SAP

9 notes

Notes

Defense MitigationMy notes on how to secure SAP deployments. Use this for hardening and incident response. ## Immediate Security Measures ### 1. Critical Vulnerability Mitigat
How To GuidesMy practical guides for actually testing SAP systems. These are the step-by-step instructions I use when I'm in the field. ## 1. How to Identify SAP Instance
Known Vulnerabilities CVEsMy notes on SAP CVEs. Some are old but still relevant, especially in on-prem deployments that never get patched. ## Critical CVEs (recent ones) ### CVE-2025-
SAP RECON — CVE-2020-6287CVE-2020-6287 (SAP RECON): unauthenticated RCE on SAP NetWeaver Java via the LM Configuration Wizard. CVSS 10.0. Covers detection, exploitation chain, Metasploit modules, and mitigations.
READMEMy personal research notes on SAP security. Started this after running into SAP systems during pentests and realizing how complex and vulnerable they can be.
SAP Password CrackingExtract and crack SAP password hashes from USR02: CODVN B/D/F/H hash types, RFC/HANA extraction methods, hashcat modes, and post-crack escalation steps.
SAP Security TestingSAP pentest methodology: enumeration, credential attacks, RFC exploitation, privilege escalation via S_DEVELOP and transaction codes, Fiori bypass, HANA access, and key CVEs including RECON and ICMAD.
SAP Platform OverviewSAP NetWeaver architecture, default ports, attack surface map, and enumeration commands for pentesting SAP environments — covers ABAP, Java stacks, ICM, RFC, Fiori, HANA.
Security Testing ChecklistMy personal pentesting checklist for SAP. Use this when you run into one of these things. ## Pre-Assessment Phase ### 1. Information Gathering - [ ] **Target