An SAP enumeration and exploitation toolkit using SAP RFC calls This is a toolkit for demonstrating the impact of compromised service accounts. This PoC is not for use in production environments, no guarantee of stability or support. RFCpwn relies on the pyrfc and the libraries provided by SAP in: https://github.com/SAP/PyRFC#installation usage: RFCpwn.py [-h] [-debug] [-ip IP] [-u Username] [-p Password] [-c Client] [-s Sysid] [-ping] [-enum] [-usercopy] [-user USER] [-copy COPY] [-pw PW] [-dump] [-exp] An [Impacket](<https://www.kitploit.com/search/label/Impacket> "Impacket" ) style enumeration and exploitation tool using SAP RFC calls optional arguments: -h, –help show this help message and exit -debug Turn DEBUG output ON Authentication: -ip IP <targetName or address> -u Username RFC Users Username -p Password RFC Users Password -c Client Client- eg.000 -s Sysid System Number- eg 00 -ping RFC Ping Command User Abuse: -enum Use to enumerate a specific user -usercopy add a Dialog User -user USER Required for -usercopy and -userenum to specify the user -copy COPY User to be copied required for -usercopy -pw PW password of new user for -usercopy Hash Collection: -dump Dump hashes use with below -exp EXPERIMENTAL – Dump BCODE / PASSCODE hashes Examples Ping – confirm connectivity ./RFCpwn.py -ip 192.168.200.253…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 2020-01-07 06:00:002020-01-07 06:00:00RFCpwn - An Enumeration And Exploitation Toolkit Using RFC Calls To SAP
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org