Monday, May 28, 2012

Google Hacking with SAP

SAP Applications are designed for businesses to run their intranet applications. As businesses have become more global these portals are made available for public access despite  being presented at Black Hat 2011.

By running some google fu I am able to summize the sites that have little or no security.

allinurl: /irj/portal
allinurl: /scripts/wgate
Default passwords: SAP*, DDIC, EARLYWATCH,
SAPCPIC and TMSADM



Every page I checked had the complete headers intact with no attempt a shadowing the system in which it resides. I know this is not as big of a threat as SCADA systems but alot of fortune 500 companies implement these systems and can be responsible for the entirety of AR or AP.

 15 minutes via google yielded

<!--
 This page was created by the
 SAP Internet Transaction Server (ITS, Version 6200.1033.9132.7, Build 1052689 WIN64, Virtual Server PEB300, Add. service info none, WGate-AGate Host rsfrlb&#045;itsp5, WGate-Instance PEB300)
 All rights reserved.
 Creation time:  Mon May 28 09:41:10 2012
 Charset:        utf-8
 Template:       bbpstart/99/login
-->

  <!-- No session management -->

https://myunit.sodexonet.com/scripts/wgate/bbpstart/!?~client=300

http://www.durhamcountync.gov/access/
919.560.7015 This is the telephone to the Help-Desk Imagine what a little social engineering could do. As SAP systems can use unique passwords or be tied to Kerberos authentication a simple call for a password reset will grant access.

 This page was created by the
 SAP Internet Transaction Server (ITS, Version 4640.4464.62.1662, Build 46DC4.621662, Virtual Server ITSPRD, WGate-AGate Host decsapits, WGate-Instance ITSPRD)
 All rights reserved.                                         
 Creation time:  Mon May 28 09:37:49 2012
 Charset:        iso-8859-1
 Template:       global/99/invalidservice  --

http://www.dectelonline.be/scripts/

<!--
 This page was created by the
 SAP Internet Transaction Server (ITS, Version 4640.4377.49.5775, Build 46DC4.495775, Virtual Server A3P, WGate-AGate Host NEOH00APP01, WGate-Instance A3P)
 All rights reserved.                                         
 Creation time:  Mon May 28 02:46:06 2012
 Charset:        iso-8859-1
 Template:       zz01/04/login  -->
<html>

http://mysolutions.csmfg.com/scripts/wgate/?~service=zz01

<!--
 This page was created by the
 SAP Internet Transaction Server (ITS, Version 6200.1028.7502.5, Build 949746, Virtual Server PRD, WGate-AGate Host ITSPRD, WGate-Instance PRD)
 All rights reserved.                                         
 Creation time:  Mon May 28 13:14:58 2012
 Charset:        iso-8859-1
 Template:       zits_flow1/99/login.html  -->

http://www.lntdmn.com:200/scripts/wgate/zits_flow1/!


<!--
 This page was created by the
 SAP Internet Transaction Server (ITS, Version 6200.1037.10312.10, Build 1179319 WIN64, Virtual Server IT1, Add. service info none, WGate-AGate Host QASR3, WGate-Instance IT1)
 All rights reserved.
 Creation time:  Mon May 28 15:48:10 2012
 Charset:        utf-8
 Template:       webgui/99/login

http://webgui.medicom.com.hk/scripts/wgate/webgui/!

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)