Your SlideShare is downloading. ×
0
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Evgeny Neyolov - Dev system hacking — arch bugs in SAP SDM

267

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
267
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • It is very important that almost everything in SAP what works with Java depends on User Management Engine.if user who was authenticated by UME was granted with set of privileges in Enterprise Portal, he will have an opportunity to use the same login and password for any other service, for instance, NetWeaver Administrator, and of course SDM.
  • So, since that SAP supports Java too and has their own Java application server that includes SAP’s own Java Virtual Machine.Java 6 contains the Attach API feature that allows seamless, inter-process modification of a running JVM. The Attach API is an extension that provides a way for a Java process to “attach” to another JVM at runtime and install various “hooks” throughout class methods on that system.
  • As I have said before, there is User Management Engine, and it supposed to be that all Java services use the same base of users.SAP uses local secure storage, but this storage is just file. The picture on the top of this slide shows content of “secure storage”. And it is secure only when you don’t know the key. But key is in the same folder.Some time ago we have presented a tool, which automatically decrypts all this stuff.
  • Service Knowledge Management provides a central point of entry to unstructured information from various data sources in the portal. This unstructured information can exist in different formats such as text documents, presentations, or HTML files. For example, it can be an HTML file with JavaScript that steals cookies of all users.Another funny trick is searching for passwords in this database or other key words.
  • Transcript

    • 1. Invest in security to secure investments Arch bugs in SAP Software Deployment Manager Evgeny Neyolov feat. Dmitry Chastuhin ERP Security Analyst
    • 2. SAP NetWeaver Development Infrastructure • • • • • Design Time Repository (DTR) Component Build Service (CBS) Change Management Service (CMS) Software Landscape Directory (SLD) / NS Software Deployment Manager (SDM) erpscan.com ERPScan — invest in security to secure investments 2
    • 3. SAP NetWeaver Development Infrastructure erpscan.com ERPScan — invest in security to secure investments 3
    • 4. SAP NetWeaver Development Infrastructure erpscan.com ERPScan — invest in security to secure investments 4
    • 5. SAP NetWeaver Development Infrastructure erpscan.com ERPScan — invest in security to secure investments 5
    • 6. SAP NetWeaver Development Infrastructure erpscan.com ERPScan — invest in security to secure investments 6
    • 7. SAP NetWeaver Development Infrastructure erpscan.com ERPScan — invest in security to secure investments 7
    • 8. SAP NetWeaver Development Infrastructure erpscan.com ERPScan — invest in security to secure investments 8
    • 9. Software Deployment Manager • • • • • Single interface for the deployment Deploy apps (*.ear, *.war, *.sda) Implement custom patches only one user at time only hardcoded admin user erpscan.com ERPScan — invest in security to secure investments 9
    • 10. SDM + UME = Love • User Management Engine • affects almost all SAP-Java-stuff erpscan.com ERPScan — invest in security to secure investments 10
    • 11. SDM Attack Intro • • • • • thick client Java application (sad story) SAP has own SAP Java Virtual Machine (JVM) Java 6 has Attach API attaching to another JVM at runtime intercept and modify calls erpscan.com ERPScan — invest in security to secure investments 11
    • 12. SDM Post Exploitation erpscan.com ERPScan — invest in security to secure investments 12
    • 13. Post Exploitation erpscan.com ERPScan — invest in security to secure investments 13

    ×