Crack SAP Password Hash with Hashcat [english]

In today's video I will show you how to check if weak passwords are used in your SAP system. We need the software Hashcat and some password hashes from the SAP system. Then we will try to crack them. A note in advance: Please only do what you are allowed to do on your system or clarify this with the BASIS or Security Team!

▶ Hashcat: https://hashcat.net/hashcat/
▶ Rockyou.txt: https://github.com/josuamarcelc/commo...

▶ Tables that store hashes: USR02, USH02, USH02_ARC_TMP und USRPWDHISTORY.

▶ Make Hash Attacks more difficult:
1: Prevent unauthorized access to the OS and database.
2: Limit the access to tables USR02, USH02, USH02_ARC_TMP and USRPWDHISTORY.
3: Configure strong password policies by setting the profile parameters: search for password
4: Read the SAP note 1237762 – ABAP Systems: Protection against password hash attacks

#crack #sap #passwords #hash

▬▬ Literature 📚 ▬▬▬▬▬▬▬▬▬▬▬▬▬
▶ ABAP: An Introduction 2020 https://amzn.to/45CLTqk
▶ Complete ABAP 2023 https://amzn.to/45D5UNM
▶ ABAP to the Future 2022 https://amzn.to/42cgWGs
▶ Clean ABAP 2022 https://amzn.to/3KAqmow

▬▬ My Hardware 💻 ▬▬▬▬▬▬▬▬▬▬▬▬▬
▶ Microphone: https://amzn.to/3zj2UIz
▶ Headphone: https://amzn.to/3GUBRFg


▬▬ My Software (free) 💾 ▬▬▬▬▬▬▬▬▬▬▬
▶ Video Recorder: https://bit.ly/678fgh6
▶ Video Editor: https://bit.ly/38Rj9lb
▶ Thumbnail: https://bit.ly/CustAndCodeThumbnail
▶ Gamma AI: http://bit.ly/3nsdvgr


▬▬ Further Links 🔗 ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
⭐Become my subscriber: https://bit.ly/CustAndCodeSub
🎬All videos in English: https://bit.ly/CustAndCodeENG
☕Buy me a Coffee 😀: https://bit.ly/3dih2cl

*The links are affiliate links. There are no additional costs.