SAP Metasploit Modules
We have recently developed several Metasploit auxiliary and exploitation modules to assist consultants in assessing SAP systems, and Dave has also delivered a presentation “SAP Slapping (a pentesters guide)” at CRESTCon and BSides London where some of these modules were demonstrated. We plan to submit these modules to the Metasploit Framework; however until this process is complete the modules will be available here. We have not yet finished all of the modules that we plan to write, so stay tuned for future updates.
Read the blog post for more information.
A pre-packaged trial version of SAP NetWeaver Gateway is available from SAP. The modules were tested against a default trial SAP NetWeaver Gateway environment.
The majority of the modules rely on the SAP NW RFC SDK and require the Ruby wrapper nwrfc by Martin Ceronio.
Unfortunately the NW RFC SDK is available only to those who have access to the SAP Service Marketplace (SMP). In order to get access to the SAP Marketplace you need an S-ID, password and customer number. Alternatively the required library files (such as libsapnwrfc) can be extracted from a SAP system (such as the freely available test drive systems). These third party requirements are one of the reasons that the submission to the Metasploit Framework is proving problematic.