox/new/">Firefox</a> in combination with the Add-on <a href="https://www.ghostery.com/">Ghostery</a> on Windows10 & Server 2012, it's possible to flood a SAP-System with new sessions.<br />
<br />
While opening a expense-report form, the page does not load the PDF, but reloads constantly and creates a new login with every reload.<br />
Valid credentials and authorizations to display the forms are necessary. <br />
There is no direct mitigation for this behavior.</em><br />
----------------------------------------------------------------------------<br />
<br />
Browser plugins can have some interesting or even unwanted effects on websites.<br />
They can help to <a href="http://lifehacker.com/the-best-browser-extensions-that-protect-your-privacy-479408034">protect your privacy</a>, <a href="https://www.ndr.de/nachrichten/netzwelt/Nackt-im-Netz-Millionen-Nutzer-ausgespaeht,nacktimnetz100.html">leak your data</a>, <a href="https://nakedsecurity.sophos.com/2016/04/12/massive-malvertising-attack-poisons-288-sites/">stop malware</a>, and much more.<br />
And they can, in the right combination of Browser and Plugin, DoS SAP-Systems!<br />
<br />
While doing my expenses, I wanted to print the expense-form from the WEBGUI (using a Webdynpro).<br />
After pressing the show/print button SAP creates a pop-up to load the form as a PDF.<br />
<br />
This usually worked without a problem, but apparently I did something different today.<br />
Pressing the button opens a pop-up in a new browser tab, but instead of displaying the PDF, the page stays blank and reloads constantly.<br />
<br />
As this was clearly not working and I had to finish my expenses, I closed the blank page and switched grudgingly to IE.<br />
While logging-in in with IE, the system informed me that I was already logged-in...70 times!<br />
<br />
<em>Now this was getting interesting - I finished my expenses with IE and did some snooping around!</em><br />
<br />
I was able to replicate this behavior again and again with Firefox.<br />
For every reload of the tab in Firefox, a new user-login was generated and displayed in the transaction AL08.<br />
<!-- s9ymdb:11 --><img class="serendipity_image_left" width="878" height="141" src="http://itsec.siers.ch/uploads/al08_bereinigt.jpg" alt="" /><br />
After a minute, my sessions outnumbered all other session put together!<br />
<br />
To get to the bottom of this problem, I played around with a combination of browsers and my installed Add-ons while monitoring the sessions in AL08.<br />
I was able to replicate the behavior reliably, but only with Firefox and Ghostery.<br />
Chrome and Ghostery worked fine.<br />
<br />
Tested Versions: <br />
Firefox (49.x)<br />
Ghostery (7.x)<br />
Windows: 10 and Server 2012R2<br />
SAP: ERP 6.0 EHP6, NW7.0 EHP3, Kernel 722_EXT, Basis Release 731 SP18<br />
<br />
While browsing the <a href="https://service.sap.com">Service Marketplace</a>, the <a href="http://go.sap.com/community.html">SAP Community Network</a> and other trusted sources, I could not find any further information about this issue.<br />
Either this is something not know to many people, or my google-fu was weak when I searched for a reason.<br />
<br />
Looking around in the SAP Community Network and SAP Service Marketplace I found no easy solution for this problem.<br />
I checked the parameter rdisp/max_alt_modes and it was set to "6" - so this parameter has no effect on http-logins.<br />
<br />
<!-- s9ymdb:13 --><img class="serendipity_image_left" width="644" height="107" src="http://itsec.siers.ch/uploads/multi_logon.JPG" alt="" /><br />
<br />
There seems to be no parameter that can limit the logins via http for a single user, only <a href="https://wiki.scn.sap.com/wiki/display/EP/Limiting+Number+of+Users+Logged+On">the total number of http logins</a>.<br />
<br />
I have not tested other transactions that display Pop-ups, but I suspect that they are susceptible for this behavior as well.<br />
itsec.siers.chnospam@example.com (Kai Siers)
SAP, 2016-11-13T19:45:00Zhttp://itsec.siers.ch/wfwcomment.php?cid=100http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=10Fun with Fiori
http://itsec.siers.ch/index.php?/archives/6-Fun-with-Fiori.html
<strong>Please remember, that this post is for educational purposes only. Only try this on systems that you own, or where you have permission by the owner.</strong><br />
<br />
Today I will show you how you can scan for SAP Fiori Launchpads and how we can try to access the systems.<br />
<br />
Fiori is a new user experience technology from SAP. To keep it short and to avoid buzzword-bingo: It's used to replace the SAPGUI with a Webapp.<br />
If you want to know more about Fiori, have a look at this website from SAP:<br />
<a href="http://go.sap.com/product/technology-platform/fiori.html" title="http://go.sap.com/product/technology-platform/fiori.html">http://go.sap.com/product/technology-platform/fiori.html</a><br />
<br />
As these Fiori Apps (yes, they call them Apps now) are made for Browsers and have nice graphs, diagramms, lines etc. <br />
many people will not only want to use them internally, but as well when they are on the go.<br />
<br />
And as a lot of people who are in charge don't like VPNs, these systems will be exposed to the internet.<br />
They should be behind a reverse proxy, like SAP strongly recommends it, but nonetheless reachable via the internet.<br />
<br />
This should be of interest to security-teams and pen-testers as the bad guys will surely know about it.<br />
<br />
Early on, many SAP-Partners will rely on SAP Best-Practice solutions, as they have many advantages (faster implementation etc.).<br />
Like with all SAP-Systems, we can assume that instances running Fioris will be patched rather slowly, <br />
so they will offer an attack-surface to the bad guys that they will surely check for default-credentials and vulnerabilities. <br />
<br />
<strong>Now that the stage is set, let's have some fun:</strong><br />
<br />
Let's assume we are members of an internal security-team and have the task to test our shiny new S4-System over the internet.<br />
As our DevOps guys are sneaky bastards (but only from time-to-time) we will want to check all of our public IPs for Fioris.<br />
<br />
A simple way to check for Fioris is to manually check our public IPs for the right URLs.<br />
<br />
Start your Browser, enter your public IPs and add the following strings:<br />
<blockquote><br />
/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html<br />
/sap/bc/ui5_ui5/ui2/ushell/shells/abap<br />
/sap/bc/ui5_ui5/ui2/ushell/shells<br />
/sap/bc/ui5_ui5/ui2/ushell<br />
/sap/bc/ui5_ui5/ui2<br />
/sap/bc/ui5_ui5<br />
</blockquote><br />
At least one of them should, depending on the configuration, lead to the Fiori Launchpad.<br />
<br />
Here is an example with the not-so-public-IP 192.168.168.168:<br />
<br />
<blockquote>https://192.168.168.168/sap/bc/ui5_ui5/ui2/ushell/shells/abap/</blockquote><br />
<br />
By default the login-page should be looking something like this:<br />
<!-- s9ymdb:5 --><img class="serendipity_image_left" width="220" height="174" src="http://itsec.siers.ch/uploads/FioriLogin.serendipityThumb.PNG" alt="" /><br />
<br />
So now we have confirmation that a Fiori-site is available via the internet.<br />
<br />
Besides Fiori that could be other stuff that is published from this system, i.e. a standard-Webgui.<br />
<strong>/sap/bc/gui/sap/its/webgui</strong><br />
<br />
With our example-IP it looks like this:<br />
https://192.168.168.168/sap/bc/gui/sap/its/webgui<br />
<br />
And Bingo!<br />
<!-- s9ymdb:6 --><img class="serendipity_image_left" width="566" height="325" src="http://itsec.siers.ch/uploads/WebuGui.PNG" alt="" /><br />
<br />
Now that we can access the system, do the usual tests with default-credentials etc.<br />
<br />
In case you can't find your default-credential cheat-sheet you can use this post as reference:<br />
<blockquote><br />
SAP* 06071992<br />
SAP* PASS<br />
DDIC 19920706<br />
DDIC Welcome01<br />
SAPCPIC ADMIN<br />
EARLYWATCH SUPPORT<br />
TMSADM PASSWORD<br />
TMSADM ADMIN<br />
TMSADM $1Pawd2&<br />
ADMIN welcome<br />
ADSUSER ch4ngeme<br />
ADS_AGENT ch4ngeme<br />
DEVELOPER ch4ngeme<br />
J2EE_ADMIN ch4ngeme<br />
SAPJSF ch4ngeme<br />
SAPR3 SAP<br />
CTB_ADMIN sap123<br />
XMI_DEMO sap123<br />
IDEADM admin<br />
IDESADMIN ides<br />
SMD_ADMIN init1234<br />
SMD_BI_RFC init1234<br />
SMD_RFC init1234<br />
SOLMAN_ADMIN init1234<br />
SOLMAN_BTC init1234<br />
SAPSUPPORT init1234<br />
CONTENTSERV init1234<br />
SMD_AGT init1234<br />
BPINST Welcome1</blockquote><br />
<br />
In case you wonder, this list is nearly identical with the wordlist from the metasploit-framework. <br />
I added the users BPINST and IDESADMIN, as they were missing.<br />
<br />
After all this manual labor, you might be wondering if there are no possibilities to automate some of these test.<br />
<br />
The metasploit-framework has some modules, that can help us to be more efficient.<br />
<br />
First we will add the Fiori-URLs to metasploit in a standalone wordlist.<br />
Create a file in the wordlist-directory of your metasploit-installation.<br />
vim /usr/share/metasploit-framework/data/wordlists/sap_ui5.txt<br />
<br />
Add the following lines<br />
<br />
<blockquote>/sap/bc/ui5_ui5<br />
/sap/bc/ui5_ui5/sap<br />
/sap/bc/ui5_ui5/ui2/ushell<br />
/sap/bc/ui5_ui5/ui2/ushell/shells<br />
/sap/bc/ui5_ui5/ui2/ushell/shells/abap<br />
/sap/bc/gui/sap/its/webgui<br />
</blockquote><br />
We can use this list with the sap_icm_urlscan module of metasploit.<br />
<br />
If you want to scan the usual URLs as well, simply add the lines to the file sap_icm_paths.txt<br />
<br />
Start metasploit and open the module<br />
<blockquote>msfconsole<br />
use auxiliary/scanner/sap/sap_icm_urlscan</blockquote><br />
<br />
set the IP or Hostname, the Port and the path to the file we just created.<br />
If the system is using SSL configure the setting accordingly. <br />
If its not using SSL WTF is it doing on the interwebs???<br />
<br />
<blockquote>set RHOSTS myFiori.fiorilover.com<br />
set RRPOT 443<br />
set SSL true<br />
set URLFILE /usr/share/metasploit-framework/data/wordlists/sap_ui5.txt</blockquote><br />
<br />
that should be enough for a scan.<br />
<blockquote>run</blockquote><br />
<br />
You should know how to carry on from here... <img src="http://itsec.siers.ch/templates/default/img/emoticons/smile.png" alt=":-)" class="emoticon" /><br />
<br />
Have Fun!
itsec.siers.chnospam@example.com (Kai Siers)
SAP, 2016-11-07T08:00:00Zhttp://itsec.siers.ch/wfwcomment.php?cid=60http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=6Finding exposed SAP-Webservices
http://itsec.siers.ch/index.php?/archives/7-Finding-exposed-SAP-Webservices.html
<em><strong>UPDATE:</strong> I found a much quicker way to take the screenshots:<br />
<a href="http://itsec.siers.ch/index.php?/archives/12-Taking-Screenshots-with-EyeWitness.html">Taking Screenshots from a list of URLs with EyeWitness</a></em><br />
<br />
<strong>ATTENTION: Only scan systems, if you have a mandate to do so! If you don't have permission, it might be at best impolite, at worst illegal to scan any systems!</strong><br />
<br />
Now that we have the disclaimer out of the way, let's start...<br />
<br />
If you want to find out what Webservices a SAP-System exposes either internally or over the internet, there are a couple of ways to find out. In this post, I will show you two of them.<br />
<br />
<strong>The slow way is via the SAP transaction SICF:</strong><br />
Execute SIFC, in the selection screen press F8 andf then choose your system in the menu.<br />
You can now click through all the different services.<br />
If the name is greyed out, the service is inactive.<br />
You can enter the path of the server in your browser to have a look at the service.<br />
For example, if you take the path sap/public/icf_info, you can open it by adding the hostname or ip of the system http://mysapsystem.local/sap/publicf_info<br />
<br />
If you want to look at all services this way, it would take a long time...<br />
<br />
<br />
<strong>Now for a quicker solution - metasploit to the rescue!</strong><br />
<br />
What we need:<br />
Metasploit - obviously<br />
Firefox<br />
and the Firefox Add-On Grab-Them-All<br />
<br />
Start metasploit as usual an open the module sap_icm_urlscan:<br />
<br />
<blockquote>msf> use auxiliary/scanner/sap/sap_icm_urlscan<br />
msf> set RHOSTS http://mysapsystem.local <br />
(or whatever)<br />
msf> run</blockquote><br />
<br />
Now you will get a long list with URLs that the module has tested. <br />
At the end it will show you the path to a textfile containing the URLs.<br />
<br />
There are many ways to generate Screenshots of the URLs we have found, but this is the one I prefer:<br />
Open Firefox and install the Add-on Grab-Them-All https://addons.mozilla.org/de/firefox/addon/grab-them-all/<br />
<br />
After a restart of Firefox, press ALT to open the menu and go to Extras -> Grab-Them-All<br />
Press the Button "File with URLs to grab" and select the file that metasploit dumped in the filesystem.<br />
Select as destination-folder for your screenshots and press Lets go!<br />
<br />
A preview-window will open and show you the progress.<br />
<br />
If a page requires credentials, you will get be prompted for it.<br />
<br />
After the tool is finished, you will have some nice screenshots of all pages that were found.<br />
<br />
There are other plugins, better ways and so on, but this is the way I used and it worked for me <img src="http://itsec.siers.ch/templates/default/img/emoticons/smile.png" alt=":-)" class="emoticon" />
itsec.siers.chnospam@example.com (Kai Siers)
SAP, 2016-11-04T11:30:00Zhttp://itsec.siers.ch/wfwcomment.php?cid=70http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=7Getting rid of Flash
http://itsec.siers.ch/index.php?/archives/8-Getting-rid-of-Flash.html
<strong><em>You want to completely uninstall the "abomination unto nuggan" Adobe Flash from your shiny Windows 10 system?</em><br />
</strong><br />
<br />
I have some bad news for you: It's not possible to cleanly uninstall Adobe Flash from Windows - at least if you have Windows 8, 8.1 or 10.<br />
<br />
Microsoft has bundled Flash with Internet Explorer since Windows 8 came out and in Windows 10 it's integrated in IE and Edge.<br />
<br />
<em>In both Browsers you can deactivate Flash but not uninstall it.</em><br />
<br />
There are How-to's out there that show ways to do it, but they might leave you with some minor issues like Windows Updates that won't work and so on.<br />
I tried it in my tiny lab-environment and ended up reverting to a earlier snapshot - <strong>so don't do it!</strong><br />
<br />
Here is how to get rid of flash as far as possible/advisable:<br />
Download the Flash-Uninstaller from Adobe <a href="https://helpx.adobe.com/de/flash-player/kb/uninstall-flash-player-windows.html#mainDownloadtheAdobeFlashPlayeruninstaller" title="https://helpx.adobe.com/de/flash-player/kb/uninstall-flash-player-windows.html#mainDownloadtheAdobeFlashPlayeruninstaller">https://helpx.adobe.com/de/flash-player/kb/uninstall-flash-player-windows.html#mainDownloadtheAdobeFlashPlayeruninstaller</a><br />
Close all browsers and run the uninstaller.<br />
<br />
This should remove Adobe Flash from all browsers - where it is possible.<br />
<br />
In IE go to Settings -> Manage Add-Ons -> locate Shockwave Flash Object and disable it.<br />
<br />
In Edge go to Settings -> View Advanced Settings and set the slider at the "Use Adobe Flash Player" setting to off.<br />
<br />
So now that we have uninstalled Flash where it is possible and disabled it where it's not removable.<br />
<br />
Now you can surf the internet without flash - even in IE and Edge.<br />
<br />
Just one small question: Why the F are you surfing with IE or Edge while you could use a real Browser? <img src="http://itsec.siers.ch/templates/default/img/emoticons/smile.png" alt=":-)" class="emoticon" /><br />
<br />
<strong>@Microsoft: Would you guys be so kind to fix this shit?</strong>
itsec.siers.chnospam@example.com (Kai Siers)
Windows, 2016-10-08T21:59:00Zhttp://itsec.siers.ch/wfwcomment.php?cid=80http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=8WHOIS
http://itsec.siers.ch/index.php?/archives/14-WHOIS.html
root@kali:/ whois Kai Siers<br />
root@kali:/ ++?????++ Out of Cheese Error. Redo From Start<br />
root@kali:/ whois Siers Kai<br />
root@kali:/ +++Divide By Cucumber Error. Please Reinstall Universe And Reboot +++<br />
root@kali:/<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
itsec.siers.chnospam@example.com (Kai Siers)2016-06-06T05:55:00Zhttp://itsec.siers.ch/wfwcomment.php?cid=140http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=14Bizsploit on Linux
http://itsec.siers.ch/index.php?/archives/4-Bizsploit-on-Linux.html
Installing Bizsploit on Windows is really easy, but on Linux you have to do more than just klick install <img src="http://itsec.siers.ch/templates/default/img/emoticons/smile.png" alt=":-)" class="emoticon" />.<br />
Here is my little guide how I got it working:<br />
<br />
The Linux-Version requires the SAP RFC Librarys which you can get via the SAP Service Marketplace.<br />
In the new Launchpad, simply search for SAP RFC SDK 7.11 or directly for RFC_13-20004597.SAR<br />
Choose your OS and download the file.<br />
<br />
If you don’t have an S-User you will need to find someone who does and is willing to download the file for you.<br />
Don’t use any "alternative" Source (if you find any) as you don’t want to start pentesting form a potential compromised envoirenment.<br />
<br />
To unpack the file, you will need sapcar, which you can download from Service Marketplace as well.<br />
If you need a workaround, you can try using 7zip to unpack the file, but I’m not 100% sure it’s working.<br />
<br />
So after downloading the file, copy it to your pentesting-system and <strong>extract it with sapcar:</strong><br />
<blockquote>./sapcar -xvf RFC_13-20004597.SAR</blockquote><br />
<br />
<strong>make a new directory</strong><br />
<blockquote>mkdir /usr/sap</blockquote><br />
<br />
<strong>copy the extracted files including the directory structure to the /usr/sap directory with</strong><br />
<blockquote>cp -avr rfcsdk/ /usr/sap</blockquote><br />
<br />
<strong>Now we have to export the library path, so that bizsploit can find it</strong><br />
<blockquote>export LD_LIBRARY_PATH='/usr/sap/rfcsdk/lib'</blockquote><br />
<br />
Now for some dependencies that we have to meet:<br />
<br />
<strong>Make sure you have the gcc compiler on-board</strong><br />
<blockquote>apt-get install build-essential</blockquote><br />
<br />
<strong>Install the libstdc++5 Library</strong><br />
<blockquote>apt-get install libstdc++5</blockquote><br />
<br />
<strong>Install python-dev</strong><br />
<blockquote>apt-get install python-dev</blockquote><br />
<br />
<strong>Install python-gobject </strong><br />
<blockquote>apt-get install python-gobject</blockquote><br />
<br />
<br />
Now you can download bizploit from onapsis<br />
<a href="https://www.onapsis.com/research/free-solutions" title="https://www.onapsis.com/research/free-solutions">https://www.onapsis.com/research/free-solutions</a><br />
<br />
You will have to provide an email-address, as they will send you the download-link.<br />
And yeah, they might call you - at least they did call me <img src="http://itsec.siers.ch/templates/default/img/emoticons/smile.png" alt=":-)" class="emoticon" />.<br />
<br />
After downloading the file, unpack it unipz and cd into the extracted directory.<br />
Here you have to compile bizploit against the RFC library.<br />
<br />
<strong>If you copied the rfcsdk-folder to /usr/sap you can simply run</strong><br />
<blockquote>python setup.py build</blockquote><br />
<br />
If your directory-structure is different, please refer to the INSTALL-file in the bizploit folder.<br />
<br />
<strong>Now we can install bizploit with </strong><br />
<blockquote>python setup.py install</blockquote><br />
<br />
<strong>After the installation has finished, you will have to change some file permissions, at least I had t</strong>o:<br />
<blockquote>chmod 770 bizsploit</blockquote><br />
<br />
<strong>You should now be able to start bizploit by calling</strong><br />
<blockquote>./bizploit</blockquote><br />
<br />
If any of the steps fail, verify that you installed all prerequisites for bizploit!
itsec.siers.chnospam@example.com (Kai Siers)2016-05-24T16:30:00Zhttp://itsec.siers.ch/wfwcomment.php?cid=40http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=4Docker - Basics just for me
http://itsec.siers.ch/index.php?/archives/2-Docker-Basics-just-for-me.html
As a base for my pentesting activities I created a preconfigured docker-droplet with <a href="http://digitalocean.com" title="digitalocean.com">digitalocean</a>.<br />
<br />
I installed the Kali-Linux docker image:<br />
<a href="https://www.kali.org/news/official-kali-linux-docker-images/" title="https://www.kali.org/news/official-kali-linux-docker-images/">https://www.kali.org/news/official-kali-linux-docker-images/</a><br />
<br />
then installed metasploit:<br />
<a href="http://johan.cc/2015/04/07/kali-linux-and-metasploit-docker/" title="http://johan.cc/2015/04/07/kali-linux-and-metasploit-docker/">http://johan.cc/2015/04/07/kali-linux-and-metasploit-docker/</a><br />
<br />
-----------------<br />
<br />
<strong>And now let's get to the nitty gritty:</strong><br />
<br />
List the docker-containers: <blockquote>docker ps -a</blockquote><br />
start a docker container: <blockquote>docker start CONTAINER</blockquote><br />
to use the docker container: <blockquote>docker attach CONTAINER</blockquote><br />
to exit the docker container: <blockquote>exit</blockquote><br />
to stop the docker container: <blockquote>docker stop CONTAINER</blockquote><br />
<br />
<strong>In the Kali-Container:</strong><br />
start Postgres: <blockquote>service postgresql start</blockquote><br />
start metasploit: <blockquote>msfconsole</blockquote><br />
at the end, stop postgres:<blockquote>service stop postgresql</blockquote><br />
and exit the container: <blockquote>exit</blockquote><br />
<br />
<strong>Tips and Tricks:</strong><br />
rename a container: <blockquote>docker rename CONTAINER-ID NewName</blockquote><br />
<br />
I will keep this post up-to-date as I find out new stuff!
itsec.siers.chnospam@example.com (Kai Siers)2016-05-20T12:58:28Zhttp://itsec.siers.ch/wfwcomment.php?cid=20http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=2You have to start somewhere...
http://itsec.siers.ch/index.php?/archives/1-You-have-to-start-somewhere....html
I suspect nobody will ever read this Blog, so I will keep the introduction short.<br />
My aim with this blog is to create a kind of knowledge-base for myself that is not existing in a walled garden.<br />
Maybe somebody might even find this stuff helpful...
itsec.siers.chnospam@example.com (Kai Siers)2016-05-20T12:55:46Zhttp://itsec.siers.ch/wfwcomment.php?cid=10http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=1Impressum
http://itsec.siers.ch/index.php?/archives/5-Impressum.html
<div class="impressum"><br />
<p>Dies ist eine private Homepage von: <br />
Kai Siers, Loomattstrasse 42D, 8143 Stallikon, Schweiz</p><br />
<p> </p><br />
<h2>Haftungsausschluss</h2><br />
<p>Der Autor übernimmt keinerlei Gewähr hinsichtlich der inhaltlichen Richtigkeit, Genauigkeit, Aktualität, Zuverlässigkeit und Vollständigkeit der Informationen.</p><br />
<p>Haftungsansprüche gegen den Autor wegen Schäden materieller oder immaterieller Art, welche aus dem Zugriff oder der Nutzung bzw. Nichtnutzung der veröffentlichten Informationen, durch Missbrauch der Verbindung oder durch technische Störungen entstanden sind, werden ausgeschlossen.</p><br />
<p>Alle Angebote sind unverbindlich. Der Autor behält es sich ausdrücklich vor, Teile der Seiten oder das gesamte Angebot ohne gesonderte Ankündigung zu verändern, zu ergänzen, zu löschen oder die Veröffentlichung zeitweise oder endgültig einzustellen.</p><br />
<p> </p><br />
<h2>Haftung für Links</h2><br />
<p>Verweise und Links auf Webseiten Dritter liegen ausserhalb unseres Verantwortungsbereichs Es wird jegliche Verantwortung für solche Webseiten abgelehnt. Der Zugriff und die Nutzung solcher Webseiten erfolgen auf eigene Gefahr des Nutzers oder der Nutzerin. </p><br />
<p> </p><br />
<h2>Urheberrechte</h2><br />
<p>Die Urheber- und alle anderen Rechte an Inhalten, Bildern, Fotos oder anderen Dateien auf der Website gehören ausschliesslich <strong></strong> oder den speziell genannten Rechtsinhabern. Für die Reproduktion jeglicher Elemente ist die schriftliche Zustimmung der Urheberrechtsträger im Voraus einzuholen.</p><br />
<p> </p><br />
<br />
itsec.siers.chnospam@example.com (Kai Siers)
Administratives, 2016-05-18T20:26:00Zhttp://itsec.siers.ch/wfwcomment.php?cid=50http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=5Datenschutzerklärung
http://itsec.siers.ch/index.php?/archives/13-Datenschutzerklaerung.html
<h1>Datenschutzerklärung</h1><br />
<p>Verantwortliche Stelle im Sinne der Datenschutzgesetze ist:</p><br />
<p>Kai Siers, Loomattstrasse 42D, 8143 Stallikon, Schweiz</p><br />
<h2>Löschung bzw. Sperrung der Daten</h2><br />
<p>Wir halten uns an die Grundsätze der Datenvermeidung und Datensparsamkeit. Wir speichern Ihre personenbezogenen Daten daher nur so lange, wie dies zur Erreichung der hier genannten Zwecke erforderlich ist oder wie es die vom Gesetzgeber vorgesehenen vielfältigen Speicherfristen vorsehen. Nach Fortfall des jeweiligen Zweckes bzw. Ablauf dieser Fristen werden die entsprechenden Daten routinemäßig und entsprechend den gesetzlichen Vorschriften gesperrt oder gelöscht.</p><br />
<h2><strong>Ihre Rechte auf Auskunft, Berichtigung, Sperre, Löschung und Widerspruch</strong></h2><br />
<p>Sie haben das Recht, jederzeit Auskunft über Ihre bei uns gespeicherten personenbezogenen Daten zu erhalten. Ebenso haben Sie das Recht auf Berichtigung, Sperrung oder, abgesehen von der vorgeschriebenen Datenspeicherung zur Geschäftsabwicklung, Löschung Ihrer personenbezogenen Daten. Bitte wenden Sie sich dazu an unseren Datenschutzbeauftragten. Die Kontaktdaten finden Sie ganz unten.</p><br />
<p>Damit eine Sperre von Daten jederzeit berücksichtigt werden kann, müssen diese Daten zu Kontrollzwecken in einer Sperrdatei vorgehalten werden. Sie können auch die Löschung der Daten verlangen, soweit keine gesetzliche Archivierungsverpflichtung besteht. Soweit eine solche Verpflichtung besteht, sperren wir Ihre Daten auf Wunsch.</p><br />
<p>Sie können Änderungen oder den Widerruf einer Einwilligung durch entsprechende Mitteilung an uns mit Wirkung für die Zukunft vornehmen.</p><br />
<h2><strong>Änderung unserer Datenschutzbestimmungen</strong></h2><br />
<p>Wir behalten uns vor, diese Datenschutzerklärung gelegentlich anzupassen, damit sie stets den aktuellen rechtlichen Anforderungen entspricht oder um Änderungen unserer Leistungen in der Datenschutzerklärung umzusetzen, z. B. bei der Einführung neuer Services. Für Ihren erneuten Besuch gilt dann die neue Datenschutzerklärung.</p><br />
<h2><strong>Fragen an den Datenschutzbeauftragten</strong></h2><br />
<p>Wenn Sie Fragen zum Datenschutz haben, schreiben Sie uns bitte eine E-Mail oder wenden Sie sich direkt an unseren Datenschutzbeauftragten:</p><br />
<p>info@itsec.siers.ch</p><br />
<p><em>Die Datenschutzerklärung wurde mit dem </em><a href="https://www.activemind.de/datenschutz/datenschutzhinweis-generator/"><em>Datenschutzerklärungs-Generator der activeMind AG erstellt</em></a><em>.</em></p><br />
itsec.siers.chnospam@example.com (Kai Siers)
Administratives, 2016-05-14T12:48:00Zhttp://itsec.siers.ch/wfwcomment.php?cid=130http://itsec.siers.ch/rss.php?version=1.0&type=comments&cid=13