Loading...

#eko11

Recovering SAP RFC Credentials from Network Traffic - Emiliano Fausto

114 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Feb 10, 2016

Recovering SAP RFC Credentials from Network Traffic
Emiliano Fausto - ekoparty security conference #eko11 (2015)

SAP RFC is the most widely used communication protocol in the SAP world. It acts as an interface to communicate SAP Systems, and between compatible third-party systems over TCP/IP or CPI-C connections. SAP RFC is a proprietary SAP AG protocol, which provides a way for external programs to send and receive data from an SAP system, even executing functions on the remote server. The almost only authentication mechanism used to authenticate through SAP RFC basically relies on sending the user credentials to the server. These credentials are "scrambled" prior to be sent, for privacy concerns. We find this authentication mechanism implemented in almost every assessment we perform.

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...