Overview
The course teaches learners how to identify and exploit vulnerabilities in SAP Solution Manager (SOLMAN) and SAP SMDAgent. By the end of the course, students will be able to bypass authentication mechanisms, execute arbitrary OS commands, escalate privileges, and manipulate security reports within the SAP landscape. The course covers topics such as authentication bypass techniques, OS command whitelist bypass, privilege escalation, and tampering with security reports. The intended audience for this course includes cybersecurity professionals, SAP administrators, and individuals interested in SAP security. The teaching method includes demonstrations of attacks, explanations of vulnerabilities, and recommendations for securing SAP systems.
Syllabus
Intro
Introduction - Solman
Introduction - SMDAgent
Why ? - First contact
Why ? - SAP Secure Storage
Authentication bypass - P4 Service
Authentication bypass - Key
Authentication bypass - Timestamp token
Authentication bypass - Start time
Authentication bypass - Attack P4S
OS command injection
Tamper the SOLMAN Security Report
Recommendations
Conclusion
Taught by
Hack In The Box Security Conference