The deletion can be tested on a development and QA system before it is done on productive system. If really in doubt copy the productive system to a different system and perform the deletion there first as a test.
What has happened here? Why is this found now, and not before with the se3 rule, which should substitute the e with 3? Pretty simple: replace e with 3 in word Welcome1! will give W3lcom31!. So it replaces all and not first one. This is there background of having many rules.
With the Hashcat download you get a special directory called rules. Here there are some big rulesets available.
The nicest one is the RockYou list of rules. This is constructed based on the RockYou password list hacked in 2009 where 32 million passwords leaked. Based on English dictionary somebody has constructed the rules to come to most of these passwords.
Effectiveness of the attack
The effectiveness of the rule based attack is quite high. If you have found 1 password, you just run the complete ruleset of one of the huge lists to find multiple variations. People are not so inventive and creative. You will be surprised on the amount of password variations you find on the following words:
Hackers don’t start with the full dictionary. They start with the top 1000 words and apply many rules to them. From the passwords found they will start to derive patterns of the users. Any new password is processed through many new rules to generate candidates with higher potential.
The name and or abbreviation of a company is word number 1 to add to the favorite word list.
Further optimization of the attack speed
For optimizing the attack speed, read the fifth blog on SAP password hash hacking here.
Prevention measure 1: frequent change and large change per time
Many companies have implemented a more faster cycle of password changes. In the past once per year was common. Nowadays 60 to 90 days is more common practice. Set this in profile parameter: login/password_expiration_time.
More important is to make a larger change per time the password changes. This is to avoid the rule-attacks explained above to become very effective. How many people just simply change and increase single digit in password? Or increase the special with the next one on the keyboard. Set the profile parameter login/min_password_diff to sufficiently high value of 3 or more.
Prevention measure 2: length
Explain to your users that length is more important than complexity by using this famous explanation:
Prevention measure 3: stronger hashes
Stronger hashes simply take more time to crack. To set stronger hashes, read this dedicated blog.
Next blog on password hacking
The fifth blog on password hacking is about optimizing the attack speed. Read on in the blog.
For some batch jobs you want to have the execution done and don’t want to fill up your system with large spool files of this execution. This blog will explain to setup printer NULL to have a batch job suppress the output generation.
Questions that that will be answered in this blog are:
How do I setup printer NULL?
How to test the setup of printer NULL?
Where to find more background information on printer NULL?
Setup of printer NULL
Start transaction SPAD to define a new printer. Now create printer call NULL (with long and short name both NULL):
Select a simple windows driver. Fill the other mandatory fields. Add the message description clearly that the output will be lost.
Save the printer definition.
Testing the NULL printer
From the blog explaining the technical clean up we will take program RSWWHIDE. This program generates huge amount of output (per deleted item 3 to 10 lines). We will run the program twice in test mode: once with printer NULL and once with printer LP01 (default printer). Selection of printer NULL is same as with any printer:
Result in SM37:
The first run with printer NULL has suppressed the generation of the spool file.
This blog will explain how to scan ABAP coding in search of a specific keyword or string. Many times older or badly written programs contain hard code logic like system ID’s, plant codes, movement types, order types etc. When a larger business change happens you need to find these codes in your ABAP code and act on them. This blog will explain how to do this search.
Questions that will be answered are:
How does the scan program work?
How to search for certain strings?
How to search for words in the comments?
ABAP search tool
You can start the ABAP search tool with transaction code CODE_SCANNER:
REPORT zscantest2.DATA zt001w TYPE t001w.SELECT SINGLE werks FROM t001w INTO zt001w.IF zt001w-werks EQ 'DE01'.WRITE: 'German plant'.ELSEIF zt001w-werks EQ 'US01'.* USA plantWRITE: 'US plant'.ELSE.WRITE: 'diffferent plant'.ENDIF.
If we now start a search with the word ‘S4H’ we get this result:
A hard coded SID.
If we search with ‘US01’ we get this result:
A hard coded plant.
If we search with ‘USA’ we get this result:
The word we were looking for is in the comment lines.
Search alternative program RS_ABAP_SOURCE_SCAN
In SAP note 2764076 – CODE_SCANNER not working properly, SAP explains that CODE_SCANNER might not always work for every release. They offer alternative program RS_ABAP_SOURCE_SCAN (there is no transaction code for this program, so start via SE38):