From: Nicolas Gregoire (ngregoire@exaprobe.com)
Date: Thu Nov 04 2004 - 02:17:39 EST
> Hydra (parallized login hacker) from THC uses some SAP R/3 stuff.
> Anyone ever use test it?
I think that the code used in Hydra is derivated from mine, so I can
speak about it : Yes, it works fine !
In order to use Hydra against SAP servers, you will first need
'saprfc.h' and 'librfc.a' from the SAP SDK (freely available at [1]) to
compile hydra with SAP R/3 support (check the 'configure' file).
Once you've a working SAP-enabled hydra, you can use it to search for
valid login/passwd combos *without* account locking [2]. But a decent
way to do it is to begin with administrative/default accounts as listed
in [3].
However, there's a small bug in hydra : a check for the client ID (aka
"mandant" in SAP language) being between 0 and 99 is done, should be
0-999. Probably a confusion with the sysnr (TCP port = 3200+sysnr).
[1] : http://www50.sap.com/linux/eval/index.asp
[2] : http://securitytracker.com/alerts/2003/Mar/1006223.html
[3] : http://www.hoelzner.de/security/sap_default_passwords.php
Regards,
-- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:08 EDT