Skip to main content
SAP Pentest Playbook
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  2. /
  3. SAP ABAP Platform
  4. /
  5. Known Attack Vectors
  6. /
  7. Transport Creation
Edit page

Transport Creation

Description

Create a transport request containing malicious code

Steps

  1. Access Development Environment Description: Login to SAP development system with developer privileges Input: Developer user credentials Output: Active SAP session in development client References: Object: SE80, Object: SE11

  2. Create Transport Request Description: Create a new transport request to contain the modifications Input: System access, change request description Output: Transport request number (e.g., NSPK900123) References: Object: SE01, Object: SE10

  3. Develop Malicious Code Description: Create ABAP programs, function modules, or customizing entries Input: Transport request, malicious payload specifications Output: Development objects assigned to transport References: Object: SE38, Object: SE37, Object: SM30

  4. Release Transport Description: Release the transport request to make it exportable Input: Completed development objects in transport Output: Released transport with .R3trans and .K files References: Object: SE01 release function

Outcome

A transport request containing malicious code that can be imported into target systems, bypassing normal code review processes.