Add SAPMS+SAPRFC contribution from @gelim @_chipik

OWASP / pysap

pysap is an open source Python library that provides modules for crafting and sending packets using SAP's NI, Diag, Enqueue, Router, MS, SNC, IGS, RFC and HDB protocols.

https://owasp.org/www-project-core-business-application-security/

GNU General Public License v2.0

220 stars 61 forks source link

Add SAPMS+SAPRFC contribution from @gelim @_chipik #31

Closed gelim closed 5 years ago

gelim commented 5 years ago

Hey, this is the contribution used for our research on Gateway+Message Server "be trusted" attack presented at OPCDE2019 Dubai.

slides and videos

Main takeaways are:

added the DPInfo[1-3] packets in SAPMS.py for handling specific MS ADM packets relaying Dispatcher/WP info : [1-3] because of tight SAP kernel version dependency.
enhanced SAPRFC.py with mainly SAPCPIC* and SAPRFXPG* new packets

Those enhancements are used by PoC code like this and this

martingalloar commented 5 years ago

This is really good work, thank you very much for contributing it back to upstream @gelim and @chipik! I'll add some documentation and references to your work and the exploits repositories after the merge.