hacktricks/network-services-pentesting/3299-pentesting-saprouter.md

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>
```text
PORT     STATE SERVICE    VERSION
3299/tcp open  saprouter?
```
Hii ni muhtasari wa chapisho kutoka [https://blog.rapid7.com/2014/01/09/piercing-saprouter-with-metasploit/](https://blog.rapid7.com/2014/01/09/piercing-saprouter-with-metasploit/)

## Kuelewa Uvamizi wa SAProuter na Metasploit

SAProuter hufanya kazi kama kisanduku cha mbele (reverse proxy) kwa mifumo ya SAP, hasa kudhibiti ufikiaji kati ya mtandao na mitandao ya ndani ya SAP. Kawaida, SAProuter inafunguliwa kwa mtandao kwa kuruhusu bandari ya TCP 3299 kupitia kwenye firewall ya shirika. Hali hii inafanya SAProuter kuwa lengo la kuvutia kwa upimaji wa uvamizi kwa sababu inaweza kutumika kama lango kuelekea mitandao ya ndani yenye thamani kubwa.

**Uchunguzi na Kukusanya Taarifa**

Kwanza, uchunguzi hufanywa ili kutambua kama kuna SAProuter inayofanya kazi kwenye anwani ya IP iliyotolewa kwa kutumia moduli ya **sap_service_discovery**. Hatua hii ni muhimu kwa ajili ya kubainisha uwepo wa SAProuter na bandari yake iliyofunguliwa.
```text
msf> use auxiliary/scanner/sap/sap_service_discovery
msf auxiliary(sap_service_discovery) > set RHOSTS 1.2.3.101
msf auxiliary(sap_service_discovery) > run
```
Baada ya ugunduzi huo, uchunguzi zaidi kuhusu usanidi wa SAP router unafanywa kwa kutumia moduli ya **sap_router_info_request** ili kufichua taarifa za ndani za mtandao.
```text
msf auxiliary(sap_router_info_request) > use auxiliary/scanner/sap/sap_router_info_request
msf auxiliary(sap_router_info_request) > set RHOSTS 1.2.3.101
msf auxiliary(sap_router_info_request) > run
```
**Kuorodhesha Huduma za Ndani**

Kwa ufahamu wa mtandao wa ndani uliopatikana, moduli ya **sap_router_portscanner** hutumiwa kuchunguza watumishi na huduma za ndani kupitia SAProuter, kuruhusu ufahamu zaidi wa mitandao ya ndani na mipangilio ya huduma.
```text
msf auxiliary(sap_router_portscanner) > set INSTANCES 00-50
msf auxiliary(sap_router_portscanner) > set PORTS 32NN
```
Moduli huu wa ufanisi katika kulenga kesi maalum za SAP na bandari unafanya kuwa zana yenye nguvu kwa ajili ya uchunguzi wa kina wa mtandao wa ndani.

**Uchunguzi wa Juu na Kupanga ACL**

Uchunguzi zaidi unaweza kufunua jinsi Orodha za Kudhibiti Upatikanaji (ACLs) zilivyojengwa kwenye SAProuter, ikifafanua ni uhusiano gani unaoruhusiwa au kuzuiliwa. Taarifa hii ni muhimu katika kuelewa sera za usalama na udhaifu unaowezekana.
```text
msf auxiliary(sap_router_portscanner) > set MODE TCP
msf auxiliary(sap_router_portscanner) > set PORTS 80,32NN
```
**Uchunguzi wa Kipofu wa Wenyewe kwa Wenyewe wa Wenyewe**

Katika hali ambapo habari moja kwa moja kutoka kwa SAProuter ni mdogo, mbinu kama uchunguzi wa kipofu unaweza kutumika. Mbinu hii inajaribu kudhani na kuthibitisha uwepo wa majina ya ndani ya mwenyeji, kuonyesha malengo yanayowezekana bila anwani za IP moja kwa moja.

**Kutumia Habari kwa Ajili ya Upimaji wa Kuingilia**

Baada ya kuchora ramani ya mtandao na kutambua huduma zinazopatikana, wapimaji wa kuingilia wanaweza kutumia uwezo wa wakala wa Metasploit kuhamia kupitia SAProuter kwa ajili ya uchunguzi na utumiaji zaidi wa huduma za ndani za SAP.
```text
msf auxiliary(sap_hostctrl_getcomputersystem) > set Proxies sapni:1.2.3.101:3299
msf auxiliary(sap_hostctrl_getcomputersystem) > set RHOSTS 192.168.1.18
msf auxiliary(sap_hostctrl_getcomputersystem) > run
```
**Hitimisho**

Njia hii inasisitiza umuhimu wa mipangilio salama ya SAProuter na inaonyesha uwezekano wa kupata mitandao ya ndani kupitia upimaji wa kuingilia kwa lengo. Kusalimisha vizuri rutuba za SAP na kuelewa jukumu lao katika usalama wa mtandao ni muhimu kwa kulinda dhidi ya ufikiaji usioidhinishwa.

Kwa habari zaidi kuhusu moduli za Metasploit na matumizi yao, tembelea [database ya Rapid7](http://www.rapid7.com/db).


## **Marejeo**

* [https://www.rapid7.com/blog/post/2014/01/09/piercing-saprouter-with-metasploit/](https://www.rapid7.com/blog/post/2014/01/09/piercing-saprouter-with-metasploit/)

## Shodan

* `port:3299 !HTTP Network packet too big`


<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako inatangazwa katika HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi wa PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PR kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00			`<details>`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`* Ikiwa unataka kuona kampuni yako ikionekana kwenye HackTricks au kupakua HackTricks kwa muundo wa PDF Angalia [MPANGO WA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
			`* Pata [swag rasmi ya PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Gundua [The PEASS Family](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au [kikundi cha telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos za github.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
GitBook: [master] one page modified 2020-09-24 19:49:25 +00:00			```text
			`PORT STATE SERVICE VERSION`
			`3299/tcp open saprouter?`
			```
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Hii ni muhtasari wa chapisho kutoka [https://blog.rapid7.com/2014/01/09/piercing-saprouter-with-metasploit/](https://blog.rapid7.com/2014/01/09/piercing-saprouter-with-metasploit/)`
GitBook: [master] one page modified 2020-09-24 19:49:25 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Kuelewa Uvamizi wa SAProuter na Metasploit`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`SAProuter hufanya kazi kama kisanduku cha mbele (reverse proxy) kwa mifumo ya SAP, hasa kudhibiti ufikiaji kati ya mtandao na mitandao ya ndani ya SAP. Kawaida, SAProuter inafunguliwa kwa mtandao kwa kuruhusu bandari ya TCP 3299 kupitia kwenye firewall ya shirika. Hali hii inafanya SAProuter kuwa lengo la kuvutia kwa upimaji wa uvamizi kwa sababu inaweza kutumika kama lango kuelekea mitandao ya ndani yenye thamani kubwa.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Uchunguzi na Kukusanya Taarifa`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Kwanza, uchunguzi hufanywa ili kutambua kama kuna SAProuter inayofanya kazi kwenye anwani ya IP iliyotolewa kwa kutumia moduli ya sap_service_discovery. Hatua hii ni muhimu kwa ajili ya kubainisha uwepo wa SAProuter na bandari yake iliyofunguliwa.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```text
			`msf> use auxiliary/scanner/sap/sap_service_discovery`
			`msf auxiliary(sap_service_discovery) > set RHOSTS 1.2.3.101`
			`msf auxiliary(sap_service_discovery) > run`
			```
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Baada ya ugunduzi huo, uchunguzi zaidi kuhusu usanidi wa SAP router unafanywa kwa kutumia moduli ya sap_router_info_request ili kufichua taarifa za ndani za mtandao.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```text
Translated to Swahili 2024-02-11 02:13:58 +00:00			`msf auxiliary(sap_router_info_request) > use auxiliary/scanner/sap/sap_router_info_request`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`msf auxiliary(sap_router_info_request) > set RHOSTS 1.2.3.101`
			`msf auxiliary(sap_router_info_request) > run`
			```
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Kuorodhesha Huduma za Ndani`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Kwa ufahamu wa mtandao wa ndani uliopatikana, moduli ya sap_router_portscanner hutumiwa kuchunguza watumishi na huduma za ndani kupitia SAProuter, kuruhusu ufahamu zaidi wa mitandao ya ndani na mipangilio ya huduma.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```text
			`msf auxiliary(sap_router_portscanner) > set INSTANCES 00-50`
			`msf auxiliary(sap_router_portscanner) > set PORTS 32NN`
			```
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Moduli huu wa ufanisi katika kulenga kesi maalum za SAP na bandari unafanya kuwa zana yenye nguvu kwa ajili ya uchunguzi wa kina wa mtandao wa ndani.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Uchunguzi wa Juu na Kupanga ACL`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Uchunguzi zaidi unaweza kufunua jinsi Orodha za Kudhibiti Upatikanaji (ACLs) zilivyojengwa kwenye SAProuter, ikifafanua ni uhusiano gani unaoruhusiwa au kuzuiliwa. Taarifa hii ni muhimu katika kuelewa sera za usalama na udhaifu unaowezekana.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```text
Translated to Swahili 2024-02-11 02:13:58 +00:00			`msf auxiliary(sap_router_portscanner) > set MODE TCP`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`msf auxiliary(sap_router_portscanner) > set PORTS 80,32NN`
			```
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Uchunguzi wa Kipofu wa Wenyewe kwa Wenyewe wa Wenyewe`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Katika hali ambapo habari moja kwa moja kutoka kwa SAProuter ni mdogo, mbinu kama uchunguzi wa kipofu unaweza kutumika. Mbinu hii inajaribu kudhani na kuthibitisha uwepo wa majina ya ndani ya mwenyeji, kuonyesha malengo yanayowezekana bila anwani za IP moja kwa moja.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Kutumia Habari kwa Ajili ya Upimaji wa Kuingilia`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Baada ya kuchora ramani ya mtandao na kutambua huduma zinazopatikana, wapimaji wa kuingilia wanaweza kutumia uwezo wa wakala wa Metasploit kuhamia kupitia SAProuter kwa ajili ya uchunguzi na utumiaji zaidi wa huduma za ndani za SAP.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```text
			`msf auxiliary(sap_hostctrl_getcomputersystem) > set Proxies sapni:1.2.3.101:3299`
			`msf auxiliary(sap_hostctrl_getcomputersystem) > set RHOSTS 192.168.1.18`
			`msf auxiliary(sap_hostctrl_getcomputersystem) > run`
			```
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Hitimisho`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia hii inasisitiza umuhimu wa mipangilio salama ya SAProuter na inaonyesha uwezekano wa kupata mitandao ya ndani kupitia upimaji wa kuingilia kwa lengo. Kusalimisha vizuri rutuba za SAP na kuelewa jukumu lao katika usalama wa mtandao ni muhimu kwa kulinda dhidi ya ufikiaji usioidhinishwa.`
a 2024-02-08 21:36:35 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Kwa habari zaidi kuhusu moduli za Metasploit na matumizi yao, tembelea [database ya Rapid7](http://www.rapid7.com/db).`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00

Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Marejeo`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
a 2024-02-08 21:36:35 +00:00			`* [https://www.rapid7.com/blog/post/2014/01/09/piercing-saprouter-with-metasploit/](https://www.rapid7.com/blog/post/2014/01/09/piercing-saprouter-with-metasploit/)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
a 2024-02-08 21:36:35 +00:00			`## Shodan`
GitBook: [master] 378 pages modified 2020-10-05 21:51:08 +00:00
			* `port:3299 !HTTP Network packet too big`

Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00

			`<details>`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`* Ikiwa unataka kuona kampuni yako inatangazwa katika HackTricks au kupakua HackTricks kwa PDF Angalia [MPANGO WA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
			`* Pata [swag rasmi wa PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Gundua [The PEASS Family](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au [kikundi cha telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Shiriki mbinu zako za kudukua kwa kuwasilisha PR kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`