Home page logo

basics logo Security Basics mailing list archives

SAP information sniffing - need help
From: rivestp () metro ca
Date: 29 Apr 2008 18:09:08 -0000


        This question is from a previous post i got that sent me to this interesting web page: 
http://www.cybsec.com/upload/bh-eu-07-nunez-di-croce-WP_paper.pdf. Basicly if you look at page 6 of the document, it 
shows a sniffing result and tells us about the username/password of SAP.

I have tried to reproduce this with Wireshark, filtering the traffic from my SAP server (using the ip as filter). I 
cant find the username, client_id or anything related to authentification. I would then think we are using SNC, but in 
fact we are not (i check the proprieties of the client).

Anyone who can give me links or a way to identify the username/client_id or password (that i will XOR) would greatly 
help me get SNC activated here (and also get rid of telnet & ftp :))


Philippe Rivest, Certified Ethical Hacker

  By Date           By Thread  

Current thread:
  • SAP information sniffing - need help rivestp (Apr 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]