Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: [lists] How to's in Hacking AS400
From: "Curt Purdy" <purdy () tecman com>
Date: Fri, 14 Apr 2006 04:53:22 -0400

Also browse for Windoze shares.  Did a HIPAA audit on an MHMR and could not
touch the AS/400 from the OS/400 side, but it had a Windoze blade that had
access to the hard drive.  Walked into an empty office, plugged in the
laptop, and boom, there it was.

Could not believe I could read/write to it without any authentication.
Downloaded a record without any extension and thought I would have to have a
proprietary client to view it.  But no, opened the file in a hex editor and
there in the header was TIFF...

Tagged .tif extension, opened it in Photoshop and boom, there was EPHI for
the whole world to see, plus I could modify and write it back.  Can you say
non-compliant?  In 15 minutes I made the $40K I charged for the audit.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA 
Information Security Officer 
If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
-- former White House cybersecurity czar Richard Clarke 

 

-----Original Message-----
From: QSECOFR () AS400 com [mailto:QSECOFR () AS400 com] 
Sent: Saturday, April 08, 2006 10:36 PM
To: pen-test () securityfocus com
Subject: [lists] How to's in Hacking AS400

I've hacked several AS400s over the years.

Here's some starter's:

1. Check for shares made *PUBLIC
2. Try all the default system IDs with default passwords 
(e.g. QSECOFR:QSECOFR) 3. Sniff the client. There are 
versions that send unencypted traffic. Telnet sadly works too.
4. Hunt through surrounding systems like backup servers, 
desktops. These often have batch jobs in text files that 
automatically login to AS400.
5. Use Jack Henry's default login. (My Favorite, the easiest 
and laziest way to go)

There are more advanced techiques with the libraries, but 
this will take more time than I have at the moment. Excuse 
me, but I need to go pan-handle.



--------------------------------------------------------------
----------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win 
the Analyst's Choice Award from eWeek. As attacks through web 
applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most 
comprehensive solutions to meet your application security 
penetration testing and vulnerability management needs. You 
have an option to go with a managed service (Cenzic 
ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help 
you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to 
confirm your results from other product. Contact us at 
request () cenzic com for details.
--------------------------------------------------------------
----------------






------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]