image
An SAP enumeration and exploitation toolkit using SAP RFC calls This is a toolkit for demonstrating the impact of compromised service accounts. This PoC is not for use in production environments, no guarantee of stability or support. RFCpwn relies on the pyrfc and the libraries provided by SAP in: https://github.com/SAP/PyRFC#installation usage: RFCpwn.py [-h] [-debug] [-ip IP] [-u Username] [-p Password] [-c Client] [-s Sysid] [-ping] [-enum] [-usercopy] [-user USER] [-copy COPY] [-pw PW] [-dump] [-exp] An [Impacket](<https://www.kitploit.com/search/label/Impacket> "Impacket" ) style enumeration and exploitation tool using SAP RFC calls optional arguments: -h, –help show this help message and exit -debug Turn DEBUG output ON Authentication: -ip IP <targetName or address> -u Username RFC Users Username -p Password RFC Users Password -c Client Client- eg.000 -s Sysid System Number- eg 00 -ping RFC Ping Command User Abuse: -enum Use to enumerate a specific user -usercopy add a Dialog User -user USER Required for -usercopy and -userenum to specify the user -copy COPY User to be copied required for -usercopy -pw PW password of new user for -usercopy Hash Collection: -dump Dump hashes use with below -exp EXPERIMENTAL – Dump BCODE / PASSCODE hashes Examples Ping – confirm connectivity ./RFCpwn.py -ip 192.168.200.253…