VULHUB ™

This Metasploit module attempts to brute force SAP username and passwords through the SAP Web GUI service. Default clients can be tested without needing to set a CLIENT. Common and default user/password combinations can be tested just setting the DEFAULT_CRED variable to true. The MSF_DATA_DIRECTORY/wordlists/sap_default.txt path store stores these default combinations.

This Metasploit module attempts to brute force SAP username and passwords through the SAP Web GUI service. Default clients can be tested without needing to set a CLIENT. Common and default user/password combinations can be tested just setting the DEFAULT_CRED variable to true. The MSF_DATA_DIRECTORY/wordlists/sap_default.txt path store stores these default combinations.