RFCpwn - Guide

Installation

Pretty straight forward installation

$ git clone https://github.com/icryo/RFCpwn

RFCpwn currently relies on the pyrfc library provided by SAP https://github.com/SAP/PyRFC

usage: RFCpwn.py [-h] [-debug] [-ip IP] [-u Username] [-p Password]
                   [-c Client] [-s Sysid] [-ping] [-enum] [-usercopy]
                   [-user USER] [-copy COPY] [-pw PW] [-dump] [-exp]

An Impacket style enumeration and exploitation tool using SAP RFC calls

optional arguments:
  -h, --help   show this help message and exit
  -debug       Turn DEBUG output ON

Authentication:
  -ip IP       <targetName or address>
  -u Username  RFC Users Username
  -p Password  RFC Users Password
  -c Client    Client- eg.000
  -s Sysid     System Number- eg 00
  -ping        RFC Ping Command

User Abuse:
  -enum        Use to enumerate a specific user
  -usercopy    add a Dialog User
  -user USER   Required for -usercopy and -userenum to specify the user
  -copy COPY   User to be copied required for -usercopy
  -pw PW       password of new user for -usercopy

Hash Collection:
  -dump        Dump hashes use with below
  -exp         EXPERIMENTAL - Dump BCODE / PASSCODE hashes

PreviousMobile Testing NextCommands

Last updated 5 years ago

Was this helpful?