Penetration Testing mailing list archives

RE: SAP Pen-Test

From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 2 Nov 2004 11:05:33 -0600

Hydra (parallized login hacker) from THC uses some SAP R/3 stuff.  Anyone ever use test it?
Currently this tool supports:
          TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MYSQL, REXEC,
          CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3,
          Cisco auth, Cisco enable, Cisco AAA (incorporated in telnet module).
http://www.thc.org/releases.php

-----Original Message-----
From: Sven Tambler [mailto:tambler.20.tam () spamgourmet com] 
Sent: Friday, October 29, 2004 3:42 AM
To: pen-test () securityfocus com
Subject: SAP Pen-Test

Hello everyone,

I want to test a SAP Enterprise Portal. Do you know a tool 
for pen-testing a SAP portal? Of course, there are a lot of 
tools and techniques for apache or IIS and you can use them 
in a similar way. 
Otherwise there are a lot of SAP originalities and 
specialities you have to keep in mind. I don´t search for a 
tool like "nessus for SAP" - such a thing doesn´t exist - but 
some advices or plug-ins could be very useful. Could you by 
any chance be able to help?

Thanks - Sven

Current thread:

SAP Pen-Test Sven Tambler (Nov 01)
- RE: SAP Pen-Test Rob Shein (Nov 03)
  - RE: SAP Pen-Test Marc Heuse (Nov 05)
- Re: SAP Pen-Test Nicolas Gregoire (Nov 03)
  - Re: SAP Pen-Test Martin Eiszner (Nov 05)
- <Possible follow-ups>
- RE: SAP Pen-Test Todd Towles (Nov 03)
  - RE: SAP Pen-Test Nicolas Gregoire (Nov 05)