Skip to main content
SAP Pentest Playbook
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  2. /
  3. Other SAP Solutions
  4. /
  5. SAP ASE Database (Sybase ASE)
  6. /
  7. Service discovery & enumeration
Edit page

Service discovery & enumeration

Description

By default SAP ASE exposes three ports for its services. The Dataserver port is used for client connections to the database, the Backup Server port is used for backup and restore operations, and the Job Scheduler port is used for scheduling jobs. The ports are configurable and can be changed by the administrator. The default ports are 4901, 4902, and 4903 respectively. Only the Dataserver and Backup Server ports accept connections from external clients. The Job Scheduler port is used for internal communication between the Job Scheduler and the Dataserver. The Job Scheduler port does not accept communication from external clients.

Common used Network Ports:

  • Portrange: 4901 - 4999
  • Default Ports:
    • 4901 (Dataserver)
    • 4902 (Backup Server)
    • 4903 (Job Scheduler)

Options

  • Hunter.how:
    • protocol=="ase-adaptive" or protocol=="ase-backup"
  • Nmap:
    • nmap -sV -R -p4901-4999 -Pn <Target Address(es)/Domain Name>
    • nmap -sSVC -n -Pn -p4901-4999 --datadir . <Target Address(es)/Domain Name> (NMAP ERPscan probes)
  • nuclei templates